· 6 years ago · Nov 10, 2019, 07:07 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname www.wckkkk.org ISP Total Server Solutions L.L.C.
4Continent North America Flag
5US
6Country United States Country Code US
7Region Georgia Local time 09 Nov 2019 23:39 EST
8City Atlanta Postal Code 30303
9IP Address 107.152.98.18 Latitude 33.755
10 Longitude -84.389
11======================================================================================================================================
12######################################################################################################################################
13> www.wckkkk.org
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.wckkkk.org
19Address: 107.152.98.18
20>
21######################################################################################################################################
22Domain Name: WCKKKK.ORG
23Registry Domain ID: D104298015-LROR
24Registrar WHOIS Server: whois.godaddy.com
25Registrar URL: http://www.whois.godaddy.com
26Updated Date: 2019-04-08T14:49:04Z
27Creation Date: 2004-05-02T22:04:46Z
28Registry Expiry Date: 2020-05-02T22:04:46Z
29Registrar Registration Expiration Date:
30Registrar: GoDaddy.com, LLC
31Registrar IANA ID: 146
32Registrar Abuse Contact Email: abuse@godaddy.com
33Registrar Abuse Contact Phone: +1.4806242505
34Reseller:
35Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
36Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
37Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
38Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
39Registrant Organization: Domains By Proxy, LLC
40Registrant State/Province: Arizona
41Registrant Country: US
42Name Server: NS5.FLOOGY.COM
43Name Server: NS6.FLOOGY.COM
44DNSSEC: unsigned
45######################################################################################################################################
46[+] Target : www.wckkkk.org
47
48[+] IP Address : 107.152.98.18
49
50[+] Headers :
51
52[+] Date : Sun, 10 Nov 2019 04:43:33 GMT
53[+] Server : Apache
54[+] Last-Modified : Sat, 14 Feb 2015 05:32:04 GMT
55[+] ETag : "7a1af7-15ca-50f05ac607f09"
56[+] Accept-Ranges : bytes
57[+] Content-Length : 5578
58[+] X-Powered-By : PleskLin
59[+] Keep-Alive : timeout=10, max=10000
60[+] Connection : Keep-Alive
61[+] Content-Type : text/html
62
63[+] SSL Certificate Information :
64
65[+] countryName : US
66[+] stateOrProvinceName : Virginia
67[+] localityName : Herndon
68[+] organizationName : Parallels
69[+] organizationalUnitName : Parallels Panel
70[+] commonName : Parallels Panel
71[+] emailAddress : info@parallels.com
72[+] countryName : US
73[+] stateOrProvinceName : Virginia
74[+] localityName : Herndon
75[+] organizationName : Parallels
76[+] organizationalUnitName : Parallels Panel
77[+] commonName : Parallels Panel
78[+] emailAddress : info@parallels.com
79[+] Version : 1
80[+] Serial Number : 52DFACDA
81[+] Not Before : Jan 22 11:34:50 2014 GMT
82[+] Not After : Jan 22 11:34:50 2015 GMT
83
84[+] Whois Lookup :
85
86[+] NIR : None
87[+] ASN Registry : arin
88[+] ASN : 46562
89[+] ASN CIDR : 107.152.98.0/24
90[+] ASN Country Code : US
91[+] ASN Date : 2013-12-18
92[+] ASN Description : TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US
93[+] cidr : 107.152.96.0/20
94[+] name : TOTAL-SERVER-SOLUTIONS
95[+] handle : NET-107-152-96-0-1
96[+] range : 107.152.96.0 - 107.152.111.255
97[+] description : Total Server Solutions L.L.C.
98[+] country : US
99[+] state : GA
100[+] city : Atlanta
101[+] address : 34 Peachtree ST
102Suite 400
103[+] postal_code : 30303
104[+] emails : ['abuse@totalserversolutions.com', 'noc@totalserversolutions.com']
105[+] created : 2013-12-18
106[+] updated : 2015-03-19
107
108[+] Crawling Target...
109
110[+] Looking for robots.txt........[ Not Found ]
111[+] Looking for sitemap.xml.......[ Not Found ]
112[+] Extracting CSS Links..........[ 0 ]
113[+] Extracting Javascript Links...[ 0 ]
114[+] Extracting Internal Links.....[ 0 ]
115[+] Extracting External Links.....[ 1 ]
116[+] Extracting Images.............[ 6 ]
117
118[+] Total Links Extracted : 7
119
120[+] Dumping Links in /opt/FinalRecon/dumps/www.wckkkk.org.dump
121[+] Completed!
122######################################################################################################################################
123[+] Starting At 2019-11-09 23:43:44.004953
124[+] Collecting Information On: http://www.wckkkk.org/
125[#] Status: 200
126--------------------------------------------------
127[#] Web Server Detected: Apache
128[#] X-Powered-By: PleskLin
129[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
130- Date: Sun, 10 Nov 2019 04:43:44 GMT
131- Server: Apache
132- Last-Modified: Sat, 14 Feb 2015 05:32:04 GMT
133- ETag: "7a1af7-15ca-50f05ac607f09"
134- Accept-Ranges: bytes
135- Content-Length: 5578
136- X-Powered-By: PleskLin
137- Keep-Alive: timeout=10, max=10000
138- Connection: Keep-Alive
139- Content-Type: text/html
140--------------------------------------------------
141[#] Finding Location..!
142[#] status: success
143[#] country: United States
144[#] countryCode: US
145[#] region: CA
146[#] regionName: California
147[#] city: Los Angeles
148[#] zip: 90014
149[#] lat: 34.0484
150[#] lon: -118.255
151[#] timezone: America/Los_Angeles
152[#] isp: Total Server Solutions L.L.C.
153[#] org: Floogy
154[#] as: AS46562 Total Server Solutions L.L.C.
155[#] query: 107.152.98.18
156--------------------------------------------------
157[x] Didn't Detect WAF Presence on: http://www.wckkkk.org/
158--------------------------------------------------
159[#] Starting Reverse DNS
160[-] Failed ! Fail
161--------------------------------------------------
162[!] Scanning Open Port
163[#] 21/tcp open ftp
164[#] 53/tcp open domain
165[#] 80/tcp open http
166[#] 110/tcp open pop3
167[#] 143/tcp open imap
168[#] 443/tcp open https
169[#] 465/tcp open smtps
170[#] 587/tcp open submission
171[#] 993/tcp open imaps
172[#] 995/tcp open pop3s
173[#] 3690/tcp open svn
174[#] 8443/tcp open https-alt
175--------------------------------------------------
176[+] Collecting Information Disclosure!
177[#] Detecting sitemap.xml file
178[-] sitemap.xml file not Found!?
179[#] Detecting robots.txt file
180[-] robots.txt file not Found!?
181[#] Detecting GNU Mailman
182[-] GNU Mailman App Not Detected!?
