5335 matches found
FreeBSD-SA-24:06.ktrace
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:06.ktrace Security Advisory The FreeBSD Project Topic: ktrace2 fails to detach when executing a setuid binary Category: core Module: ktrace Announced:...
FreeBSD-SA-24:07.nfsclient
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:07.nfsclient Security Advisory The FreeBSD Project Topic: NFS client accepts file names containing path separators Category: core Module: NFS client...
K000140579: Apache vulnerability CVE-2024-39884
Security Advisory Description A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of...
Blog Site 1.0 SQL Injection
============================================================================================================================================= | Title : Blog Site 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Leads Manager Tool SQL Injection / Cross Site Scripting
x========================================================================================================================================x | Title : Leads Manager Tool SQL & XSSstored Vulnerabilities | Software : Leads Manager Tool Using PHP and MySQL with Source Code | Create By :...
PT-2024-07: Reading arbitrary files via API inĀ PTĀ ApplicationĀ Inspector (PTĀ AI)
The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to read source code files of other user's projects. The vulnerability can be exploited for privilege escalation...
Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)
Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...
CBL Mariner 2.0 Security Update: httpd (CVE-2024-40725)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40725 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy...
Apache HTTP Server: source code disclosure with handlers configured via AddType
...
The vulnerability in the web-based client of IBM Datacap Navigator software for document collection and processing involves security flaws in the source code of IBM Datacap, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Datacap Navigator web client software for document collection and processing involves deficiencies in the security protection of operational data in the source code. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access t...
Apache HTTP Server Information Disclosure Vulnerability (CNVD-2024-33815)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause source code...
Updated apache packages fix security vulnerabilities
CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...
MGASA-2024-0272 Updated apache packages fix security vulnerabilities
CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...
CBL Mariner 2.0 Security Update: httpd (CVE-2024-39884)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39884 advisory. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based...
Vulnerabilities fixed in Apache HTTP Server
Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...
CVE-2024-39884
...
CVE-2024-40725
A flaw was found in httpd. The fix for CVE-2024-39884 ignores some uses of the legacy content-type based configuration of handlers. "AddType" and similar configurations, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
USN-6902-1: Apache HTTP Server vulnerability
It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code...
USN-6902-1 apache2 vulnerability
It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code...
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...