Wordpress Multiple Versions Pwnpress Exploitation Tookit (0.2pub)

Exploit for unknown platform in category web applications ================================================================= Wordpress Multiple Versions Pwnpress Exploitation Tookit 0.2pub ================================================================= !/usr/bin/env ruby .---. .---. : : o : happ...

FreeBSD : apache -- multiple vulnerabilities (c115271d-602b-11dc-898c-001921ab2fa4)

Apache HTTP server project reports : The following potential security flaws are addressed : - CVE-2007-3847: modproxy: Prevent reading past the end of a buffer when parsing date-related headers. - CVE-2007-1863: modcache: Prevent a segmentation fault if attributes are listed in a Cache-Control...

Apache mod_proxy denial of service

Buffer overread on server ersponse parsing...

Apache2 Undefined Charset UTF-7 XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache2 Undefined Charset UTF-7 XSS Vulnerability Author: SecurityReason Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 08.08.2007 - - Public: 11.09.2007 SecurityReason Research SecurityAlert Id: 46 CVE: CVE-2007-4465 SecurityRisk: Low Affected...

Apache crossite scripting

Crossite scripting with UTF-7 characters on directories listing and error messages...

[slackware-security] php

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix "several low priority security bugs." Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 being in the /testing directory, and was not the default version of PHP for Slackware 11.0 being in the /extr...

apache mod_proxy brief analysis-vulnerability warning-the black bar safety net

These days to be continuous training for 5 days, in the afternoon at the venue quickly stuffy dead. Okay see modproxy vulnerability announcement, just download the apache code and looked, and spent long listening to people crap time. Generally the process is as follows: First look at the...

apache -- multiple vulnerabilities

Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2007-3847: modproxy: Prevent reading past the end of a buffer when parsing date-related headers. CVE-2007-1863: modcache: Prevent a segmentation fault if attributes are listed in a Cache-Control header...

DEBIAN-CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

Buffer overflow

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

CVE-2007-3847

CVE-2007-3847 affects Apache httpd 2.3.x (mod_proxy) where the date handling in modules/proxy/proxy_util.c under a threaded MPM can be triggered by crafted date headers, causing a buffer over-read and remote denial of service (caching forward proxy process crash). The linked advisories indicate t...

Apache mod_jk: Directory traversal

Background Apache modjk is a connector for the Tomcat web server. Description Apache modjk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Impact A remote attacker could browse a specially crafted URL on an Apache server running modjk, possibly gaini...

USN-499-1: Apache vulnerabilities

Stefan Esser discovered that modstatus did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to...

CVE-2007-3386.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3386: XSS in Host Manager Severity: Low Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 Description: The Host Manager Servlet does not filter user supplied data before display. Th...

CVE-2007-3382: Handling of cookies containing a ' character

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3382: Handling of cookies containing a ' character Severity: Low Session Hi-jacking Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat...

Apache Tomcat fails to properly handle cookies containing single quotes

Overview Apache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter...