SOL17317 - Apache HTTP server vulnerability CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

Null pointer dereference

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

CVE-2015-0253

CVE-2015-0253 affects the Apache HTTP Server 2.4.12. The vulnerability arises in the read_request_line function within server/protocol.c, where the protocol structure member is not initialized. This can enable a remote attacker to trigger a denial-of-service via a NULL pointer dereference and cra...

Apache ErrorDocument 400 Points to Denial of Service Vulnerability

Apache is an open source HTTPD service program. A security vulnerability exists in Apache that allows a remote user to crash an application via ErrorDocument 400 pointing to a local URL path containing an active INCLUDES filter, resulting in a denial-of-service attack...

apache: multiple issues

CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...

DEBIAN-CVE-2015-4050

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...

CVE-2015-1518

SQL injection vulnerability in the searchpost function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the searchterms parameter...

Sql injection

SQL injection vulnerability in the searchpost function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the searchterms parameter...

UBUNTU-CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...

Path traversal

The Joomlaskin JS Multi Hotel aka JS MultiHotel and Js-Multi-Hotel plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to 1 functions.php, 2 myCalendar.php, 3 refreshDate.php, 4 showimage.php, 5 widget.php, 6 phpthumb/GdThumb.inc.php, or 7...

Multiple SQL Injection Vulnerabilities in Redaxscript 'includes/password.php'

RedAxScript is a free content management system. Multiple SQL injection vulnerabilities exist in Redaxscript version 0.3.2 includes/password.php. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands by passing the id or password parameter to the passwordreset program...

FreeBSD : wordpress -- multiple vulnerabilities (5e135178-8aeb-11e4-801f-0022156e8794)

MITRE reports : wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5,...

Design/Logic Flaw

The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...

CVE-2014-7260

The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...

CVE-2014-7260

The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...

JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution

i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...