183--------------------------------------------------
184[+] Crawling Url Parameter On: http://www.wckkkk.org/
185--------------------------------------------------
186[#] Searching Html Form !
187[-] No Html Form Found!?
188--------------------------------------------------
189[-] No DOM Paramter Found!?
190--------------------------------------------------
191[-] No internal Dynamic Parameter Found!?
192--------------------------------------------------
193[-] No external Dynamic Paramter Found!?
194--------------------------------------------------
195[!] 17 Internal links Discovered
196[+] http://www.wckkkk.org/favicon.ico
197[+] http://www.wckkkk.org//who.html
198[+] http://www.wckkkk.org//eql.html
199[+] http://www.wckkkk.org//identity.html
200[+] http://www.wckkkk.org//nature.html
201[+] http://www.wckkkk.org//event.html
202[+] http://www.wckkkk.org//info.html
203[+] http://www.wckkkk.org//picAlbum.html
204[+] http://www.wckkkk.org//contactpage.html
205[+] http://media.wckkkk.org
206[+] http://media.wckkkk.org
207[+] http://www.wckkkk.org//messenger.html
208[+] http://www.wckkkk.org/forum
209[+] http://biblestudy.wckkkk.org
210[+] http://news.wckkkk.org
211[+] http://txcommiewatch.wckkkk.org
212[+] http://www.wckkkk.org//mailto:SiteAdmin@wckkkk.org
213--------------------------------------------------
214[-] No External Link Found!?
215--------------------------------------------------
216[#] Mapping Subdomain..
217[!] Found 4 Subdomain
218- media.wckkkk.org
219- mail.wckkkk.org
220- www.wckkkk.org
221- biblestudy.wckkkk.org
222--------------------------------------------------
223[!] Done At 2019-11-09 23:44:07.478238
224######################################################################################################################################
225[i] Scanning Site: http://www.wckkkk.org
226
227
228
229B A S I C I N F O
230====================
231
232
233[+] Site Title: KKK White Camelia Knight of the Ku Klux Klan - http://www.wckkkk.org
234[+] IP address: 107.152.98.18
235[+] Web Server: Apache
236[+] CMS: Could Not Detect
237[+] Cloudflare: Not Detected
238[+] Robots File: Could NOT Find robots.txt!
239
240
241
242
243W H O I S L O O K U P
244========================
245
246 Domain Name: WCKKKK.ORG
247Registry Domain ID: D104298015-LROR
248Registrar WHOIS Server: whois.godaddy.com
249Registrar URL: http://www.whois.godaddy.com
250Updated Date: 2019-04-08T14:49:04Z
251Creation Date: 2004-05-02T22:04:46Z
252Registry Expiry Date: 2020-05-02T22:04:46Z
253Registrar Registration Expiration Date:
254Registrar: GoDaddy.com, LLC
255Registrar IANA ID: 146
256Registrar Abuse Contact Email: abuse@godaddy.com
257Registrar Abuse Contact Phone: +1.4806242505
258Reseller:
259Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
260Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
261Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
262Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
263Registrant Organization: Domains By Proxy, LLC
264Registrant State/Province: Arizona
265Registrant Country: US
266Name Server: NS5.FLOOGY.COM
267Name Server: NS6.FLOOGY.COM
268DNSSEC: unsigned
269URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
270>>> Last update of WHOIS database: 2019-11-10T04:42:45Z <<<
271
272For more information on Whois status codes, please visit https://icann.org/epp
273
274
275
276
277
278G E O I P L O O K U P
279=========================
280
281[i] IP Address: 107.152.98.18
282[i] Country: United States
283[i] State: Georgia
284[i] City: Atlanta
285[i] Latitude: 33.7553
286[i] Longitude: -84.3886
287
288
289
290
291H T T P H E A D E R S
292=======================
293
294
295[i] HTTP/1.1 200 OK
296[i] Date: Sun, 10 Nov 2019 04:43:46 GMT
297[i] Server: Apache
298[i] Last-Modified: Sat, 14 Feb 2015 05:32:04 GMT
299[i] ETag: "7a1af7-15ca-50f05ac607f09"
300[i] Accept-Ranges: bytes
301[i] Content-Length: 5578
302[i] X-Powered-By: PleskLin
303[i] Connection: close
304[i] Content-Type: text/html
305
306
307
308
309D N S L O O K U P
310===================
311
312wckkkk.org. 21599 IN MX 10 mail.wckkkk.org.
313wckkkk.org. 21599 IN TXT "v=spf1 a mx ip4:70.87.184.202 +all"
314wckkkk.org. 21599 IN SOA ns5.floogy.com. support.floogy.com. 1571254696 10800 3600 604800 10800
315wckkkk.org. 21599 IN NS ns6.floogy.com.
316wckkkk.org. 21599 IN NS ns5.floogy.com.
317wckkkk.org. 21599 IN A 107.152.98.18
318
319
320
321
322S U B N E T C A L C U L A T I O N
323====================================
324
325Address = 107.152.98.18
326Network = 107.152.98.18 / 32
327Netmask = 255.255.255.255
328Broadcast = not needed on Point-to-Point links
329Wildcard Mask = 0.0.0.0
330Hosts Bits = 0
331Max. Hosts = 1 (2^0 - 0)
332Host Range = { 107.152.98.18 - 107.152.98.18 }
333
334
335
336N M A P P O R T S C A N
337============================
338
339Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-10 04:43 UTC
340Nmap scan report for wckkkk.org (107.152.98.18)
341Host is up (0.065s latency).
342rDNS record for 107.152.98.18: tss.centralprocessingunit.com
343
344PORT STATE SERVICE
34521/tcp open ftp
34622/tcp filtered ssh
34723/tcp filtered telnet
34880/tcp open http
349110/tcp open pop3
350143/tcp open imap
351443/tcp open https
3523389/tcp filtered ms-wbt-server
353
354Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds
355
356
357
358S U B - D O M A I N F I N D E R
359==================================
360
361
362[i] Total Subdomains Found : 3
363
364[+] Subdomain: mail.wckkkk.org
365[-] IP: 107.152.98.22
366
367[+] Subdomain: www.wckkkk.org
368[-] IP: 107.152.98.18
369
370[+] Subdomain: biblestudy.wckkkk.org
371[-] IP: 107.152.98.18
372######################################################################################################################################
373
374[*] TARGET: http://www.wckkkk.org/
375[*] TARGET IP: 107.152.98.18
376[INFO] NO load balancer detected for www.wckkkk.org...
377[*] DNS servers: ns5.floogy.com.
