atutor151pl2.txt

ATutor 1.5.1pl2 SQL Injection / Remote commands execution software: site: http://www.atutor.ca/ description : "ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind." if magicquotesgpc off - SQL INJECTION vulnerable code in...

ATutor 1.5.1pl2 - SQL Injection Command Execution

ATutor 1.5.1pl2 - SQL Injection Command Execution ?php atutor151pl2xpl.php 5.12 08/11/2005 Atutor 1.5.1 pl2 possibly prior versions SQL injection / / remote commands execution by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! make these changes...

Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. Added...

ATutor 1.5.1pl2 - SQL Injection / Command Execution

?php atutor151pl2xpl.php 5.12 08/11/2005 Atutor 1.5.1 pl2 possibly prior versions SQL injection / / remote commands execution by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script:...

apache

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. Added...

CVE-2005-3510

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...

CVE-2005-3510

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...

CuteNews 1.4.1 remote code execution

CuteNews 1.4.1 Arbitrary file inclusion / remote code execution exploit software: site: http://cutephp.com/ description: "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading,...

PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability

A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...

Web Server Cross Site Scripting

The remote web server seems to be vulnerable to a Cross Site Scripting vulnerability XSS. The vulnerability is caused by the result being returned to the user when a non-existing file is requested e.g. the result contains script code provided in the request. This vulnerability would allow an...

Apache Connection Blocking Denial of Service

The remote web server appears to be running a version of Apache that is less that 2.0.49 or 1.3.31. These versions are vulnerable to a denial of service attack where a remote attacker can block new connections to the server by connecting to a listening socket on a rarely accessed port. OpenVAS...

mod_python handle abuse

The remote host is using the Apache modpython module which is version 2.7.6 or older. These versions allow a module which is indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module...

Check for Apache Multiple / vulnerability

Certain versions of Apache for Win32 have a bug wherein remote users can list directory entries. Specifically, by appending multiple /'s to the HTTP GET command, the remote Apache server will list all files and subdirectories within the web root as defined in httpd.conf. OpenVAS Vulnerability Tes...

Apache Error Log Escape Sequence Injection

The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. OpenVAS has determined the vulnerability exists only by...

Apache Directory Listing

By making a request to the Apache web server ending in '?M=A' it is sometimes possible to obtain a directory listing even if an index.html file is present. It appears that it is possible to retrieve a directory listing from the root of the Apache web server being tested. However, this could be...

http TRACE XSS attack

Debugging functions are enabled on the remote HTTP server. The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting...

MacOS X Finder reveals contents of Apache Web files

MacOS X creates a hidden file, '.FBCIndex' in each directory that has been viewed with the Finder. This file contains the content of the files present in the directory, giving an attacker information on the HTML tags, JavaScript, passwords, or any other sensitive word used inside those files...

Apache mod_proxy content-length buffer overflow

The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is vulnerable to a heap based buffer overflow in proxyutil.c for modproxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the...

Apache mod_rootme Backdoor

The remote system appears to be running the modrootme module, this module silently allows a user to gain a root shell access to the machine via HTTP requests. OpenVAS Vulnerability Test $Id: modrootmebackdoor.nasl 7175 2017-09-18 11:55:15Z cfischer $ Description: Apache modrootme Backdoor Authors...

MacOS X Finder reveals contents of Apache Web directories

MacOS X creates a hidden file, '.DSStore' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website. OpenVAS Vulnerability Test $Id: osXapachefinder.nasl 8023...