openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

openSUSE Security Update : apache2 (openSUSE-SU-2013:1337-1)

httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-moddav.diff CVE-2013-1896: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. bnc829056 -...

Madness Pro 1.14 Cross Site Scripting

!/usr/bin/env python2 -- coding: utf-8 -- Exploit Title: Madness Pro %3C%2Fscript%3E%3C%2Fa%3E" "%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22setstatus\'12345".formatpanelindexurl, beefhookurl print f.re...

Madness Pro <= 1.14 Persistent XSS / SQL InjectionVulnerabilities

Exploit for php platform in category web applications !/usr/bin/env python2 -- coding: utf-8 -- Exploit Title: Madness Pro = 1.14 Persistent XSS Date: June 05, 2014 Exploit Author: @botnethunter Version: 1.14 Tested on: Apache2 - Ubuntu - MySQL ▄▄▌ ▄▄▄▄· ▄▄▄▄▄ • ▌ ▄ ·. ▄· ▄▌ ██• ▪ ▐█ ▀█▪▪ •██ ▪ ·...

Madness Pro 1.14 - Persistent Cross-Site Scripting

!/usr/bin/env python2 -- coding: utf-8 -- Exploit Title: Madness Pro %3C%2Fscript%3E%3C%2Fa%3E"...

Madness Pro 1.14 - Persistent Cross-Site Scripting

Madness Pro 1.14 - Persistent Cross-Site Scripting !/usr/bin/env python2 -- coding: utf-8 -- Exploit Title: Madness Pro %3C%2Fscript%3E%3...

Fedora 19 : php-5.5.12-1.fc19 (2014-5984)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

Medium: mod_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: modsecurity Issue Correction: Run yum update modsecurity or yum upda...

Fedora 20 : php-5.5.12-1.fc20 (2014-5960)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

[USN-2105-1] MAAS vulnerabilities

========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Localize: Apache2 /icons/ folder accessible

The Apache2 icons folder is accessible from http://www.localize.io/icons/. This is not by definition dangerous, but removing the directory can help obfuscate the server version you're running, which may prevent targeted attacks against your web server. To remove the directory you should look for...

Debian Security Advisory DSA 2908-1 (openssl - security update)

Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2013-5705

Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

Ubuntu: Security Advisory (USN-2152-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : apache2 vulnerabilities (USN-2152-1)

Ning Zhang & Amin Tora discovered that the moddav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. CVE-2013-6438 Rainer M Canavan discovered that the modlogconfig...

Ubuntu Update for apache2 USN-2152-1

Check for the Version of apache2 OpenVAS Vulnerability Test $Id: gbubuntuUSN21521.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for apache2 USN-2152-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

CVE-2011-3196

The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...

CVE-2011-3196

The CVE-2011-3196 issue affects Domain Technologie Control (DTC) prior to version 0.34.1. The root cause is world-readable permissions on /etc/apache2/apache2.conf, which allowed local users to read a configuration file and obtain the dtcdaemons MySQL password. Impact was local, with confidential...