378[*] TARGET server: Apache
379[*] CC: US
380[*] Country: United States
381[*] RegionCode: CA
382[*] RegionName: California
383[*] City: Los Angeles
384[*] ASN: AS46562
385[*] BGP_PREFIX: 107.152.98.0/24
386[*] ISP: TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US
387[INFO] DNS enumeration:
388[*] ftp.wckkkk.org 107.152.98.18
389[*] mail.wckkkk.org 107.152.98.24
390[*] news.wckkkk.org 107.152.98.18
391[*] webmail.wckkkk.org 107.152.98.18
392[INFO] Possible abuse mails are:
393[*] abuse@my-tss.com
394[*] abuse@wckkkk.org
395[*] abuse@www.wckkkk.org
396[*] fbl-spamcop@ext.godaddy.com
397[INFO] NO PAC (Proxy Auto Configuration) file FOUND
398[INFO] Starting FUZZing in http://www.wckkkk.org/FUzZzZzZzZz...
399[INFO] Status code Folders
400[*] 200 http://www.wckkkk.org/images
401[*] 200 http://www.wckkkk.org/news
402[ALERT] Look in the source code. It may contain passwords
403[INFO] Links found from http://www.wckkkk.org/ http://107.152.98.18/:
404[*] http://media.wckkkk.org/
405[*] http://www.parallels.com/intro
406[*] http://www.parallels.com/products/automation/intro
407[*] http://www.parallels.com/products/containers/intro
408[*] http://www.parallels.com/products/desktop/intro
409[*] http://www.parallels.com/products/desktop/pd4wl/intro
410[*] http://www.parallels.com/products/panel/intro
411[*] http://www.parallels.com/products/server/intro
412[*] http://www.wckkkk.org/contactpage.html
413[*] http://www.wckkkk.org/eql.html
414[*] http://www.wckkkk.org/event.html
415[*] http://www.wckkkk.org/identity.html
416[*] http://www.wckkkk.org/info.html
417[*] http://www.wckkkk.org/messenger.html
418[*] http://www.wckkkk.org/nature.html
419[*] http://www.wckkkk.org/picAlbum.html
420[*] http://www.wckkkk.org/who.html
421[INFO] GOOGLE has 2,150 results (0.23 seconds) about http://www.wckkkk.org/
422[INFO] BING shows 107.152.98.18 is shared with 73 hosts/vhosts
423[INFO] Shodan detected the following opened ports on 107.152.98.18:
424[*] 1
425[*] 110
426[*] 143
427[*] 21
428[*] 214
429[*] 25
430[*] 4
431[*] 443
432[*] 465
433[*] 53
434[*] 587
435[*] 80
436[*] 8443
437[*] 8880
438[*] 993
439[*] 995
440[INFO] ------VirusTotal SECTION------
441[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
442[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
443[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
444[INFO] ------Alexa Rank SECTION------
445[INFO] Percent of Visitors Rank in Country:
446[INFO] Percent of Search Traffic:
447[INFO] Percent of Unique Visits:
448[INFO] Total Sites Linking In:
449[*] Total Sites
450[INFO] Useful links related to www.wckkkk.org - 107.152.98.18:
451[*] https://www.virustotal.com/pt/ip-address/107.152.98.18/information/
452[*] https://www.hybrid-analysis.com/search?host=107.152.98.18
453[*] https://www.shodan.io/host/107.152.98.18
454[*] https://www.senderbase.org/lookup/?search_string=107.152.98.18
455[*] https://www.alienvault.com/open-threat-exchange/ip/107.152.98.18
456[*] http://pastebin.com/search?q=107.152.98.18
457[*] http://urlquery.net/search.php?q=107.152.98.18
458[*] http://www.alexa.com/siteinfo/www.wckkkk.org
459[*] http://www.google.com/safebrowsing/diagnostic?site=www.wckkkk.org
460[*] https://censys.io/ipv4/107.152.98.18
461[*] https://www.abuseipdb.com/check/107.152.98.18
462[*] https://urlscan.io/search/#107.152.98.18
463[*] https://github.com/search?q=107.152.98.18&type=Code
464[INFO] Useful links related to AS46562 - 107.152.98.0/24:
465[*] http://www.google.com/safebrowsing/diagnostic?site=AS:46562
466[*] https://www.senderbase.org/lookup/?search_string=107.152.98.0/24
467[*] http://bgp.he.net/AS46562
468[*] https://stat.ripe.net/AS46562
469[INFO] Date: 09/11/19 | Time: 23:44:58
470[INFO] Total time: 1 minute(s) and 12 second(s)
471######################################################################################################################################
472Trying "wckkkk.org"
473;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6255
474;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 0
475
476;; QUESTION SECTION:
477;wckkkk.org. IN ANY
478
479;; ANSWER SECTION:
480wckkkk.org. 43200 IN A 107.152.98.18
481wckkkk.org. 43200 IN SOA ns5.floogy.com. support.floogy.com. 1571254696 10800 3600 604800 10800
482wckkkk.org. 43200 IN TXT "v=spf1 a mx ip4:70.87.184.202 +all"
483wckkkk.org. 43200 IN MX 10 mail.wckkkk.org.
484wckkkk.org. 43200 IN NS ns5.floogy.com.
485wckkkk.org. 43200 IN NS ns6.floogy.com.
486
487;; AUTHORITY SECTION:
488wckkkk.org. 43200 IN NS ns5.floogy.com.
489wckkkk.org. 43200 IN NS ns6.floogy.com.
490
491Received 230 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 201 ms
492######################################################################################################################################
493; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace wckkkk.org any
494;; global options: +cmd
495. 82196 IN NS j.root-servers.net.
496. 82196 IN NS d.root-servers.net.
497. 82196 IN NS c.root-servers.net.
498. 82196 IN NS g.root-servers.net.
499. 82196 IN NS a.root-servers.net.
500. 82196 IN NS l.root-servers.net.
501. 82196 IN NS k.root-servers.net.
502. 82196 IN NS b.root-servers.net.
503. 82196 IN NS h.root-servers.net.
504. 82196 IN NS f.root-servers.net.
505. 82196 IN NS e.root-servers.net.
506. 82196 IN NS i.root-servers.net.
507. 82196 IN NS m.root-servers.net.
508. 82196 IN RRSIG NS 8 0 518400 20191122170000 20191109160000 22545 . dzydxBkNrSb0RriWKESExmaYLy2kbcOd1GmHRFZqlLL05ASP+wQJvkJR dK7Q5hqFmkpMWyd6GmqmkNPt+hByHmq8czQF8teTxhccX6jwYo2/0gG7 zNXs/t+PQRorb2tG8f4iyPD4yEU5UC+FXX+6cdg7HHpGiXVgsM735pdQ TM2bhryJKstrsDtr1ossistXIaw7AWuR3Ds93zqP1RSN7ilhv+Xt4mqP Bsd973rjIE1u2L6q+F4Cnnz3W9Ewj4CuL7tx1M9SF/g4A9/J0yvMg749 Y7sN6DRrPFepoGf6zhaCwxARriE4LQsYoU9asqfJRLb/jI5mgwPcCLo0 XT2ftQ==
509;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 167 ms
510
511org. 172800 IN NS a2.org.afilias-nst.info.
