443 matches found
CVE-2004-0923
CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...
security flaw
CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...
Mandrake Linux Security Advisory : cups (MDKSA-2004:116)
Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte ...
CVE-2003-0020
CVE-2003-0020 concerns Apache HTTP Server: the product does not filter terminal escape sequences from error logs, enabling potential insertion of escape sequences into terminal emulators vulnerable to such sequences. Connected documents show multiple related CVEs affecting different Apache branch...
PHP 3.0.x < 3.0.17 / 4.0.x < 4.0.3 Error Log Command Injection
Binary data 1480.prm...
Apache < 1.3.31 / 2.0.49 Error Log Escape Sequence Injection
Binary data 1221.prm...
Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)
Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its...
GLSA200403-04 Multiple security vulnerabilities in Apache 2
Gentoo Linux Security Advisory GLSA 200403-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Multiple security vulnerabilities in Apache 2
Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description Thre...
Moderate: Red Hat Security Advisory: apache security update
Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl which can...
Moderate: Red Hat Security Advisory: : Updated Apache and mod_ssl packages fix security vulnerabilities
Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Linux 7.1, 7.2, and 7.3. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl whi...
CVE-2003-0521
Cross-site scripting XSS vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the 1 Error Log or 2 Latest Visitors screens...
CVE-2003-0521
CVE-2003-0521 is a documented XSS vulnerability in cPanel 6.4.2 where a URL containing script is logged and displayed in the Error Log or Latest Visitors screens, enabling remote attackers to inject arbitrary HTML and potentially gain privileges. The CVSS vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) yield...
Low: Red Hat Security Advisory: apache security update for Stronghold
Updated Apache packages are available which fix a security issue by preventing control characters from being written to the error log. The updated packages also include a minor bug fix for modproxy. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. T...
CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold
Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...
Security fix for the ALT Linux 9 package apache2 version 2.0.40-21
Feb. 24, 2003 Joe Orton &[email protected] 2.0.40-21 - add security fix for CAN-2003-0020; replace non-printable characters with '!' when printing to error log. - disable debuginfo on IA64...
CVE-2002-1154
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service disk consumption by using the command to report updates more frequently and fill the web server error log...
Apache Httpd < 2.0.36 : Warning messages could be displayed to users
In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...