Denial Of Service (DoS)

Red Hat JBoss Web Server is vulnerable to denial of service. A buffer over-read flaw was found in the httpd modlogconfig module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie...

Amazon Linux AMI : httpd (ALAS-2014-331)

It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV request that would...

httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 httpd security and bug fix update

An update for the Apache HTTP Server component of Red Hat JBoss Web Server 2.0.1 that fixes two security issues and one bug is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 5 and 6, Solaris, and Microsoft Windows. The Red Hat Security Response Team has rated this...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20140403)

It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV request that would...

FreeBSD : apache -- several vulnerabilities (91ecb546-b1e6-11e3-980f-20cf30e32f6d)

Apache HTTP SERVER PROJECT reports : Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...

Apache Update Resolves Security Vulnerabilities

Apache has released version 2.4.9 of its ubiquitous HTTP web server HTTPD, resolving two security vulnerabilities and a number of other bugs in the process. The Apache Software Foundation is recommending HTTPD 2.4.9 over all previous versions. The first patch fixes CVE-2014-0098. It aims to...

apache -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...

Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the...

American Bankers Association Cross Site Scripting

| Title : American Bankers Associationaba.com XSS | Author : Codeine | Email : f3codeineatyahoodotcom | Site : http://infosecforums.com/ | Date : 08/09/2011 | Cat : PHPXSS | URL : http://aba.com/ American Bankers Association uses a search script provided by "xSynthesis Search". After checking no...

Billwerx RC 3.1 XSS / SQL Injection

Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context of the admin's browser. If the user...

Billwerx RC v3.1 Multiple Vulnerabilities

No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...

vBulletin XSS Injection Vulnerability

.:: vBulletin XSS Injection Vulnerability vBulletin is a powerful and widely used bulletin board system, based on PHP language and MySQL database. I discovered lately a Cross-Site Scripting issue that would allow attackers to inject maleficent codes into the pages and execute it on the clients...