512org. 172800 IN NS c0.org.afilias-nst.info.
513org. 172800 IN NS b2.org.afilias-nst.org.
514org. 172800 IN NS b0.org.afilias-nst.org.
515org. 172800 IN NS d0.org.afilias-nst.org.
516org. 172800 IN NS a0.org.afilias-nst.info.
517org. 86400 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
518org. 86400 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5
519org. 86400 IN RRSIG DS 8 1 86400 20191122170000 20191109160000 22545 . E2I6EYH4H3w9lhgsLgc93z+Ww1PV85s4WZB02nKaC0Iq0pUjsmytY8rd /FBynDJLawO3sGleufwWLhuNQHpqLX2lTW6o3MpISYCBNQ/1sAcO0nuV NUSVSUqdslcqHps0s70WEm+wBojAn5yo/DwyUpx1hnfpqw2j+kdIQMr1 BMvu21BsBDwjA/bTvdhGgZHXN6Kdl/Xv/2au1JRXXSj8nrWyQADVJe9M e9mSPJlQIY6149D2TuJ4D0MWfr6qUIwMljuQan+1iGejvlCvwZyj5xOq jd8eB7DRIOdBiCr1wSMuvTbBydpBT4oYYBJVDBVf3vWvDrfshsSEwaCm 90oM8A==
520;; Received 812 bytes from 2001:7fe::53#53(i.root-servers.net) in 44 ms
521
522wckkkk.org. 86400 IN NS ns5.floogy.com.
523wckkkk.org. 86400 IN NS ns6.floogy.com.
524h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PAES2EQ3K44BAR1F3TIUO0J45719RJ NS SOA RRSIG DNSKEY NSEC3PARAM
525h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20191201052739 20191110042739 11324 org. CmlzKRWjVRHTMtkY9ayzG1WSQ8KcFFuZRIxSGtv85mrg4eAqaH+tREAi Cw5qtgOrajCoSYN37HuVq8yHUoWO0bg6lRjDGlcMNJx+BaNSXPkeeoRl CSh2GahlOUEAmBG1BG7wC0nEGRpGsd73lcQPG7PueCBVGVE9K3laux7W AJs=
526455o9gt8mlk8nh25vsvmfpinj0nipj8u.org. 86400 IN NSEC3 1 1 1 D399EAAB 456DTG7POVMCBD777R5E2HD7UM4NIUUG
527455o9gt8mlk8nh25vsvmfpinj0nipj8u.org. 86400 IN RRSIG NSEC3 7 2 86400 20191130152647 20191109142647 11324 org. mQ4WspHOa+darM9dqSrYAq+6K4RLWlVXcBK3Kmfl9yiCsorCKi9LR0yQ WTvz+X7C7GwYLLhWQVpITSLU1DC2WDW8I2jew5Uzv3o3Jlnh72WiWbDq 69SYseg9376MbNmYu4AfL1eN9quGNDzXU3ewt7BQhtG9hUYSJWHcznz9 dYA=
528;; Received 570 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 41 ms
529
530wckkkk.org. 86400 IN MX 10 mail.wckkkk.org.
531wckkkk.org. 86400 IN TXT "v=spf1 a mx ip4:70.87.184.202 +all"
532wckkkk.org. 86400 IN SOA ns5.floogy.com. support.floogy.com. 1571254696 10800 3600 604800 10800
533wckkkk.org. 86400 IN NS ns6.floogy.com.
534wckkkk.org. 86400 IN NS ns5.floogy.com.
535wckkkk.org. 86400 IN A 107.152.98.18
536;; Received 229 bytes from 107.152.98.58#53(ns5.floogy.com) in 318 ms
537######################################################################################################################################
538[*] Performing General Enumeration of Domain: wckkkk.org
539[-] DNSSEC is not configured for wckkkk.org
540[*] SOA ns5.floogy.com 107.152.98.58
541[*] NS ns6.floogy.com 107.152.98.16
542[*] Bind Version for 107.152.98.16 none
543[*] NS ns5.floogy.com 107.152.98.58
544[*] Bind Version for 107.152.98.58 none
545[*] MX mail.wckkkk.org 107.152.98.24
546[*] A wckkkk.org 107.152.98.18
547[*] TXT wckkkk.org v=spf1 a mx ip4:70.87.184.202 +all
548[*] Enumerating SRV Records
549[-] No SRV Records Found for wckkkk.org
550[+] 0 Records Found
551#######################################################################################################################################
552[*] Processing domain wckkkk.org
553[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
554[+] Getting nameservers
555107.152.98.16 - ns6.floogy.com
556107.152.98.58 - ns5.floogy.com
557[-] Zone transfer failed
558
559[+] TXT records found
560"v=spf1 a mx ip4:70.87.184.202 +all"
561
562[+] MX records found, added to target list
56310 mail.wckkkk.org.
564
565[*] Scanning wckkkk.org for A records
566107.152.98.18 - wckkkk.org
567107.152.98.18 - ftp.wckkkk.org
568107.152.98.24 - mail.wckkkk.org
569107.152.98.18 - media.wckkkk.org
570107.152.98.18 - news.wckkkk.org
571107.152.98.18 - webmail.wckkkk.org
572107.152.98.18 - www.wckkkk.org
573######################################################################################################################################
574 AVAILABLE PLUGINS
575 -----------------
576
577 HeartbleedPlugin
578 SessionRenegotiationPlugin
579 FallbackScsvPlugin
580 OpenSslCcsInjectionPlugin
581 CompressionPlugin
582 SessionResumptionPlugin
583 HttpHeadersPlugin
584 EarlyDataPlugin
585 CertificateInfoPlugin
586 RobotPlugin
587 OpenSslCipherSuitesPlugin
588
589
590
591 CHECKING HOST(S) AVAILABILITY
592 -----------------------------
593
594 107.152.98.18:443 => 107.152.98.18
595
596
597
598
599 SCAN RESULTS FOR 107.152.98.18:443 - 107.152.98.18
600 --------------------------------------------------
601
602 * OpenSSL Heartbleed:
603 OK - Not vulnerable to Heartbleed
604
605 * Deflate Compression:
606 OK - Compression disabled
607
608 * TLS 1.2 Session Resumption Support:
609 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
610 With TLS Tickets: OK - Supported
611
612 * TLSV1_1 Cipher Suites:
613 Forward Secrecy OK - Supported
614 RC4 OK - Not Supported
615
616 Preferred:
617 None - Server followed client cipher suite preference.
618 Accepted:
619 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
620 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
621 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
622 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
623 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
624 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
625 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
626 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
627 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
628 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
629 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
630 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
631 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
632
633 * TLSV1 Cipher Suites:
