Oracle Jserv Executes outside of doc_root

Detects Vulnerability in the execution of JSPs outside docroot. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Subversion Information Disclosure Vulnerability (Nov 2005)

A flaw exists in the Apache module modauthzsvn, which fails to properly restrict access to metadata within unreadable paths. Copyright C 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache Tomcat '/servlet' XSS Vulnerability - Active Check

Apache Tomcat is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache HTTP Server 'mod_ssl' Hook Functions Format String Vulnerability

The remote host is using a version vulnerable of modssl which is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host. SPDX-FileCopyrightText: 2004 David Maciejak Some text...

CuteNews 1.4.1 - Shell Injection / Remote Command Execution

CuteNews 1.4.1 remote commands execution !-- body,td,th color: 00FF00; body backg...

CuteNews <= 1.4.1 (shell inject) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================= CuteNews CuteNews 1.4.1 re...

Apache Remote Command Execution via .bat files

The Apache 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server although it is reported that any .bat file could open this vulnerability. An attacker can send a pipe character with commands appended as...

Tomcat 4.x JSP Source Exposure - Active Check

Tomcat 4.0.4 and 4.1.10 probably all other earlier versions also are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. SPDX-FileCopyrightText: 2002 Felix Huber Some text descriptions might be excerpted from a referenced sources, and are...

Mandrake Linux Security Advisory : apache-mod_auth_shadow (MDKSA-2005:200)

The modauthshadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security...

CVE-2005-3392

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safemode and openbasedir directives...

Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Web Server / Application favicon.ico Vendor Fingerprinting

The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to fingerprint the web server. This script was written by Javier Fernandez-Sanguino based on sample code written by Renaud Deraison in the nessus-plugins mailing list It is distributed under th...

CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...

CVE-2005-3319

The CVE-2005-3319 description applies to PHP 5.x before 5.1.0 final and PHP 4.4 before 4.4.1 final, specifically via the apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php). It allows a denial of service (segmentation fault) by manipulating the session.save_path option in a .htacc...

phpnuke78sql.txt

PHPNuke 7.8 with all security fixes/patches "Downloads", "WebLinks" & "YourAccount" SQL INjection - remote commands execution poc exploit there are a lot of unsanitized vars in every module, as I can see, so if magicquotesgpc is Off - SQL INJECTION 1 you can go to "Your Account" and submit a...

CVE-2005-2970

Memory leak in the worker MPM worker.c for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections...

CVE-2005-2970

Memory leak in the worker MPM worker.c for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections...

CVE-2005-2970

Memory leak in the worker MPM worker.c for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections...

CVE-2005-2970

Memory leak in the worker MPM worker.c for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections...

PHP Apache configuration files DoS

Server crashes on invalid .htaccess 'phpvalue session.savepath' value...