Solaris 10 (x86) : 122912-37 (deprecated)

SunOS 5.10x86: Apache 1.3 Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 122912 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

RHEL 3 / 4 : php (RHSA-2006:0568)

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

php security update

CentOS Errata and Security Advisory CESA-2006:0568 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

CVE-2006-3362

Unrestricted file upload in connectors/php/connector.php of FCKeditor mcpuk file manager enables remote PHP code execution. Affected products include Geeklog 1.4.0 through 1.4.0sr3, toendaCMS 1.0.0 Shizouka Stable and earlier, and WeBid 0.5.4, on Apache with mod_mime. The vulnerability stems from...

CVE-2006-3362

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in 1 Geeklog 1.4.0 through 1.4.0sr3, 2 toendaCMS 1.0.0 Shizouka Stable and earlier, 3 WeBid 0.5.4, and possibly other products, when installed on Apache with modmime, allows remote...

CentOS 3 / 4 : httpd (CESA-2006:0159)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A memo...

CentOS 3 / 4 : php (CESA-2005:564)

Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR...

CentOS 3 / 4 : httpd (CESA-2005:608)

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...

CentOS 3 : PHP (CESA-2005:405)

Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP...

CentOS 3 / 4 : php (CESA-2006:0276)

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

CVE-2006-3102

CVE-2006-3102 affects Bitweaver 1.3. A race condition in articles/BitArticle.php when running under Apache with mod_mime lets remote attackers execute arbitrary PHP code by uploading files with double extensions, which are temporarily stored under the webroot in the temp/articles directory. No re...

CVE-2006-3070

writeok.php in Zeroboard 4.1 pl8, when installed on Apache with modmime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe...

CVE-2006-3070

CVE-2006-3070 affects Zeroboard 4.1 pl8 running on Apache with mod_mime. The issue allows remote attackers to bypass upload restrictions for executable extensions by uploading a .htaccess file containing an AddType directive that maps an assumed-safe extension (e.g., txt) to an executable handler...

Zeroboard File Upload & extension bypass Vulnerability

Zeroboard File Upload & extension bypass Vulnerability Author : Choi Min-sung mins at wins21.com Product : Zeroboard http://www.nzeo.com Verndor-Patches : Unpatched Impact : remote code execution Summary ======= Basically, the PHP, HTML, and CGI files are prohibited to upload in Zeroboard. But...

[SA20592] Zeroboard ".htaccess" File Upload Vulnerability

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

CVE-2006-2831

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743...

Update Protection against Apache Header Injection Vulnerability

A flaw has been identified in Apache 1.3.34/2.0.57/2.2.1. The flaw specifically exists in the Expect header. Attackers can exploit This flaw by appending malformed Expect headers in outgoing HTTP requests and redirect users to Web sites of their choice...

FreeBSD : drupal -- multiple vulnerabilities (40a0185f-ec32-11da-be02-000c6ec775d9)

The Drupal team reports : Vulnerability: SQL injection A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer. Vulnerability: Execution of arbitrary files Certain -- alas, typical -- configurations of...

[DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-007 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-007 Project: Drupal core and any web app that allows user uploads Date:...

[DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-006 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-006 Project: Drupal core Date: 2006-05-24 Security risk: highly critica...