634 Forward Secrecy OK - Supported
635 RC4 OK - Not Supported
636
637 Preferred:
638 None - Server followed client cipher suite preference.
639 Accepted:
640 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
641 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
642 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
643 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
644 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
645 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
646 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
647 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
648 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
649 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
650 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
651 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
652 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
653
654 * SSLV3 Cipher Suites:
655 Server rejected all cipher suites.
656
657 * Downgrade Attacks:
658 TLS_FALLBACK_SCSV: OK - Supported
659
660 * OpenSSL CCS Injection:
661 OK - Not vulnerable to OpenSSL CCS injection
662
663 * SSLV2 Cipher Suites:
664 Server rejected all cipher suites.
665
666 * Session Renegotiation:
667 Client-initiated Renegotiation: OK - Rejected
668 Secure Renegotiation: OK - Supported
669
670 * TLSV1_3 Cipher Suites:
671 Server rejected all cipher suites.
672
673 * Certificate Information:
674 Content
675 SHA1 Fingerprint: ea0934722d898bc143466bd727f020ab2c41e8a0
676 Common Name: Parallels Panel
677 Issuer: Parallels Panel
678 Serial Number: 1390390490
679 Not Before: 2014-01-22 11:34:50
680 Not After: 2015-01-22 11:34:50
681 Signature Algorithm: sha1
682 Public Key Algorithm: RSA
683 Key Size: 2048
684 Exponent: 65537 (0x10001)
685 DNS Subject Alternative Names: []
686
687 Trust
688 Hostname Validation: FAILED - Certificate does NOT match 107.152.98.18
689 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
690 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
691 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
692 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
693 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
694 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
695 Received Chain: Parallels Panel
696 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
697 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
698 Received Chain Order: OK - Order is valid
699 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
700
701 Extensions
702 OCSP Must-Staple: NOT SUPPORTED - Extension not found
703 Certificate Transparency: NOT SUPPORTED - Extension not found
704
705 OCSP Stapling
706 NOT SUPPORTED - Server did not send back an OCSP response
707
708 * TLSV1_2 Cipher Suites:
709 Forward Secrecy OK - Supported
710 RC4 OK - Not Supported
711
712 Preferred:
713 None - Server followed client cipher suite preference.
714 Accepted:
715 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
716 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
717 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
718 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
719 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
720 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
721 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
722 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
723 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
724 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
725 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
726 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
727 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
728 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
729 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
730 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
731 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
732 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
733 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
734 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
735 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
736 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
737 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
738 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
739 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
740 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
741
742 * ROBOT Attack:
743 OK - Not vulnerable
744
745
746 SCAN COMPLETED IN 37.23 S
747 -------------------------
748#######################################################################################################################################
749Domains still to check: 1
750 Checking if the hostname wckkkk.org. given is in fact a domain...
751
752Analyzing domain: wckkkk.org.
753 Checking NameServers using system default resolver...
754 IP: 107.152.98.16 (United States)
755 HostName: ns6.floogy.com Type: NS
756 HostName: centralprocessingunit.com Type: PTR
757 IP: 107.152.98.58 (United States)
758 HostName: ns5.floogy.com Type: NS
759 HostName: centralprocessingunit.com Type: PTR
760
761 Checking MailServers using system default resolver...
762 IP: 107.152.98.24 (United States)
763 HostName: mail.wckkkk.org Type: MX
764 HostName: centralprocessingunit.com Type: PTR
765
766 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
767 No zone transfer found on nameserver 107.152.98.16
768 No zone transfer found on nameserver 107.152.98.58
769
770 Checking SPF record...
771 New IP found: 70.87.184.202
772
773 Checking 192 most common hostnames using system default resolver...
774 IP: 107.152.98.18 (United States)
775 HostName: www.wckkkk.org. Type: A
776 IP: 107.152.98.18 (United States)
777 HostName: www.wckkkk.org. Type: A
778 HostName: ftp.wckkkk.org. Type: A
779 HostName: tss.centralprocessingunit.com Type: PTR
780 IP: 107.152.98.24 (United States)
781 HostName: mail.wckkkk.org Type: MX
782 HostName: centralprocessingunit.com Type: PTR
783 HostName: mail.wckkkk.org. Type: A
784 IP: 107.152.98.18 (United States)
785 HostName: www.wckkkk.org. Type: A
786 HostName: ftp.wckkkk.org. Type: A
787 HostName: tss.centralprocessingunit.com Type: PTR
788 HostName: webmail.wckkkk.org. Type: A
789
790 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
791 Checking netblock 107.152.98.0
792 Checking netblock 70.87.184.0
793
794 Searching for wckkkk.org. emails in Google
795
796 Checking 5 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
797 Host 107.152.98.18 is up (reset ttl 64)
798 Host 107.152.98.24 is up (reset ttl 64)
799 Host 70.87.184.202 is up (reset ttl 64)
800 Host 107.152.98.16 is up (reset ttl 64)
801 Host 107.152.98.58 is up (reset ttl 64)
802
803 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
804 Scanning ip 107.152.98.18 (webmail.wckkkk.org.):
805 Scanning ip 107.152.98.24 (mail.wckkkk.org.):
806 Scanning ip 70.87.184.202 ():
807 Scanning ip 107.152.98.16 (centralprocessingunit.com (PTR)):
808 Scanning ip 107.152.98.58 (centralprocessingunit.com (PTR)):
809 WebCrawling domain's web servers... up to 50 max links.
810--Finished--
811Summary information for domain wckkkk.org.
812-----------------------------------------
813
814 Domain Ips Information:
815 IP: 107.152.98.18
816 HostName: www.wckkkk.org. Type: A
817 HostName: ftp.wckkkk.org. Type: A
818 HostName: tss.centralprocessingunit.com Type: PTR
819 HostName: webmail.wckkkk.org. Type: A
820 Country: United States
821 Is Active: True (reset ttl 64)
822 IP: 107.152.98.24
823 HostName: mail.wckkkk.org Type: MX
824 HostName: centralprocessingunit.com Type: PTR
825 HostName: mail.wckkkk.org. Type: A
826 Country: United States
827 Is Active: True (reset ttl 64)
828 IP: 70.87.184.202
829 Type: SPF
830 Is Active: True (reset ttl 64)
831 IP: 107.152.98.16
832 HostName: ns6.floogy.com Type: NS
833 HostName: centralprocessingunit.com Type: PTR
834 Country: United States
835 Is Active: True (reset ttl 64)
836 IP: 107.152.98.58
837 HostName: ns5.floogy.com Type: NS
838 HostName: centralprocessingunit.com Type: PTR
839 Country: United States
840 Is Active: True (reset ttl 64)
841
842--------------End Summary --------------
843-----------------------------------------
844######################################################################################################################################
845----- wckkkk.org -----
846
847
848Host's addresses:
849__________________
850
851wckkkk.org. 84567 IN A 107.152.98.18
852
853
854Name Servers:
855______________
856
857ns6.floogy.com. 12185 IN A 107.152.98.16
858ns5.floogy.com. 12182 IN A 107.152.98.58
859
860
861Mail (MX) Servers:
862___________________
863
864mail.wckkkk.org. 84580 IN A 107.152.98.24
865
866
867Trying Zone Transfers and getting Bind Versions:
868_________________________________________________
869
870
871Trying Zone Transfer for wckkkk.org on ns6.floogy.com ...
