SUSE CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

[SECURITY] Fedora 36 Update: php-8.1.14-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

VulnCheck KEV: CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

[SECURITY] Fedora 36 Update: php-8.1.12-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora: Security Advisory for php (FEDORA-2022-f2a5082860)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Path traversal and file disclosure vulnerabilit...

GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-20 Apache HTTPD: Multiple Vulnerabilities - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP...

[SECURITY] Fedora 36 Update: php-8.1.7-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

Design/Logic Flaw

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

CVE-2021-46418

Telesquare TLR-2855KS6 is affected by CVE-2021-46418. The Nuclei template documents an unauthenticated vulnerability where an HTTP PUT request can create arbitrary files, including CGI scripts, on the device. Impact is described as potentially enabling remote code execution via file creation. Aff...

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

Telesquare TLR-2855KS6 安全漏洞

The Telesquare TLR-2855KS6 is an LTE router from Telesquare Korea. A security vulnerability exists in the Telesquare TLR-2855KS6 that stems from an unauthorized file creation vulnerability via the PUT method that could allow the creation of CGI scripts...

Mageia: Security Advisory (MGASA-2017-0203)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: php-8.0.13-1.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier...

[SECURITY] Fedora 33 Update: php-7.4.25-1.fc33

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...