MiracleLinux 4 : subversion-1.6.11-2.AXS4.4 (AXSA:2011-732:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-732:02 advisory. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files a...

AZL-71867 CVE-2025-58098 affecting package httpd for versions less than 2.4.66-1

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2025-27452 CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

Debian dla-3819 : fossil - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3819 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/...

SUSE CVE-2004-0942

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service CPU consumption via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters...

SUSE CVE-2010-3872

A flaw was found in the modfcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgidbucket.c file in the fcgidheaderbucketread function, resulting in an application crash...

venom

This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom", uses msfvenom to generate shellcode in various formats and injects it into a template, which is then compiled using compilers like gcc or pyinstaller. The module als...

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

CVE-2018-10917

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

REDDOXX Appliance Session Identifier Extraction

Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details ======= Product: REDDOXX Appliance Affected...

Apache httpd Authentication Bypass Vulnerability

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in the Apache httpd apgetbasicauthp module. An attacker can exploit this vulnerability to bypass authenticatio...

SUSE-SU-2015:1851-1 Security update for apache2

The Apache2 webserver was updated to fix several issues: Security issues fixed: - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to...

openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

Debian: Security Advisory (DSA-2532-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[OWASP HTTP Post Tool] DoS Apache Webserver Attack

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection. This is NO Slowloris Attack! Limitations of HTTP GET DDOS attack: - Does not work on IIS web servers or web servers with timeout limits for HTTP headers. - Easily...

DSA-2532-1 libapache2-mod-rpaf - denial of service

Bulletin has no description...

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

apache2: Fixed several security issues (important)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...