872AXFR record query failed: REFUSED
873
874Trying Zone Transfer for wckkkk.org on ns5.floogy.com ...
875AXFR record query failed: REFUSED
876
877
878Scraping wckkkk.org subdomains from Google:
879____________________________________________
880
881
882 ---- Google search page: 1 ----
883
884 biblestudy
885 biblestudy
886 biblestudy
887 txcommiewatch
888 biblestudy
889 biblestudy
890 biblestudy
891 mail
892 mail
893
894 ---- Google search page: 2 ----
895
896 mail
897 mail
898 mail
899
900
901Google Results:
902________________
903
904mail.wckkkk.org. 84576 IN A 107.152.98.24
905biblestudy.wckkkk.org. 86400 IN A 107.152.98.18
906txcommiewatch.wckkkk.org. 86400 IN A 107.152.98.18
907
908
909Brute forcing with /usr/share/dnsenum/dns.txt:
910_______________________________________________
911
912ftp.wckkkk.org. 84537 IN A 107.152.98.18
913news.wckkkk.org. 84520 IN A 107.152.98.18
914webmail.wckkkk.org. 84498 IN A 107.152.98.18
915www.wckkkk.org. 84086 IN A 107.152.98.18
916
917
918Launching Whois Queries:
919_________________________
920
921 whois ip result: 107.152.98.0 -> 107.152.96.0/20
922
923######################################################################################################################################
924http://www.wckkkk.org/ [200 OK] Apache, Country[UNITED STATES][US], Email[SiteAdmin@wckkkk.org], HTTPServer[Apache], IP[107.152.98.18], Plesk[Lin], Script[JavaScript], Title[KKK White Camelia Knight of the Ku Klux Klan - http://www.wckkkk.org], X-Powered-By[PleskLin]
925######################################################################################################################################
926Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 00:10 EST
927Nmap scan report for wckkkk.org (107.152.98.18)
928Host is up (0.29s latency).
929rDNS record for 107.152.98.18: tss.centralprocessingunit.com
930Not shown: 982 filtered ports
931PORT STATE SERVICE
93220/tcp closed ftp-data
93321/tcp open ftp
93425/tcp closed smtp
93543/tcp closed whois
93653/tcp open domain
93780/tcp open http
938110/tcp open pop3
939139/tcp closed netbios-ssn
940143/tcp open imap
941443/tcp open https
942445/tcp closed microsoft-ds
943465/tcp open smtps
944587/tcp open submission
945993/tcp open imaps
946995/tcp open pop3s
9473690/tcp open svn
9488443/tcp open https-alt
9499080/tcp closed glrpc
950
951Nmap done: 1 IP address (1 host up) scanned in 17.13 seconds
952######################################################################################################################################
953Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-09 23:48 EST
954Nmap scan report for tss.centralprocessingStarting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 00:59 EST
955Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
956Host is up (0.46s latency).
957Not shown: 982 filtered ports
958PORT STATE SERVICE
95920/tcp closed ftp-data
96021/tcp open ftp
96125/tcp closed smtp
96243/tcp closed whois
96353/tcp open domain
96480/tcp open http
965110/tcp open pop3
966139/tcp closed netbios-ssn
967143/tcp open imap
968443/tcp open https
969445/tcp closed microsoft-ds
970465/tcp open smtps
971587/tcp open submission
972993/tcp open imaps
973995/tcp open pop3s
9743690/tcp open svn
9758443/tcp open https-alt
9769080/tcp closed glrpc
977
978Host script results:
979| dns-brute:
980| DNS Brute-force hostnames:
981| alpha.centralprocessingunit.com - 107.152.98.18
982| beta.centralprocessingunit.com - 107.152.98.18
983| ns.centralprocessingunit.com - 107.152.98.18
984| ftp.centralprocessingunit.com - 107.152.98.18
985| ns1.centralprocessingunit.com - 107.152.98.18
986| ns2.centralprocessingunit.com - 107.152.98.16
987| mail.centralprocessingunit.com - 107.152.98.24
988|_ www.centralprocessingunit.com - 107.152.98.18
989
990Nmap done: 1 IP address (1 host up) scanned in 36.30 seconds
991unit.com (107.152.98.18)
992Host is up (0.30s latency).
993Not shown: 982 filtered ports, 6 closed ports
994Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
995PORT STATE SERVICE
99621/tcp open ftp
99753/tcp open domain
99880/tcp open http
999110/tcp open pop3
1000143/tcp open imap
1001443/tcp open https
1002465/tcp open smtps
1003587/tcp open submission
1004993/tcp open imaps
1005995/tcp open pop3s
10063690/tcp open svn
10078443/tcp open https-alt
1008
1009Nmap done: 1 IP address (1 host up) scanned in 15.46 seconds
1010######################################################################################################################################
1011Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-09 23:49 EST
1012Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
1013Host is up (0.15s latency).
1014Not shown: 2 filtered ports
1015PORT STATE SERVICE
101653/udp open domain
101767/udp open|filtered dhcps
101868/udp open|filtered dhcpc
101969/udp open|filtered tftp
102088/udp open|filtered kerberos-sec
1021123/udp open|filtered ntp
1022139/udp open|filtered netbios-ssn
1023161/udp open|filtered snmp
1024162/udp open|filtered snmptrap
1025389/udp open|filtered ldap
1026500/udp open|filtered isakmp
1027520/udp open|filtered route
10282049/udp open|filtered nfs
1029
1030Nmap done: 1 IP address (1 host up) scanned in 2.49 seconds
1031#######################################################################################################################################
1032Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-09 23:51 EST
1033Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
1034Host is up (0.30s latency).
1035Not shown: 982 filtered ports
1036PORT STATE SERVICE VERSION
103720/tcp closed ftp-data
103821/tcp open ftp ProFTPD 1.3.5b
1039| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1040| Not valid before: 2014-01-22T11:34:50
1041|_Not valid after: 2015-01-22T11:34:50
1042|_ssl-date: 2019-11-10T04:52:46+00:00; -1s from scanner time.
104325/tcp closed smtp
104443/tcp closed whois
104553/tcp open domain (unknown banner: none)
1046| dns-nsid:
1047|_ bind.version: none
1048| fingerprint-strings:
1049| DNSVersionBindReqTCP:
1050| version
1051| bind
1052|_ none
105380/tcp open http Apache httpd (PleskLin)
1054|_http-favicon: Parallels Control Panel
1055|_http-server-header: Apache
1056|_http-title: Default Parallels Plesk Panel Page
1057110/tcp open pop3 Courier pop3d
1058|_pop3-capabilities: TOP SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) USER APOP IMPLEMENTATION(Courier Mail Server) STLS UIDL PIPELINING LOGIN-DELAY(10)
1059|_ssl-date: 2019-11-10T04:52:47+00:00; 0s from scanner time.
