CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2014/07/24 12:0 a.m.•58 views

Debian Security Advisory DSA 2989-1 (apache2 - security update)

Several security issues were found in the Apache HTTP server. CVE-2014-0118 The DEFLATE input filter inflates request bodies in moddeflate allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size. CVE-2014-0226 A ra...

6.8CVSS0.8AI score0.75444EPSS

Exploits5References1

OSV•added 2014/07/24 12:0 a.m.•49 views

DSA-2989-1 apache2 - security update

Bulletin has no description...

6.8CVSS6AI score0.75444EPSS

Tenable Nessus•added 2014/07/24 12:0 a.m.•52 views

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.6AI score0.75444EPSS

Exploits5References4

Cent OS•added 2014/07/23 3:36 p.m.•114 views

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2014:0921 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

6.8CVSS7AI score0.75444EPSS

Exploits7References7

FreeBSD•added 2014/07/19 12:0 a.m.•54 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,...

6.1AI score

seebug.org•added 2014/07/01 12:0 a.m.•33 views

Zeus Web Server 3.x Null Terminated Strings Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/977/info Appending %00 to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option allow CGIs anywhere is enabled. Scripts located in directories which are...

seebug.org•added 2014/07/01 12:0 a.m.•29 views

Apache suEXEC Privilege Elevation / Information Disclosure

No description provided by source. Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI ...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Computer Software Manufaktur Alibaba 2.0 Piped Command Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine...

seebug.org•added 2014/07/01 12:0 a.m.•9 views

BizDesign ImageFolio 2.x/3.0.1 nph-build.cgi XSS

No description provided by source. source: http://www.securityfocus.com/bid/6265/info Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio. As a result, it ...

seebug.org•added 2014/07/01 12:0 a.m.•36 views

CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at th...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

BizDesign ImageFolio 2.x/3.0.1 imageFolio.cgi direct Parameter XSS

seebug.org•added 2014/07/01 12:0 a.m.•10 views

D-Link WBR-1310 Authentication Bypass Vulnerability

No description provided by source. Exploit Title: D-Link WBR-1310 Authentication Bypass Vulnerability Shodan Dork: Embedded HTTP Server 2.00 Date: 22-Dec-2010 Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dlink.com/products/?pid=474 Version: 2.00 Tested on: WBR-1301, firmware versio...

seebug.org•added 2014/07/01 12:0 a.m.•16 views

Power Up HTML 0.8033 beta Directory Traversal Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts. A vulnerability exists in Power Up HT...

Exploit DB•added 2014/06/27 12:0 a.m.•135 views

Python CGIHTTPServer - Encoded Directory Traversal

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

9.8CVSS7AI score0.07232EPSS

Packet Storm•added 2014/06/27 12:0 a.m.•164 views

Python CGIHTTPServer File Disclosure / Code Execution

7.9AI score0.07232EPSS