Apache CGI脚本源码信息泄露漏洞

Apache是一款开放源代码WEB服务程序。 Apache的modalias模块在支持区分大小写目录名的文件系统上处理区分大小写的别名指令参数时存在规范化错误。如果攻击者访问有大写的目录名（如CGI-BIN）的URL的话，就可以在ScriptAlias指令引用了文档根目录中目录的某些非默认配置中泄漏cgi-bin目录中应用程序的源码。 有漏洞配置示例： DocumentRoot "path/docroot/" ScriptAlias /cgi-bin/ "/path/docroot/cgi-bin" Apache Group Apache 2.2.2 for Windows 临时解决方法...

Apache mod_rewrite模块单字节缓冲区溢出漏洞

Apache是一款开放源代码WEB服务程序。 Apache的modrewrite模块在转义绝对URI主题时存在单字节缓冲区溢出漏洞，攻击者可能利用此漏洞在服务器上执行任意指令。 modrewrite模块的escapeabsoluteuri函数分离LDAP URL中的令牌时，会导致在字符指针数组以外写入指向用户控制数据的指针，这样就可能完全控制受影响的主机。 Apache Group Apache 2.2.x = 2.2.0 Apache Group Apache 2.0.x = 2.0.46 Apache Group Apache 1.3.x = 1.3.28 临时解决方法：...

htpasswd Apache 1.3.31 Local Exploit

No description provided by source. !/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo - foxtrotatflowsecurity.org $shellcode = "\x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68"...

GLSA-200610-12 : Apache mod_tcl: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200610-12 Apache modtcl: Format string vulnerability Sparfell discovered format string errors in calls to the setvar function in tclcmds.c and tclcore.c. Impact : A remote attacker could exploit the vulnerability to execute...

Apache OpenSSL Remote Exploit (Multiple Targets) (OpenFuckV2.c)

No description provided by source. / OF version r00t VERY PRIV8 spabam Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena irc.brasnet.org / include arpa/inet.h include netinet/in.h include sys/types.h include sys/socket.h include...

CVE-2006-4154

Format string vulnerability in the modtcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a setvar function call in 1 tclcmds.c and 2 tclcore.c...

CVE-2006-4154

Format string vulnerability in the modtcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a setvar function call in 1 tclcmds.c and 2 tclcore.c...

Debian DSA-1131-1 : apache - buffer overflow

Mark Dowd discovered a buffer overflow in the modrewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Debian DSA-1167-1 : apache - missing input sanitising

Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3352 A cross-site scripting XSS flaw exist...

Apache Win32 Chunked Encoding

This module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apach...

USN-362-1: PHP vulnerabilities

The stripos function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. CVE-2006-4485 An integer overflow was discovered in the PHP memory allocation handling. On...

php security update

CentOS Errata and Security Advisory CESA-2006:0708-01 Updated PHP packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...

[Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])

Eiji James Yoshida wrote in http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049784.html : If 'Encoding' is set to 'Auto Select', and Internet Explorer finds a UTF-7 string in the response's body, it will set the charset encoding to UTF-7 automatically ... Proof of concept:...

IMCE file handling vulnerabilities

IMCE has two vulnerabilities with regards to file handling. 1. By passing relative paths to IMCE's delete function, a malicious user with the "delete files" permission can delete files anywhere in the directory tree depending on the access permissions of the webserver. 2. IMCE allows the upload...

php security update

CentOS Errata and Security Advisory CESA-2006:0669 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server....

AlstraSoft E-Friends <= 4.85 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ============================================================= AlstraSoft E-Friends = 4.85 Remote Command Execution Exploit ============================================================= !/usr/bin/perl AlstraSoft Efriends 4.85 Remote Command...

CVE-2006-4625

CVE-2006-4625 affects PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6. The root cause is the ini_restore function resetting values to php.ini Master Value defaults, allowing local users to bypass Apache httpd.conf protections such as safe_mode and open_basedir. The provided documents describe the vulne...