Lucene search
K

52 matches found

OSV
OSV
added 2019/11/19 10:15 p.m.23 views

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS6.4AI score0.02258EPSS
Exploits0References3
Prion
Prion
added 2019/11/19 10:15 p.m.22 views

Information disclosure

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

4CVSS6.4AI score0.02258EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2018/12/12 5:24 a.m.36 views

RATELIMITED: Apache Version Disclosure Through Directory Indexing

attention that this is the https part of this domain the url https://pengu.will-never-love.me/ is showing a directory indexing which reveals the version of the Apache and OS of the ser PoC Included Impact The attacker can use the gathered information for further exploitation of the server...

2.2AI score
Exploits0
exploitpack
exploitpack
added 2017/05/31 12:0 a.m.43 views

OV3 Online Administration 3.0 - Directory Traversal

OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/08/19 9:10 p.m.16 views

Ian Dunn: Potentially vulnerable version of Apache software in and default files on https://iandunn.name/

Hi, The underlying web server for https://iandunn.name/ is not configured to hide the version of Apache in place. As a result, when attempts are made for the following files, a verbose response is received revealing the underlying Apache version. It should be noted that the underlying software...

2.9AI score
Exploits0
0day.today
0day.today
added 2013/08/07 12:0 a.m.59 views

Apache suEXEC Privilege Elevation / Information Disclosure

Apache suEXEC suffers from privilege escalation and information disclosure vulnerabilities. Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the...

7AI score
Exploits0
myhack58
myhack58
added 2012/11/09 12:0 a.m.20 views

phpweb finished website full version through the kill injection vulnerability and fix-vulnerability warning-the black bar safety net

Keywords: inurl:webmall/detail. php? id Data table: pwnbaseadmin About to get shell 首先 登录 后台 admin.php See the upload. php source code analysis for an afternoon, and then about understand that although the upload where only allowed to upload gif,jpg,png,bmp four types of files, but not the file...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/05/05 12:54 p.m.5 views

httpd: mod_proxy_ajp remote temporary DoS

The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...

5CVSS7.3AI score0.20787EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/06/30 3:29 p.m.6 views

mod_autoindex XSS

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

6.1CVSS7.3AI score0.26188EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2007/09/14 12:0 a.m.100 views

Apache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in modproxy. - A cross-site scripting vulnerability in modstatus. - A local denial of service...

6.1CVSS6.7AI score0.27783EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2004/09/23 12:0 a.m.39 views

Apache <= 2.0.51 Satisfy Directive Access Control Bypass

The remote host is running Apache web server 2.0.51. It is reported that this version of Apache is vulnerable to an access control bypass attack. This issue occurs when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted resources if access control relies on this...

7.5CVSS5.5AI score0.06813EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2004/09/17 4:0 a.m.27 views

CVE-2004-0809

The moddav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service child process crash via a certain sequence of LOCK requests for a location that allows WebDAV authoring access...

5CVSS6.1AI score0.15463EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2004/09/17 12:0 a.m.37 views

Apache <= 1.3.33 htpasswd Local Overflow

The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is...

6.1AI score
Exploits0References2
0day.today
0day.today
added 2004/09/16 12:0 a.m.26 views

htpasswd Apache 1.3.31 Local Exploit

Exploit for linux platform in category local exploits ==================================== htpasswd Apache 1.3.31 Local Exploit ==================================== !/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo -...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/13 12:0 a.m.11 views

Apache < 2.0.51 mod_ssl Rewrite Rules DoS

Binary data 2276.prm...

5CVSS7.3AI score0.69653EPSS
Exploits1References3
CVE
CVE
added 2004/09/01 4:0 a.m.49 views

CVE-2001-0042

The CVE-2001-0042 entry affects PHP 3.x running on Apache 1.3.6 . It describes a remote file-read vulnerability via a modified “..” path traversal that can include encoded backslash sequences ("%5c") to disclose arbitrary files. The description indicates the root cause is a dot-dot traversal vuln...

5CVSS7.2AI score0.08603EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.37 views

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

6.4AI score0.1346EPSS
Exploits0References17
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.28 views

CVE-2001-0042

PHP 3.x PHP3 on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. dot dot attack containing "%5c" encoded backslash sequences...

6.8AI score0.08603EPSS
Exploits1References3
OSV
OSV
added 2004/03/29 5:0 a.m.1 views

DEBIAN-CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

5CVSS6.8AI score0.09898EPSS
Exploits0References1
OSV
OSV
added 2003/11/03 5:0 a.m.5 views

CVE-2003-0789

modcgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client...

6.5AI score
Exploits0References31
Rows per page
Query Builder