1060139/tcp closed netbios-ssn
1061143/tcp open imap Courier Imapd (released 2015)
1062|_imap-capabilities: AUTH=PLAIN AUTH=CRAM-MD5 NAMESPACE THREAD=REFERENCES ACL2=UNION CHILDREN SORT AUTH=CRAM-SHA1 ACL THREAD=ORDEREDSUBJECT AUTH=CRAM-SHA256 CAPABILITY UIDPLUS STARTTLSA0001 OK completed IMAP4rev1 QUOTA IDLE
1063|_ssl-date: 2019-11-10T04:52:47+00:00; 0s from scanner time.
1064443/tcp open ssl/http Apache httpd (PleskLin)
1065|_http-server-header: Apache
1066|_http-title: Default Parallels Plesk Panel Page
1067| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1068| Not valid before: 2014-01-22T11:34:50
1069|_Not valid after: 2015-01-22T11:34:50
1070|_ssl-date: 2019-11-10T04:52:47+00:00; 0s from scanner time.
1071445/tcp closed microsoft-ds
1072465/tcp open ssl/smtps?
1073|_smtp-commands: Couldn't establish connection on port 465
1074|_ssl-date: 2019-11-10T04:52:46+00:00; 0s from scanner time.
1075587/tcp open smtp Postfix smtpd
1076|_smtp-commands: gamma.centralprocessingunit.com, PIPELINING, SIZE 20480000, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1077|_ssl-date: 2019-11-10T04:52:47+00:00; 0s from scanner time.
1078993/tcp open ssl/imaps?
1079|_ssl-date: 2019-11-10T04:52:46+00:00; -1s from scanner time.
1080995/tcp open ssl/pop3s?
1081|_ssl-date: 2019-11-10T04:52:46+00:00; 0s from scanner time.
10823690/tcp open svnserve Subversion
10838443/tcp open ssl/http nginx
1084|_http-server-header: sw-cp-server
1085|_http-title: Plesk 12.5.30
1086| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1087| Not valid before: 2014-01-22T11:34:50
1088|_Not valid after: 2015-01-22T11:34:50
1089|_ssl-date: 2019-11-10T04:52:46+00:00; -1s from scanner time.
1090| tls-nextprotoneg:
1091| spdy/3.1
1092|_ http/1.1
10939080/tcp closed glrpc
10941 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1095SF-Port53-TCP:V=7.80%I=7%D=11/9%Time=5DC7976D%P=x86_64-pc-linux-gnu%r(DNSV
1096SF:ersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x
1097SF:04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\
1098SF:0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
1099Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 or 3.10 (93%), WatchGuard Fireware 11.8 (93%), Synology DiskStation Manager 5.1 (92%), Linux 2.6.39 (92%), Linux 3.4 (92%), Linux 3.10 (91%), Linux 3.1 - 3.2 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 3.2 - 3.8 (88%)
1100No exact OS matches for host (test conditions non-ideal).
1101Service Info: Hosts: localhost.localdomain, gamma.centralprocessingunit.com; OS: Unix
1102######################################################################################################################################
1103Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-09 23:51 EST
1104Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
1105Host is up (0.30s latency).
1106Not shown: 982 filtered ports
1107PORT STATE SERVICE VERSION
110820/tcp closed ftp-data
110921/tcp open ftp ProFTPD 1.3.5b
1110| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1111| Not valid before: 2014-01-22T11:34:50
1112|_Not valid after: 2015-01-22T11:34:50
1113|_ssl-date: 2019-11-10T04:52:49+00:00; 0s from scanner time.
111425/tcp closed smtp
111543/tcp closed whois
111653/tcp open domain (unknown banner: none)
1117| dns-nsid:
1118|_ bind.version: none
1119| fingerprint-strings:
1120| DNSVersionBindReqTCP:
1121| version
1122| bind
1123|_ none
112480/tcp open http Apache httpd (PleskLin)
1125|_http-favicon: Parallels Control Panel
1126|_http-server-header: Apache
1127|_http-title: Default Parallels Plesk Panel Page
1128110/tcp open pop3 Courier pop3d
1129|_pop3-capabilities: TOP STLS IMPLEMENTATION(Courier Mail Server) USER APOP PIPELINING SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) UIDL LOGIN-DELAY(10)
1130|_ssl-date: 2019-11-10T04:52:49+00:00; 0s from scanner time.
1131139/tcp closed netbios-ssn
1132143/tcp open imap Courier Imapd (released 2015)
1133|_imap-capabilities: IMAP4rev1 AUTH=CRAM-SHA256 ACL CAPABILITY AUTH=PLAIN THREAD=REFERENCES UIDPLUS completed OK QUOTA IDLE AUTH=CRAM-SHA1 SORT STARTTLSA0001 AUTH=CRAM-MD5 THREAD=ORDEREDSUBJECT NAMESPACE ACL2=UNION CHILDREN
1134|_ssl-date: 2019-11-10T04:52:49+00:00; 0s from scanner time.
1135443/tcp open ssl/http Apache httpd (PleskLin)
1136|_http-favicon: Parallels Control Panel
1137|_http-server-header: Apache
1138|_http-title: Default Parallels Plesk Panel Page
1139| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1140| Not valid before: 2014-01-22T11:34:50
1141|_Not valid after: 2015-01-22T11:34:50
1142|_ssl-date: 2019-11-10T04:52:48+00:00; 0s from scanner time.
1143445/tcp closed microsoft-ds
1144465/tcp open ssl/smtps?
1145|_smtp-commands: Couldn't establish connection on port 465
1146|_ssl-date: 2019-11-10T04:52:48+00:00; 0s from scanner time.
1147587/tcp open smtp Postfix smtpd
1148|_smtp-commands: gamma.centralprocessingunit.com, PIPELINING, SIZE 20480000, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1149|_ssl-date: 2019-11-10T04:52:50+00:00; 0s from scanner time.
1150993/tcp open ssl/imaps?
1151|_ssl-date: 2019-11-10T04:52:49+00:00; 0s from scanner time.
1152995/tcp open ssl/pop3s?
1153|_ssl-date: 2019-11-10T04:52:49+00:00; 0s from scanner time.
11543690/tcp open svnserve Subversion
11558443/tcp open ssl/http nginx
1156|_http-server-header: sw-cp-server
1157|_http-title: Plesk 12.5.30
1158| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1159| Not valid before: 2014-01-22T11:34:50
1160|_Not valid after: 2015-01-22T11:34:50
1161|_ssl-date: 2019-11-10T04:52:49+00:00; 0s from scanner time.
