5772 matches found
Apache HTTPD suEXEC本地特权提升漏洞
Apache HTTP server是一款流行的WEB服务程序。 Apache HTTP server包含的suexec应用程序存在设计问题,本地攻击者可以利用漏洞提升特权。 问题一是路径检查竞争条件漏洞 在获得当前目录和更改目录中存在竞争条件问题。另一个存在于更改目录和检查目录是否为链接也存在竞争条件问题。目录结构在这些操作中更换,会导致可以在攻击者选择的任意目录中执行lstat。通过使用符号链接或重命名父目录来利用。第三个竞争条件存在于最后符号链接检查和执行目标两进制程序中。 问题二是路径检查错误 suexec工具使用strncmp检查是否当前目录是DOCU...
CVE-2007-1743
CVE-2007-1743 affects Apache HTTP Server (httpd) with the suexec module. The issue is that suexec (in httpd 2.2.3) does not verify combinations of user and group IDs on the command line, which might allow a local user to leverage other vulnerabilities to create arbitrary UID/GID–owned files if /p...
iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities
Apache HTTPD suEXEC Multiple Vulnerabilities iDefense Security Advisory 04.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 11, 2007 I. BACKGROUND The suexec binary is a helper application which is part of the Apache HTTP server package. It is designed to allow a script to run wit...
RHEL 3 / 4 : squirrelmail (RHSA-2007:0022)
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML...
CentOS 3 / 4 : squirrelmail (CESA-2007:0022)
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML...
squirrelmail security update
CentOS Errata and Security Advisory CESA-2007:0022 A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An...
Moderate: Red Hat Security Advisory: squirrelmail security update
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML...
Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)
This update fixes a security issue in the modrewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the modrewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out o...
Apache Httpd < 2.2.6 : mod_proxy crash
A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...
Low: Red Hat Security Advisory: mod_auth_kerb security update
Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...
MattWrighttextcounter.pl远程执行命令漏洞
textcounter.pl是一个由Matt Wright编写的基于Web的记数器脚本,使用比较广泛。 某些早期版本的textcounter.pl脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以httpd进程的权限在主机上执行任意系统命令。问题在于程序脚本没有过滤用户输入中包含的一些特殊字符,远程攻击者可以向$DOCUMENTURI环境变量注入指定的值,脚本在处理的时候就会以Web守护程序的权限(root或nobody)在主机上执行攻击者指定的任意命令。 Matt Wright TextCounter1.2...
Moderate httpd security update
2.0.52-28.1 - changed index.html to oracleindex.html 2.0.52-28.ent - add security fix for Expect header XSS CVE-2006-3918, 200732...
Apache mod_tcl module contains a format string error
Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...
Apache Httpd < 2.0.61 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 2.2.6 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 1.3.39 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Debian DSA-935-1 : libapache2-mod-auth-pgsql - format string vulnerability
iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Apache Win32 Chunked Encoding
This module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apach...
CVE-2006-5216
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD shttpd 1.34 allows remote attackers to execute arbitrary code via a long URI...
CVE-2006-5216
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD shttpd 1.34 allows remote attackers to execute arbitrary code via a long URI...