Code injection

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1349

CVE-2007-1349 is referenced in connected documents as affecting Solaris/SunOS patches for Apache 1.3 on SPARC/x86 (patches 122911-32 through 122911-37). The initial description attributes the flaw to PerlRun.pm in Apache mod_perl 1.30 and RegistryCooker.pm in mod_perl 2.x, which fail to properly ...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

mod_perl -- remote DoS in PATH_INFO parsing

Mandriva reports: PerlRun.pm in Apache modperl 1.29 and earlier, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

PHP-Nuke Module AddressBook 1.2 - Local File Inclusion

!Perl PHP-Nuke Module Addressbook 1.2 Local File Inclusion Exploit Vendor: http://www.sb-websoft.com/index.php?name=CmodsDownload&file=index&req=getit&lid=14 Vulnerable Code: requireonce"modules/$modulename/include/func.inc.php"; Coded by bd0rk || SOH-Crew Greetz: str0ke, TheJT, saint, CodeR, rgo...

MOPB-26-2007:PHP mb_parse_str() register_globals Activation Vulnerability

Summary When the mbparsestr function, which is the multibyte variant of the parsestr function, is called with only one parameter and is interrupted by for example a memorylimit violation the registerglobals directive will get internally activated during the process and not deactivated. Therefore...

pragmaMX Module Landkarten 2.1 (Windows) - Local File Inclusion

pragmaMX Module Landkarten 2.1 Windows - Local File Inclusion !Perl pragmaMX Landkartenmodule 2.1 Local File Inclusion Exploit Vendor: http://www.pragmamx.org/Downloads-op-getit-lid-599-noJpC-.html Vulnerable Code: requireonce"modules/$modulename/inc/conf.php"; Coded by bd0rk || SOH-Crew Greetz:...

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion !/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php";...

pragmaMX Module Landkarten 2.1 (Windows) - Local File Inclusion

!Perl pragmaMX Landkartenmodule 2.1 Local File Inclusion Exploit Vendor: http://www.pragmamx.org/Downloads-op-getit-lid-599-noJpC-.html Vulnerable Code: requireonce"modules/$modulename/inc/conf.php"; Coded by bd0rk || SOH-Crew Greetz: str0ke, Diddi, seduce, TheJT, broken-error use IO::Socket; use...

JSP vulnerabilities large-vulnerability warning-the black bar safety net

Overview: The server vulnerability is a security Origin, a hacker on the site of the attack is also mostly from the Find each other's vulnerabilities. So only understand its own vulnerability, the site managers to take appropriate measures to prevent foreign attacks. The following describes some ...

GLSA-200703-16 : Apache JK Tomcat Connector: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200703-16 Apache JK Tomcat Connector: Remote execution of arbitrary code ZDI reported an unsafe memory copy in modjk that was discovered by an anonymous researcher in the mapuritoworker function of native/common/jkuriworkermap.c...

CVE-2007-1491

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

Apache Tomcat 5.x6.0.x - Directory Traversal

Apache Tomcat 5.x6.0.x - Directory Traversal source: https://www.securityfocus.com/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issu...

Apache Tomcat 5.x/6.0.x - Directory Traversal

source: https://www.securityfocus.com/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files ...

[ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV68$2007 ----------------------------------------------------------------------------------------- ECHOADV68$2007 PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability...

PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =================================================================== PMB Services = 3.0.13 Multiple Remote File Inclusion Vulnerability =================================================================== \ /\ \ / | \ \ | / \ // / | \ | \...

Apache mod_python information leak

If used in output filter mode, large output can lead to content of freed memory is leaked...