CVE-2014-7262

CVE-2014-7262 is a stored cross-site scripting (XSS) flaw in the Omake BBS component of the i-HTTPD web server. The flaw arises from improper processing of input character strings, enabling remote attackers to inject arbitrary script/HTML via crafted input (CWE-79). Impact is that an arbitrary sc...

CVE-2014-7260

CVE-2014-7260 affects ULTRAPOP.JP i-HTTPD's File Upload BBS, where the Server Side Includes (SSI) implementation processes directives in uploaded files. The root cause is SSI handling that allows remote attackers to execute arbitrary commands by uploading crafted files containing SSI directives. ...

CVE-2014-7261

CVE-2014-7261 affects i-HTTPD (Windows) via a flaw in processing the HTTP header that can lead to cross-site scripting (CWE-79). The connected JVN entry explicitly documents an XSS in the HTTP header handling and notes that this vulnerability is distinct from CVE-2014-7263 (directory-index render...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

JVN#89613370: i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained...

JVN#98097877: "Omake BBS" of i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use...

JVN#87910097: i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained. It is...

JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution

i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...

CVE-2014-9350

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service httpd crash via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm...

CVE-2014-9350

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service httpd crash via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm...

TP-Link TL-WR740N - Denial of Service

TP-Link TL-WR740N - Denial of Service TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.17.0 Build 140520 Rel.75075n Released: 5/20/2014 - Firmware version: 3.16.6...

TP-Link TL-WR740N - Denial of Service

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.17.0 Build 140520 Rel.75075n Released: 5/20/2014 - Firmware version: 3.16.6 Build 130529 Rel.47286n Released:...

TP-Link TL-WR740N Denial Of Service

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.17.0 Build 140520 Rel.75075n Released: 5/20/2014 - Firmware version: 3.16.6 Build 130529 Rel.47286n Released:...

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service

Exploit for hardware platform in category dos / poc TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.17.0 Build 140520 Rel.75075n Released: 5/20/2014 - Firmware...

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service

Summary The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price...

RHEL 5 : php53 (RHSA-2013:1062)

Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)

A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while processing crafted HTTP requests by modproxyajp when used with modproxybalancer. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP...

Scientific Linux Security Update : php on SL5.x i386/x86_64 (20141106)

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. CVE-2014-3670 A stack-based buff...

Apache Httpd < 2.4.12 : mod_lua multiple "Require" directive handling is broken

Fix handling of the Require line in modlua when a LuaAuthzProvider is used in multiple Require directives with different arguments. This could lead to different authentication rules than expected...

RHEL 5 / 6 : httpd (RHSA-2012:0542)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0542 advisory. The Apache HTTP Server httpd is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server di...