SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1961-1)

This update for apache2 fixes the following issues: Security issue fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.co...

Apache Httpd < 2.2.35-never : Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")

When an unrecognized HTTP Method is given in an directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusu...

Juniper IDP ACM Web服务器跨站脚本漏洞

CVE ID:CVE-2013-6957 Juniper IDP解决方案是业界领先的解决方案,可帮助管理员检测、控制并报告受到各种间谍软件应用威胁的系统。 Juniper IDP没有正确过滤提交给ACM WEB服务器的输入，允许远程攻击者利用漏洞进行跨站脚本攻击，可构建恶意URI，诱使用户解析，可获取敏感信息或者劫持用户会话。 0 Juniper IDP75 Juniper IDP250 Juniper IDP800 Juniper IDP8200 5.1 厂商补丁： Juniper ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

FreeBSD : bugzilla -- multiple vulnerabilities (6ad18fe5-f469-11e1-920d-20cf30e32f6d)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDA...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...

rgmanager security, bug fix, and enhancement update

2.0.52-21 - rgmanager: Fix bad passing of SFLFAILURE up fixbadpassingofsflfailureup.patch Resolves: rhbz711521 2.0.52-20 - resource-agents: Improve LDLIBRARYPATH handling by SAP resourceagentsimproveldlibrarypathhandlingbysap.patch Resolves: rhbz710637 2.0.52-19 - Fix changelog format - rgmanager...

PHP <5.2.5 httpd.conf保护机制绕过安全漏洞

No description provided by source...

MultiCMS Local File Inclusion

=============================wwwdotWhiteponnydotcom============================= Date: 29/01/2011 Author: R3VANBASTARD Exploit Title: MultiCMS File Inclusion Vulnerbility Vendor: http://www.multicms.net Status: FIXED Tested on: Windows 7 Dork: "Redakcní systém MultiCMS" Mail:...

MultiCMS - Local File Inclusion

Source: http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt =============================wwwdotWhiteponnydotcom============================= Date: 29/01/2011 Author: R3VANBASTARD Exploit Title: MultiCMS File Inclusion Vulnerbility Vendor: http://www.multicms.net Status: FIXED Test...

Unrestricted file upload

PHP 5 before 5.2.7 does not enforce the errorlog safemode restrictions when safemode is enabled through a phpadminflag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "phpvalue errorlog" entry in a .htaccess file...

CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the errorlog safemode restrictions when safemode is enabled through a phpadminflag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "phpvalue errorlog" entry in a .htaccess file...

PHP 5.2.6 (error_log) safe_mode Bypass Vulnerability

No description provided by source. SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affected Software...

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

SOL4207 - Buffer overflow in mod_include - CAN-2004-0940

The version of modinclude used in BIG-IP and 3-DNS versions prior to 4.5.12 and 4.6.3 is vulnerable, but it is not enabled by default and is not enabled by using any BIG-IP or 3-DNS features. To enable modinclude, you must modify the httpd.conf file and then install HTML pages that use modinclude...

Mandrake Linux Security Advisory : php (MDKSA-2006:185)

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults. CVE-2006-4625 A race condition in the symlink functi...

CVE-2006-6472

The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors...

CVE-2006-6472

The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors...

CVE-2006-6472

The CVE-2006-6472 entry relates to the httpd.conf configuration in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000, where port 443 is configured to be always active. This describes a configuration issue with unknown impact and rem...

CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults...