85 matches found
BSA-2017-501
Security Advisory ID : BSA-2017-501 Component : Apache HTTPD Revision : 2.0: Final In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...
DEBIAN-CVE-2012-2760
modauthopenid before 0.7 for Apache uses world-readable permissions for /tmp/modauthopenid.db, which allows local users to obtain session ids...
DEBIAN-CVE-2011-2688
SQL injection vulnerability in mysql/mysql-auth.pl in the modauthnzexternal module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field...
mod_auth_mysql: character encoding SQL injection flaw
SQL injection vulnerability in modauthmysql.c in the mod-auth-mysql aka libapache2-mod-auth-mysql module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ backslash as part of the character encoding, allows remote attackers to execute arbitrary SQL...
DEBIAN-CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...