5707 matches found
CVE-2007-5000
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tmincludepath parameter to 1 Classes.inc.php, 2 statistic.inc.php, 3 status.inc.php, 4 statustopx.inc.php, or 5 libchart-1.1/libchart.php in include/. NOTE:...
CVE-2007-6231
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tmincludepath parameter to 1 Classes.inc.php, 2 statistic.inc.php, 3 status.inc.php, 4 statustopx.inc.php, or 5 libchart-1.1/libchart.php in include/. NOTE:...
Apache HTTP Server 413错误HTTP请求方法跨站脚本漏洞
Apache HTTP Server是一款非常流行的HTTP服务程序。 Apache HTTP Server处理特殊构建的HTP方法存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 通过提交一个畸形的HTTP方法其可包含恶意负载如Javascript和表单中非法长度数据,可引起Apache HTTP服务器返回客户端提供的脚本代码: Two 'Content-length:' headers equals to zero. i.e.: Content-Length: 0LFContent-Length: 0 One 'Content-length:' header...
Preemptive Protection against Apache HTTP Server 413 Error Page Cross-Site Scripting Vulnerability
A cross-site scripting XSS vulnerability exists in Apache HTTP Server. Apache is a popular web server available for a wide variety of operating systems. Successful exploitation of this vulnerability could result in arbitrary scripting code execution by the user's browser in the context of an...
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...
Cross site scripting
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2007:0747 Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache...
RHEL 4 : httpd (RHSA-2007:0747)
Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...
Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...
Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Updated httpd packages that fix a security issue, fix various bugs, and add enhancements, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available...
Fedora 7 : httpd-2.2.4-4.1.fc7 (2007-0704)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
This update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that...
CVE-2003-1418
CVE-2003-1418 affects Apache HTTP Server 1.3.22–1.3.27 on OpenBSD. The root cause is information disclosure via (1) ETag headers that reveal inode numbers and (2) multipart MIME boundaries that reveal child process IDs (PIDs). Practical impact is partial information disclosure that can aid reconn...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...