Astra Linux - уязвимость в modsecurity-apache

ModSecurity is an open-source, cross-platform web application firewall WAF engine for Apache, IIS, and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which can lead to various issues depending on the HTTP scenario. For example, we have demonstrated...

Unity Linux 20.1070e Security Update: mod_security (UTSA-2025-993316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993316 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override t...

EUVD-2020-3969

Malware in sbrugna...

OESA-2025-2062 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

OESA-2025-2015 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

OESA-2025-2012 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

SUSE CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

AZL-66087 CVE-2025-54571 affecting package mod_security 2.9.7-8

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

DEBIAN-CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity 2.9.11 and earlier versions, which stems from a Content-Type that can override the HTTP response, potentially leading to cross-site...

CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure

!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

Shopify: H1514 Deanonymizing Exchange Marketplace private listings

Summary: Exchange Marketplace allows Shop owners to sell their business in a easy way. When placing the shop in the listings, the owner has the option to place their store as a private listing - where only stats will be displayed, and no information about the actual Shop, domain name or shop owne...

Xerver 4.17 Single Dot File Request Source Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose t...

Rit Research Labs TinyWeb 1.9.2 Unauthorized Script Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will all...

(CGIHTTPServer): CGI script source code disclosure

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

RHEL 4 : python (RHSA-2011:0491)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0491 advisory. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries whe...

NaviCOPA Web Server 3.0.1 - Remote Buffer Overflow / Script Source Disclosure

NaviCopa webserver 3.0.1 Multiple Vulnerabilities By: e.wiZz! Bosnian Idiot FTW! Mail: [email protected] Greetz goes to GYEZyou know who you are lol In the wild... Vendor site: http://www.navicopa.com/ Platforms: Windows OS only Info: Award Winning NaviCOPA is ideal for business users who require...

WebMod多个远程安全漏洞

BUGTRAQ ID: 29031 WebMod是开放源码的MetaMod插件，可用作CS游戏的web服务器。 WebMod插件中存在多个安全漏洞，可能允许远程攻击者执行目录遍历攻击、触发缓冲区溢出或读取敏感信息。 ---------------------- A 目录遍历 ----------------------...