mod-gnutls 'gnutls_hooks.c' security bypass vulnerability

modgnutls is an extension to the GnuTLS library used by Apache for httpd to provide HTTPS. A security bypass vulnerability exists in mod-gnutls 'gnutlshooks.c' that allows attackers to bypass certain security restrictions and perform unauthorized operations...

Amazon Linux AMI : httpd24 (ALAS-2015-483)

modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...

Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150210)

A NULL pointer dereference flaw was found in the way the moddavsvn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash moddavsvn. CVE-2014-3580 It was discovered that Subversion clients retrieved cached authentication credential...

mini-httpd Information Disclosure Vulnerability

mini-httpd is a small HTTP server developed by ACME Labs that supports basic authentication, common MIME types and directory listings. A security vulnerability exists in minihttpd version 1.21 and earlier. A remote attacker can exploit this vulnerability by sending HTTP requests with extra-long...

Scientific Linux Security Update : subversion on SL7.x x86_64 (20150210)

A NULL pointer dereference flaw was found in the way the moddavsvn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash moddavsvn. CVE-2014-3580 A NULL pointer dereference flaw was found in the way the moddavsvn module handled...

CentOS 6 : subversion (CESA-2015:0165)

Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

RHEL 6 : subversion (RHSA-2015:0165)

Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

RedHat Update for subversion RHSA-2015:0165-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

PT-2015-5344 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: mini httpd versions 1.21 and earlier Description: The issue allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string. This occurs because the long protocol string triggers an...

CVE-2015-1444

Multiple cross-site scripting XSS vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the 1 conntrack.cgi, 2 index.cgi, 3 logsyslog.cgi, 4 problems.cgi, 5...

CVE-2015-1444

The CVE-2015-1444 entry describes multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend (httpd) of fli4l. Affected are versions before 3.10.1 and 4.0 before 2015-01-30, where the following admin scripts are vulnerable: conntrack.cgi, index.cgi, log_syslog.cgi, pro...

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...

Internet Bug Bounty: mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

Windows-Light-HTTPD-0.1

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. import urllib2 from time import sleep def targURL: while True: URL = rawinput"\n Please enter the URL of the Light HTTP server you would like to PWN. Ex. http://192.168.1.1\n\n...

Ultra-Mini-HTTPD-1.21---POST

Exploit Title: Ultra Mini HTTPD stack buffer overflow POST request Date: 16 Feb 2014 Exploit Author: Sumit Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on: Windows XP Professional SP3 A buffer overflow is triggere...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the 1 PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or 2 COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi...

CVE-2011-5284

CVE-2011-5284 describes a Cross-site Request Forgery vulnerability in Smoothwall Express 3.1 and 3.0 SP3 and earlier, specifically in the web management interface’s httpd/cgi-bin/shutdown.cgi. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform reboo...

SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: SmoothWall 3.1 Multiple vulnerabilities Date: 21/12/2014 Author: Yann CAM @ Synetis Vendor or Software Link: www.smoothwall.org - www.smoothwall.org/download/ Version: 3.1 Category: CSRF password reset & XSS persistent Google dork: Tested on: Smoothwall Linux distribution Smoothwal...