Apache 2.4.7 mod_status - Scoreboard Handling Race Condition

Apache 2.4.7 modstatus - Scoreboard Handling Race Condition -- 0. Sparse summary Race condition between updating httpd's "scoreboard" and modstatus, leading to several critical scenarios like heap buffer overflow with user supplied payload and leaking heap which can leak critical memory containin...

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition

-- 0. Sparse summary Race condition between updating httpd's "scoreboard" and modstatus, leading to several critical scenarios like heap buffer overflow with user supplied payload and leaking heap which can leak critical memory containing htaccess credentials, ssl certificates private keys and so...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.30-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues. For more information, see:...

RHEL 5 / 6 : JBoss EAP (RHSA-2014:0826)

Updated httpd packages that fix two security issues are now available for Red Hat JBoss Enterprise Application Platform 6.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2 httpd security update

An update for the Apache HTTP Server packages for Red Hat JBoss Enterprise Application Platform 6.2 that fixes two security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2 httpd security update

Updated httpd packages that fix two security issues are now available for Red Hat JBoss Enterprise Application Platform 6.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

Surfboard httpd 1.1.9 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents...

AN HTTPD 1.42 Arbitrary Log Content Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in...

AWStats 5.7 - 6.2 - Multiple Remote Exploit

No description provided by source. / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...

Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow

No description provided by source. Exploit Title: Ultra Mini HTTPD stack buffer overflow POST request Date: 16 Feb 2014 Exploit Author: Sumit Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on: Windows XP Professiona...

AN HTTPD 1.x Count.pl Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7397/info AN HTTPd contains a sample script named count.pl that may be used as a web counter. This script does not perform adequate access validation on paths containing directory traversal ../ character seqences. The...

AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a...

CodeBlue 5.1 SMTP Response Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5300/info CodeBlue is an Apache httpd log scanning utility that attempts to contact the administrators of hosts infected with worms. A buffer overflow vulnerability has been reported in CodeBlue. The condition occurs when...

textcounter.pl 1.2 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered...

D-Link DWL-G700AP 2.00/2.01 HTTPD Denial of Service Vulnerability

D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can exploit this issue to crash the affected webserver, effectively denying service to legitimate users. The affected...

Ultra Mini HTTPD 1.21 - Stack Buffer Overflow

No description provided by source. Exploit Title: Ultra Mini HTTPD stack buffer overflow Date: 10 July 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on...

Rosiello Security Sphiro HTTPD 0.1 B Remote Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10249/info It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input ...

Aprox CMS Engine 5 (1.0.4) - Local File Inclusion Vulnerability

No description provided by source. 01010111 01001001 01010010 01000101 01000100 01010011 - 01000101 01000011 01010101 01010010 01001001 01010100 - 01011001 ADVISORY: APROX CMS ENGINE V5.1.0.4 LOCAL FILE INCLUSION LFI || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION |...

Mephistoles HTTPD 0.6 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9470/info Mephistoles 'httpd' daemon fails to sanitize user-supplied input, making it vulnerable to cross-site scripting attacks. This vulnerability allows an attacker to construct a malicious link containing HTML or scri...

AN-HTTPd 1.2 b CGI Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data...