109 matches found
PHP-Fusion: source code security analysis report
Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...
IP.Gallery 4.2.x and 5.0.x Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: IP.Gallery 4.2.x and 5.0.x persistent XSS vulnerability image title is vulnerable to persistent XSS vulnerability which allow any normal member to hack any administrator account or any other member account. we contacted the vend...
openSUSE: Security Advisory for apache2 (openSUSE-SU-2012:0314-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. CVE-2009-0352, CVE-2009-0353 A flaw was found in the way malformed content was...
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2009-0352, CVE-2009-0353, CVE-2009-0356 Several flaws were found in the way malformed...
GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201206-25 Apache HTTP Server: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain...
Apache HTTP Server: Multiple vulnerabilities
Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain sensitive information, gain...
httpd: cookie exposure due to error responses
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
apache2: fixed various security bugs (important)
This update of apache2 fixes regressions and several security problems: bnc728876, fix graceful reload bnc741243, CVE-2012-0031: Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc743743, CVE-2012-0053: Fixed an issue in...
RedHat Update for httpd RHSA-2012:0323-01
Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2012:0323-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
httpd: cookie exposure due to error responses
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
USN-1368-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. CVE-2011-3607 Prutha Parikh discovered that the modproxy module did not properly intera...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2012:0128 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...
httpd: cookie exposure due to error responses
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
Debian DSA-2405-1 : apache2 - multiple issues
Several vulnerabilities have been found in the Apache HTTPD Server : - CVE-2011-3607 : An integer overflow in appregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 : The Apache HTTP Server di...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
Design/Logic Flaw
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...