CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

CVE-2024-40725

CVE-2024-40725 affects Apache HTTP Server core (httpd) and arises from a partial fix for CVE-2024-39884 in 2.4.61 that can leak local content when legacy content-type based configuration (AddType and similar) is used, potentially serving PHP scripts as source code under indirect requests. The iss...

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause source code...

FreeBSD : Apache httpd -- Source code disclosure with handlers configured via AddType (088b8b7d-446c-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 088b8b7d-446c-11ef-b611-84a93843eb75 advisory. The Apache httpd project reports: source code disclosure with handlers configured via AddType...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server vulnerability (USN-6902-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6902-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibl...

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

Apache httpd -- Source code disclosure with handlers configured via AddType

The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...

Apache 2.4.60 < 2.4.62 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.62 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

PT-2024-28825 · Unknown · Online Clinic Management System In Php With Free Source Code

Name of the Vulnerable Software and Affected Versions: Online Clinic Management System In PHP With Free Source code version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the user parameter at the "login.php" API endpoint...

CVE-2024-40393

Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php...

CVE-2024-39729

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

CVE-2024-39729

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

CVE-2024-39729

Summary (CVE-2024-39729): IBM Datacap Navigator 9.1.5–9.1.9 is affected by an information-disclosure vulnerability enabling an authenticated user to read sensitive data from the source code. Affected products/versions: Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. Red Hat and other sources...

CVE-2024-39729 IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

IBM Datacap Navigator 安全漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A security vulnerability exists in IBM Datacap Navigator, which can be exploited by attackers to obtain sensitive information from the source code...

PT-2024-5095 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue is related to insufficient protection of service data in the source code, allowing an authenticated user to obtain sensitive information that could be used in further...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

DolibabyPhp An authenticated RCE exploit for Dolibarr ERP/CRM...