Debian DSA-839-1 : apachetop - insecure temporary file

Eric Romang discovered an insecurely created temporary file in apachetop, a realtime monitoring tool for the Apache webserver that could be exploited with a symlink attack to overwrite arbitrary files with the user id that runs apachetop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

DSA-844-1 mod-auth-shadow - programming error

Bulletin has no description...

lucid_cms_1011_expl.txt

Lucid CMS 1.0.11a remote commands execution Lucid CMS V 1.0.11a possibly prior versions remote commands executiona script by rgod at a href="http://rgod.altervi...

DSA-839-1 apachetop - insecure temporary file

Bulletin has no description...

PHP-Fusion 6.00.109 (msg_send) SQL Injection Exploit

No description provided by source. php if magicquotes off - SQL Injection, poc: http://target/pathtoPhpFusion/messages.php?msgsend=' UNION SELECT userpassword FROM fusionusers WHERE username='adminusername'/ inserted the above for a better description /str0ke 19.17 28/09/2005 -- PhpF600109xpl.php...

phpMyFAQ <= 1.5.1 (User-Agent) Remote Shell Injection Exploit

Exploit for unknown platform in category web applications ============================================================= phpMyFAQ = 1.5.1 User-Agent Remote Shell Injection Exploit ============================================================= ?php 17.34 22/09/2005 phpmyfaqxpl.php PhpMyFaq 1.5.1...

mylittle15_16b.txt

My Little Forum 1.5 / 1.6beta SQL Injection software: site: http://www.mylittlehomepage.net/mylittleforum software: "A simple web-forum that supports classical thread view message tree as well as messagebord view to display the messages. Requires PHP 4.1 and a MySQL database." 1 look at the...

My Little Forum &lt;= 1.5 (searchstring) SQL Injection Exploit

No description provided by source. ?php mlfexpl.php My Little Forum 1.5 possibly prior versions SQL Injection / MD5 password hash disclosure poc exploit with proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script:...

Apache, mod_ssl: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description modssl contains a security issue when "SSLVerifyClient optional" is configured in the global virtual...

CuteNews &lt;= 1.4.0 (shell inject) Remote Command Execution Exploit

No description provided by source. ?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script:...

CuteNews 1.4.0 - Shell Injection / Remote Command Execution

?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals...

RHEL 2.1 : mod_ssl (RHSA-2005:773)

An updated modssl package for Apache that corrects a security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and...

Important: Red Hat Security Advisory: mod_ssl security update

An updated modssl package for Apache that corrects a security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and...

[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 807-1 [email protected] http://www.debian.org/security/ Martin Schulze September 12th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 807-1 [email protected] http://www.debian.org/security/ Martin Schulze September 12th, 2005 http://www.debian.org/security/faq -...

Debian DSA-803-1 : apache - programming error

A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the bod...

RHEL 4 : pcre (RHSA-2005:761)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:761 advisory. PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expressio...

Debian DSA-805-1 : apache2 - several vulnerabilities

Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1268 Marc Stern discovered an off-by-one error in the modssl Certificate Revocation List CRL...

DSA-807-1 libapache-mod-ssl - acl restriction bypass

Bulletin has no description...

mod_ssl fails to properly enforce client certificates authentication

Overview modssl, the Apache web server module for Secure Socket Layer SSL communications, may not properly authenticate client certificates. Description modssl provides Secure Socket Layer SSL communications for the Apache web server. SSL is designed to provide the ability to encrypt and...