Ubuntu 4.10 / 5.04 : apache vulnerability (USN-160-2)

USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities CAN-2005-2088. Please note that Apache 1 is not officially supported in Ubuntu it is in the 'universe' component of the archive. For reference, this is the relevan...

Ubuntu 4.10 : apache vulnerabilities (USN-65-1)

Javier Fernandez-Sanguino Pena noticed that the 'checkforensic' script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Note that Tenable Network Security has extract...

Ubuntu 4.10 : apache vulnerability (USN-133-1)

A buffer overflow was discovered in the 'htpasswd' utility. This could be exploited to execute arbitrary code with the privileges of the user invoking htpasswd. This is only a security vulnerability if you have a website that offers a public interface to htpasswd without checking the input...

Ubuntu 4.10 : apache2 bug fix (USN-173-3)

USN-173-2 fixed a vulnerability in Apache's regular expression parser. However, the packages from that advisories had a bug that prevented Apache from starting. This update fixes this. We apologize for the inconvenience!. Note that Tenable Network Security has extracted the preceding description...

USN-241-1: Apache vulnerabilities

The "modimap" module which provides support for image maps did not properly escape the "referer" URL which rendered it vulnerable against a cross-site scripting attack. A malicious web page or HTML email could trick a user into visiting a site running the vulnerable modimap, and employ...

Apache < 1.6.1 auth_ldap Module Remote Format String

Binary data 3360.prm...

Apache mod-auth-pgsql authorization module format string vulnerabilities

Several format string bugs in error logging...

Apache auth_ldap authentication module format string vulnerabilities

Format string vulnerability on error logging...

Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability

Digital Armaments advisory is 12.22.2005 http://www.digitalarmaments.com/2006090173928420.html I. Background authldap is an LDAP authentication module for Apache, the world's most popular web server. authldap has excellent performance, and supports Apache on both Unix and Windows NT. It also has...

Apache mod_ssl ssl_hook_Access Error Handling DoS

The version of Apache running on the remote host is affected by a denial of service vulnerability due to a flaw in modssl that occurs when it is configured with an SSL vhost with access control and a custom 400 error page. A remote attacker can exploit this, via a non-SSL request to an SSL port, ...

CVE-2006-0150

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

Format string

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

CVE-2006-0150

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

CVE-2006-0150

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

CVE-2006-0150

CVE-2006-0150 is a format-string vulnerability in the Apache auth_ldap module (auth_ldap) caused by improper handling in the logging function. The issue exists in libapache-auth-ldap and affects Apache auth_ldap 1.6.0 and earlier, enabling remote attackers to execute arbitrary code with the httpd...

PT-2006-1039 · Apache · Apache Auth Ldap

Name of the Vulnerable Software and Affected Versions: Apache auth ldap versions 1.6.0 and earlier auth ldap version 1.4.8 Description: The issue concerns multiple format string vulnerabilities in the auth ldap log reason function. This allows remote attackers to execute arbitrary code via variou...

Remote file include in appserv 2.4.5 &#40;possible in previous versions&#41;

====================================================================== Remote file include in appserv 2.4.5 possible in previous versions ====================================================================== What is Appserv AppServ is the Apache/PHP/MySQL open source software installer packages...

CVE-2005-3357

modssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service application crash via a non-SSL request to an SSL port, which triggers a NULL pointer dereference...

Apache < 2.0.3 mod_auth_pgsql Module Server Log Format String

Binary data 3358.prm...

PHP 4.4.0 - mysql_connect function Local Buffer Overflow

PHP 4.4.0 - mysqlconnect function Local Buffer Overflow ?php / This exploit was designed to work with PHP versions 4.3.10 and 4.4.0 under Windows XP SP 1. If another operating system is used, the replacement EIP must be changed. The replacement EIP is written 261 bytes into our string. For this...