CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

Null pointer dereference

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

CVE-2014-8108

The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...

CVE-2014-3580

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

CVE-2014-3580

CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

UBUNTU-CVE-2014-3580

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

FreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d)

Subversion Project reports : Subversion's moddavsvn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's moddavsvn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We...

subversion -- DoS vulnerabilities

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's moddavsvn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We...

CVE-2014-7262

Cross-site scripting XSS vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string...

Cross site scripting

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263...

Cross site scripting

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

Cross site scripting

Cross-site scripting XSS vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string...

CVE-2014-7260

The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...

CVE-2014-7260

The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...

CVE-2014-7262

Cross-site scripting XSS vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string...

CVE-2014-7263

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

CVE-2014-7263

CVE-2014-7263 : i-HTTPD (Windows) contains a flaw in processing HTTP headers that enables cross‑site scripting via a crafted header. The vulnerability allows a remote attacker to induce arbitrary script execution in a user’s browser. The JVN entry notes this is a separate issue from CVE-2014-7261...

CVE-2014-7260

CVE-2014-7260 affects ULTRAPOP.JP i-HTTPD's File Upload BBS, where the Server Side Includes (SSI) implementation processes directives in uploaded files. The root cause is SSI handling that allows remote attackers to execute arbitrary commands by uploading crafted files containing SSI directives. ...