56 matches found
Solaris 10 (sparc) : 152643-05 (deprecated)
SunOS 5.10: Apache 2.4 Patch. Date this patch was last updated by Sun : Sep/06/17 This plugin has been deprecated and either replaced with individual 152643 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...
openSUSE Security Update : viewvc (openSUSE-2017-274)
This update for viewvc to version 1.1.26 fixes the following issues : - vievwc 1.1.26, including one security fix : - CVE-2017-5938 escape navdata name to avoid XSS attack boo1024393 - vievwc 1.1.25 : - fix rev2optrev assertion on long input - license is BSD-2-Clause, package LICENSE text - Updat...
httpd: WinNT MPM denial of service
Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...
Fedora 23 : php-horde-horde-5.2.9-1.fc23 (2016-5d0e7f15ef)
horde 5.2.9 jan SECURITY: Fix XSS vulnerability in menu bar exposed by few applications Bug 14213. jan Add more detailed user DN settings to Kolab group configuration Request 11737. jan Fix returning to last page after problem reporting from AJAX pages Bug 12112. jan Fix custom database...
Fedora 22 : php-horde-horde-5.2.9-1.fc22 (2016-3d1183830b)
horde 5.2.9 jan SECURITY: Fix XSS vulnerability in menu bar exposed by few applications Bug 14213. jan Add more detailed user DN settings to Kolab group configuration Request 11737. jan Fix returning to last page after problem reporting from AJAX pages Bug 12112. jan Fix custom database...
用友某业务站敏感信息泄漏+sql注入
简要描述: 用友某业务站敏感信息泄漏+sql注入 详细说明: 用友新道: http://home.seentao.com/ http://seentao.yonyou.com/ phpcms搭建,存在爆authkey漏洞,拿到key,想干什么干什么。。 WooYun: PHPCMS最新版本authkey泄露可注射拿shell 漏洞证明: 仅测试: web server operating system: Windows web application technology: PHP 5.3.29, Apache 2.4.10 back-end DBMS: MySQL 5.0...
Mandriva Linux Security Advisory : php (MDVSA-2015:209)
Updated php packages fix security vulnerabilities : Buffer Over-read in unserialize when parsing Phar CVE-2015-2783. Buffer Overflow when parsing tar/zip/phar in pharsetinode CVE-2015-3329. Potential remote code execution with apache 2.4 apache2handler CVE-2015-3330. PHP has been updated to versi...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar CVE-2015-2783. Buffer Overflow when parsing tar/zip/phar in pharsetinode CVE-2015-3329. Potential remote code execution with apache 2.4 apache2handler CVE-2015-3330. PHP has been updated to versio...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2572-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2572-1 advisory. It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting...
USN-2572-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-3330 It was discovered that PHP incorrectly handled opening tar, zip or ph...
Apache 2.4.x < 2.4.10 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the 'modproxy' module that may allow an attacker to send a specially crafted request to a server configured as a...
Puppet < 2.7.26 / 3.6.2 and Enterprise 2.8.x < 2.8.7 Multiple Vulnerabilities
According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A privilege escalation vulnerability related to input validation and paths exists in the bundled Ruby environment. An attacker could trick a privileged user into...
Fedora 19 : ReviewBoard-1.7.22-1.fc19 (2014-3420)
New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...
Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)
New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...
Apache 2.4.x < 2.4.3 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is prior 2.4.3. It is, therefore, affected by the following vulnerabilities : - An input validation error exists related to 'modnegotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting...
Apache 2.4 Comes Out, Major update after 6 years
Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and...