CVE-2006-7098

The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...

Apache Tomcat buffer overflow

Stack buffer overflow stack overrun on oversized URI...

MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow

Summary The last vulnerability for today is similar to the second one. This time the bug is however a deep recursion bug in the Zend Engine variable destruction. User input is parsed in an iterative way which allows the creation of very deeply nested array structures from user input. However when...

ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-008.html March 2, 2007 -- CVE ID: CVE-2007-0774 -- Affected Vendor: Apache -- Affected Products: Tomcat JK Web Server Connector 1.2.19 Tomcat JK Web Server...

Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit

No description provided by source. / :: Kristian Hermansen :: Date: 20070229 Description: Local attacker can influence Apache to direct commands into an open tty owned by user who started apache process, usually root. This results in arbitrary command execution. Affects: Apache 1.3.33/1.3.34 on...

Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation

/ :: Kristian Hermansen :: Date: 20070229 Description: Local attacker can influence Apache to direct commands into an open tty owned by user who started apache process, usually root. This results in arbitrary command execution. Affects: Apache 1.3.33/1.3.34 on Debian...

[Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)

Version 1.3.34-4 of Apache in the Debian Linux distribution contains a hole that allows a local user to access a root shell if the webserver has been restarted manually. This bug does not exist in the upstream apache distribution, and was patched in specifically by the Debian distribution. The bu...

Debian Linux apache privilege escalation

User can inject shell command into shell from where apache was started by using TIOCSTI ioctl on the ctty socket in CGI script...

security flaw

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."...

Mandrake Linux Security Advisory : php (MDKSA-2006:196)

The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. The purpose of these functions is to be filled with user input. The overflow can only be when UTF-8 is used CVE-2006-5465 Unspecified vulnerabilities in PHP, probably before...

Mandrake Linux Security Advisory : php (MDKSA-2006:185)

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults. CVE-2006-4625 A race condition in the symlink functi...

SUSE-SA:2006:043: apache,apache2

The remote host is missing the patch for the advisory SUSE-SA:2006:043 apache,apache2. The following security problem was fixed in the Apache and Apache 2 web servers: modrewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer...

CVE-2007-0451

CVE-2007-0451 affects SpamAssassin prior to 3.1.8. The issue arises when processing HTML email containing long URIs, which can trigger excessive memory usage and cause denial of service. Public advisories from Red Hat (RHSA-2007:0074) and Oracle Linux (ELSA-2007-0074) confirm the fix to version 3...

[PHP-DEV] PHP 5.2.1 crashing Apache/IIS...

Heads up! Installed the latest Win32 binaries of thread-safe PHP 5.2.1 on Win32 Apache and IIS. PHP started crashing definitely PHP - php5ts.dll when I went to access the MyProBB web forum. Win32 Apache flat out crashes, IIS bails with HTTP 500 errors. Forum crashes PHP 5.2.1:...

GLSA-200701-14 : Mod_auth_kerb: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200701-14 Modauthkerb: Denial of Service Modauthkerb improperly handles component byte encoding in the dergetoid function, allowing for a buffer overflow to occur if there are no components which require more than one byte for...

Mod_auth_kerb: Denial of service

Background Modauthkerb is an Apache authentication module using Kerberos. Description Modauthkerb improperly handles component byte encoding in the dergetoid function, allowing for a buffer overflow to occur if there are no components which require more than one byte for encoding. Impact An...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

CVE-2006-6675

CVE-2006-6675 describes an XSS vulnerability in Novell NetWare 6.5 Support Pack 5 and 6, and Novell Apache on NetWare 2.0.48. The issue allows remote attackers to inject arbitrary web script or HTML through unspecified parameters in the Welcome web-app. Public references list affected products an...

Mandrake Linux Security Advisory : apache (MDKSA-2006:133)

Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's modrewrite ldap scheme handling. In order for this to be exploitable, a number of conditions need to be met including a running a vulnerable version of Apache 1.3.28+, 2.0.46+, or 2.2.0+, b...

CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...