8064 matches found
CVE-2006-1095
The CVE-2006-1095 entry applies to Apache’s mod_python (FileSession object) and 3.2.7, where a directory traversal via a crafted session cookie can allow local code execution. Affected component: mod_python 3.2.7 for Apache (FileSession). Root cause: directory traversal in session handling. Impac...
CVE-2006-1079
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...
CVE-2006-1078
Concrete details found: CVE-2006-1078 concerns multiple buffer overflows in the htpasswd utility used by Acme thttpd 2.25b. The vulnerabilities allow a local attacker to gain or escalate privileges via (1) a long command-line argument and (2) a long line in a file. The advisory notes htpasswd is ...
CVE-2006-1079
CVE-2006-1079 concerns the htpasswd utility used by Acme thttpd (notably 2.25b) where local users can escalate privileges through shell metacharacters passed as command-line arguments to system(). Several sourced entries indicate this vulnerability exists in htpasswd and note the issue may be exp...
PHP-Stats 0.1.9.1 - Remote Commans Execution
PHP-Stats 0.1.9.1 - Remote Commans Execution works regardless of magicquotesgpc settings... usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"Of old, the rise of the Yin dynasty was due to I Chih who had served under the Hsia. Likewise, the rise of the Chou dynasty was due to...
PHP-Stats <= 0.1.9.1 Remote Commands Execution Exploit
No description provided by source. ?php ---phpstats0191xpl.php 04/03/2006 4.53.41 PHP-Stats = 0.1.9.1 optionadminpass overwrite / / remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works regardless of magicquotesgpc settings... usage: launch from Apache, fill...
PHP-Stats 0.1.9.1 - Remote Commans Execution
works regardless of magicquotesgpc settings... usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"Of old, the rise of the Yin dynasty was due to I Chih who had served under the Hsia. Likewise, the rise of the Chou dynasty was due to Lu Ya who had served under the Yin."...
Mac OS X Multiple Vulnerabilities (Security Update 2006-001)
The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apachemodphp automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication C Tenable Network...
(PHP) imap functions bypass safemode and open_basedir restrictions
Vulnerability in c-client library tested with versions 2000,2001,2004, mailopen could be used to open stream to local files. For php and imap module imapopen allow to bypass safemode and openbasedir restrictions. Use imapbody or others to view a file and imaplist to recursively list a directory...
CVE-2003-0249
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache...
CVE-2003-0249
The CVE-2003-0249 issue involves PHP treating unknown HTTP methods (e.g., PoSt) as GET requests, potentially bypassing access restrictions when PHP runs on servers that pass all methods (notably with Apache httpd 2.0 and Limit directives). Affected software is PHP in combination with Apache httpd...
CVE-2005-3630
CVE-2005-3630 affects Fedora Directory Server prior to version 10. An information-disclosure vulnerability允许 remote attackers to obtain sensitive data (e.g., adm.conf password) via an IFRAME, likely caused by an Apache httpd.conf configuration that orders allow directives before deny directives. ...
how to crash apache/php in cpanel
I am really not sure if this is a cpanel, php, or apache problem but will let others find out. This is the entire reason I am supplying this information.... In a recent post concerning a mambo error message: Warning: obstart: output handler 'obgzhandler' cannot be used after 'URL-Rewriter' in...
CVE-2006-0042
Summary: CVE-2006-0042 corresponds to a vulnerability in Apache2::Request (Libapreq2) up through versions before 2.07. The issue stems from an algorithm weakness in the apreq_parse_headers() and apreq_parse_urlencoded() functions that can be exploited remotely to cause a Denial of Service via CPU...
PHPKIT 1.6.1R2 - filecheck Remote Command Execution
PHPKIT 1.6.1R2 - filecheck Remote Command Execution works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." also if magicquotesgpc =...
PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit
No description provided by source. ?php ---PHPKIT161r2inclxpl.php 4.27 16/02/2006 PHPKIT = 1.6.1R2 remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men c...
DocMGR <= 0.54.2 arbitrary remote inclusion
--------------- DocMGR = 0.54.2 arbitrary remote inclusion -------------------- software: site: http://www.docmgr.org/ description: "DocMGR is a complete, web-based Document Management System DMS. It allows for the storage of any file type, and supports full-text indexing of the most popular...
EnterpriseGS 1.0 rc4 - Remote Command Execution
EnterpriseGS 1.0 rc4 - Remote Command Execution works against PHP5 usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Thus the energy developed by good fighting men is as the momentum of a round stone rolled down a mountain thousands of feet in height. So much on the subject ...
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Command Execution
works against PHP5 usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Therefore the good fighter will be terrible in his onset, and prompt in his decision" / short explaination: found this bug in FlySpray, exploiting EGS Enterprise Groupware System 1.0 rc4, see this link for...
EnterpriseGS <= 1.0 rc4 Remote Commands Execution Exploit
Exploit for unknown platform in category web applications ========================================================= EnterpriseGS works against PHP5 usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Thus the energy developed by good fighting men is as the momentum of a round...