MySQLDumper Apache访问控制验证绕过漏洞

MySQLDumper是一款备份MySQL数据库的备份脚本。 在Apache访问控制文件中存在配置错误，远程攻击者可以利用漏洞绕过验证删除Apache的访问控制文件，获得对保护文件的访问。 由于MySQLDumper包含的main.php对用户提交的 HTTP POST请求缺少验证，攻击者可以利用漏洞删除.htaccess/.htpasswd文件，访问受保护的文件信息。 MySQLDumper MySQLDumper Typo3-Extension 0.0.5 MySQLDumper MySQLDumper 1.23prereleaseREV MySQLDumper MySQLDumpe...

Mandrake Linux Security Advisory : apache (MDKSA-2007:140)

A vulnerability was discovered in the the Apache modstatus module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled CVE-2006-5752. A vulnerability was found in the Apache modcache module that could cause...

MySQLDumper vulnerability: Bypassing Apache based access control possible

A critical security issue has been found in the Open Source PHP backup tool MySQLDumper 0. The issue allows to bypass an Apache based access control created with MySQLDumper. Through this an attacker can easily gain full control about all features of MySQLDumper. The authors of MySQLDumper were...

CentOS 3 : httpd (CESA-2007:0533)

Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...

PHP .Htaccess Safe_Mode和Open_Basedir限制绕过漏洞

BUGTRAQ ID: 24661 CVE ID:CVE-2007-3378 CNCVE ID:CNCVE-20073378 PHP是一款广泛使用的WEB开发脚本语言。 PHP存在'safemode'和'openbasedir'限制绕过问题，远程攻击者可以利用漏洞写文件到未授权系统位置。 当使用PHP作为Apache模块，可以通过在.htaccess文件中使用指示进行培植二十时亿兆时毫...

CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

[SECURITY] Fedora 7 Update: httpd-2.2.4-4.1.fc7

The Apache HTTP Server is a powerful, efficient, and extensible web server...

CentOS 5 : httpd (CESA-2007:0556)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability

Source: http://securityreason.com/achievementsecurityalert/45 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.3 PHP 4.4.7, htaccess safemode and openbasedir Bypass Vulnerability Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason Date: - - Written: 10.02.2007 - - Public: 27.06.2007...

RHEL 2.1 : apache (RHSA-2007:0532)

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

RHEL 5 : httpd (RHSA-2007:0556)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

apache security update

CentOS Errata and Security Advisory CESA-2007:0532-01 Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

Moderate: Red Hat Security Advisory: apache security update

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit

No description provided by source. Apache w/ modjk Remote Exploit by eliteboy use IO::Socket; print "ELiTEBOYPRESENTZAPACHEMODJKREMOTEEXPLOIT\n"; $target = $ARGV1; if $ARGV != 1 || $target 1 || $target 3 print "Usage: modjkx.pl hostname targettype\n";...

Apache mod_jk 1.2.191.2.20 - Remote Buffer Overflow

Apache modjk 1.2.191.2.20 - Remote Buffer Overflow Apache w/ modjk Remote Exploit by eliteboy use IO::Socket; print "ELiTEBOYPRESENTZAPACHEMODJKREMOTEEXPLOIT\n"; $target = $ARGV1; if $ARGV != 1 || $target 3 print "Usage: modjkx.pl \n"; print "1.\tSUSE Enterprise Linux Server SP0/SP3 Apache 2.2.4...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...