CVE-2007-0419

The CVE-2007-0419 issue affects the BEA WebLogic Server proxy plug-in for the Apache HTTP Server (pre June 2006). The root cause is improper handling of protocol errors in the plug-in, which can allow remote attackers to cause a denial of service (server outage). The vulnerability description not...

CVE-2007-0419

The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service server outage...

Directory traversal

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when registerglobals is enabled and magicquotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting PHP...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

Directory traversal

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...

Code injection

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

CVE-2007-0086

CVE-2007-0086 targets the Apache HTTP Server. The documented effect is a denial of service caused by a Range header that can cause network bandwidth consumption when a TCP connection is opened with a large window size, via multiple copies of the same fragment. The connected documents provide conc...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

CVE-2006-6869

Directory traversal vulnerability in includes/search/searchmdforum.php in MAXdev MDForum 2.0.1 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang cookie to error.php, as...

CVE-2006-6613

Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. dot dot in the palangincludefile...

CentOS 4 : mod_auth_kerb (CESA-2006:0746)

Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...

RHEL 4 : mod_auth_kerb (RHSA-2006:0746)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2006:0746 advisory. modauthkerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way...

CVE-2006-6445

Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then...

Apache Httpd < 2.0.61 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

mod_auth_kerb security update

CentOS Errata and Security Advisory CESA-2006:0746 Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthke...

Low: Red Hat Security Advisory: mod_auth_kerb security update

Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...

HP-UX PHSS_35460 : s700_800 11.04 Virtualvault 4.7 IWS update

s700800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service DoS attack and...