CVE-2006-5216

SHTTPD

httpd cross-site scripting flaw in mod_imap

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2006-5050

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI...

CVE-2006-5050

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI...

CVE-2006-5050

CVE-2006-5050 affects BusyBox by its httpd component, enabling directory traversal through URL-encoded "%2e%2e/" sequences in the URI. The underlying issue is a path traversal vulnerability that could allow remote attackers to read arbitrary files. According to the NVD entry, this is a network-ac...

CVE-2006-5050

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI...

CentOS 3 / 4 : squirrelmail (CESA-2006:0668)

A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in...

RHEL 3 / 4 : squirrelmail (RHSA-2006:0668)

A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in...

[RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?

rfdslabs security advisory Title: OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature? RLSA02-2006 Versions: OSU/3.11alhpa, OSU/3.10a probably others Vendor: David Jones, Ohio State University http://www.ecr6.ohio-state.edu/www/doc/serverinfo.html Date: 18 May 2006...

Multiple OSU httpd security vulnerabilities

Physical path and directory content disclosure...

BusyBox 1.01 - HTTPd Directory Traversal

BusyBox 1.01 - HTTPd Directory Traversal source: https://www.securityfocus.com/bid/20067/info The httpd daemon of BusyBox is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary fil...

BusyBox 1.01 - HTTPd Directory Traversal

source: https://www.securityfocus.com/bid/20067/info The httpd daemon of BusyBox is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the...

RHEL 3 / 4 : httpd (RHSA-2006:0619)

Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...

CGI Script Source Code Disclosure Vulnerability in Apache for Windows

ADVISORY NAME: CGI Script Source Code Disclosure Vulnerability in Apache for Windows VULNERABLE SYSTEMS: The vulnerability has been verified on Apache 2.2.2 running on Microsoft Windows XP, Version 2002, Service Pack 2. FOUND BY: Susam Pal FOUND ON: 8th August, 2007 VULNERABILITY TYPE: Informatio...

Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd (SSA:2006-209-01)

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with modrewrite. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...

Apache Httpd < 2.2.3 : mod_rewrite off-by-one error

An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...

Apache Httpd < 1.3.37 : mod_rewrite off-by-one error

An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...

Apache Httpd < 2.0.59 : mod_rewrite off-by-one error

An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...

rocksmountdirty.txt

!/bin/sh rocksmountdirty.sh: Rocks release =4.1 local root exploit make sure 'mount-loop' is in your path for this to work. coded by: [email protected] http://xavsec.blogspot.com echo "Rocks Clusters =4.1 mount-loop local root exploit by [email protected] http://xavsec.blogspot.com" echo...

Rocks Clusters 4.1 - mount-loop Local Privilege Escalation

Rocks Clusters 4.1 - mount-loop Local Privilege Escalation !/bin/sh rocksmountdirty.sh: Rocks release =4.1 local root exploit make sure 'mount-loop' is in your path for this to work. coded by: [email protected] http://xavsec.blogspot.com echo "Rocks Clusters =4.1 mount-loop local root exploit b...