CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults...

Zeroboard File Upload & extension bypass Vulnerability

Zeroboard File Upload & extension bypass Vulnerability Author : Choi Min-sung mins at wins21.com Product : Zeroboard http://www.nzeo.com Verndor-Patches : Unpatched Impact : remote code execution Summary ======= Basically, the PHP, HTML, and CGI files are prohibited to upload in Zeroboard. But...

CVE-2005-3630

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives...

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...

CVE-2005-3630

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives...

PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability

A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...

MacOS X Finder reveals contents of Apache Web directories

MacOS X creates a hidden file, '.DSStore' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website. OpenVAS Vulnerability Test $Id: osXapachefinder.nasl 8023...

Oracle 9iAS Dynamic Monitoring Services

In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted. OpenVAS Vulnerability Test $Id: oracle9iapachedms.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS Dynamic Monitoring...

PHP.EXE / Apache HTTP Server Win32 Arbitrary File Reading Vulnerability - Active Check

A configuration vulnerability exists for PHP.EXE cgi running on Apache HTTP Server for Win32 platforms. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2002-1635

The CVE-2002-1635 entry concerns Oracle 9i Application Server (9iAS) where the Apache httpd.conf uses a Location alias for /perl instead of a ScriptAlias. This misconfiguration enables a remote attacker to read the source code of arbitrary CGI files via a URL that targets /perl rather than /cgi-b...

SUSE-SA:2004:032: apache2

The remote host is missing the patch for the advisory SUSE-SA:2004:032 apache2. The Apache daemon is running on most of the web-servers used in the Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency SITIC have found a bug i...

Apache mod_ssl 2.0.x - Remote Denial of Service

source: https://www.securityfocus.com/bid/11154/info Apache 2.x modssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'charbufferread' function of the...