1162| tls-nextprotoneg:
1163| spdy/3.1
1164|_ http/1.1
11659080/tcp closed glrpc
11661 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1167SF-Port53-TCP:V=7.80%I=7%D=11/9%Time=5DC7976A%P=x86_64-pc-linux-gnu%r(DNSV
1168SF:ersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x
1169SF:04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\
1170SF:0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
1171Aggressive OS guesses: Linux 2.6.32 (93%), Linux 3.4 (93%), Synology DiskStation Manager 5.1 (92%), Linux 3.10 (92%), Linux 2.6.32 or 3.10 (92%), Linux 2.6.39 (92%), WatchGuard Fireware 11.8 (92%), Linux 3.1 - 3.2 (92%), Linux 2.6.32 - 2.6.39 (90%), Linux 3.2 - 3.8 (88%)
1172No exact OS matches for host (test conditions non-ideal).
1173Network Distance: 20 hops
1174Service Info: Hosts: localhost.localdomain, gamma.centralprocessingunit.com; OS: Unix
1175
1176TRACEROUTE (using port 43/tcp)
1177HOP RTT ADDRESS
11781 131.87 ms 10.227.200.1
11792 ...
11803 132.06 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
11814 131.95 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
11825 137.48 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
11836 156.18 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
11847 157.31 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
11858 240.38 ms be12266.ccr42.par01.atlas.cogentco.com (154.54.56.174)
11869 234.96 ms be3628.ccr42.jfk02.atlas.cogentco.com (154.54.27.169)
118710 245.02 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)
118811 247.53 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
118912 267.28 ms be2687.ccr41.iah01.atlas.cogentco.com (154.54.28.70)
119013 268.19 ms be2690.ccr42.iah01.atlas.cogentco.com (154.54.28.130)
119114 299.66 ms be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77)
119215 294.08 ms be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77)
119316 307.80 ms be2585.agr21.lax01.atlas.cogentco.com (154.54.29.186)
119417 305.41 ms be3571.rcr21.lax06.atlas.cogentco.com (154.24.23.250)
119518 301.89 ms 38.142.230.58
119619 302.51 ms 38.142.230.58
119720 301.05 ms tss.centralprocessingunit.com (107.152.98.18)
1198#######################################################################################################################################
1199Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 00:01 EST
1200Nmap scan report for wckkkk.org (107.152.98.18)
1201Host is up (0.27s latency).
1202rDNS record for 107.152.98.18: tss.centralprocessingunit.com
1203Not shown: 982 filtered ports
1204PORT STATE SERVICE VERSION
120520/tcp closed ftp-data
120621/tcp open ftp ProFTPD 1.3.5b
120725/tcp closed smtp
120843/tcp closed whois
120953/tcp open domain (unknown banner: none)
1210| fingerprint-strings:
1211| DNSVersionBindReqTCP:
1212| version
1213| bind
1214|_ none
121580/tcp open http Apache httpd (PleskLin)
1216|_http-server-header: Apache
1217|_http-title: KKK White Camelia Knight of the Ku Klux Klan - http://www.wckk...
1218110/tcp open pop3 Courier pop3d
1219139/tcp closed netbios-ssn
1220143/tcp open imap Courier Imapd (released 2015)
1221443/tcp open ssl/http Apache httpd
1222|_http-server-header: Apache
1223|_http-title: Default Parallels Plesk Panel Page
1224445/tcp closed microsoft-ds
1225465/tcp open ssl/smtps?
1226587/tcp open smtp Postfix smtpd
1227993/tcp open ssl/imaps?
1228995/tcp open ssl/pop3s?
12293690/tcp open svnserve Subversion
12308443/tcp open ssl/http nginx
1231|_http-server-header: sw-cp-server
1232|_http-title: Plesk 12.5.30
12339080/tcp closed glrpc
12341 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1235SF-Port53-TCP:V=7.80%I=7%D=11/10%Time=5DC799B7%P=x86_64-pc-linux-gnu%r(DNS
1236SF:VersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\
1237SF:x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c
1238SF:\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
1239Service Info: Hosts: localhost.localdomain, default-107_152_98_18, gamma.centralprocessingunit.com; OS: Unix
1240#######################################################################################################################################
1241Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 00:03 EST
1242SENT (0.1992s) ICMP [10.227.201.102 > 107.152.98.18 Echo request (type=8/code=0) id=42482 seq=0] IP [ttl=37 id=46487 iplen=28 ]
1243SENT (0.1993s) igmp (2) 10.227.201.102 > 107.152.98.18: ttl=47 id=41942 iplen=28
1244SENT (0.1993s) ipv4 (4) 10.227.201.102 > 107.152.98.18: ttl=45 id=38375 iplen=20
1245RCVD (0.4982s) ICMP [107.152.98.18 > 10.227.201.102 Echo reply (type=0/code=0) id=42482 seq=0] IP [ttl=43 id=27503 iplen=28 ]
1246NSOCK INFO [0.5390s] nsock_iod_new2(): nsock_iod_new (IOD #1)
1247NSOCK INFO [0.5390s] nsock_connect_udp(): UDP connection requested to 2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53 (IOD #1) EID 8
1248NSOCK INFO [0.5390s] nsock_read(): Read request from IOD #1 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53] (timeout: -1ms) EID 18
1249NSOCK INFO [0.5390s] nsock_iod_new2(): nsock_iod_new (IOD #2)
1250NSOCK INFO [0.5390s] nsock_connect_udp(): UDP connection requested to 192.168.0.1:53 (IOD #2) EID 24
1251NSOCK INFO [0.5390s] nsock_read(): Read request from IOD #2 [192.168.0.1:53] (timeout: -1ms) EID 34
1252NSOCK INFO [0.5390s] nsock_iod_new2(): nsock_iod_new (IOD #3)
1253NSOCK INFO [0.5390s] nsock_connect_udp(): UDP connection requested to 38.132.106.139:53 (IOD #3) EID 40
1254NSOCK INFO [0.5390s] nsock_read(): Read request from IOD #3 [38.132.106.139:53] (timeout: -1ms) EID 50
1255NSOCK INFO [0.5390s] nsock_iod_new2(): nsock_iod_new (IOD #4)
1256NSOCK INFO [0.5390s] nsock_connect_udp(): UDP connection requested to 194.187.251.67:53 (IOD #4) EID 56
1257NSOCK INFO [0.5400s] nsock_read(): Read request from IOD #4 [194.187.251.67:53] (timeout: -1ms) EID 66
1258NSOCK INFO [0.5400s] nsock_iod_new2(): nsock_iod_new (IOD #5)
1259NSOCK INFO [0.5400s] nsock_connect_udp(): UDP connection requested to 185.93.180.131:53 (IOD #5) EID 72
1260NSOCK INFO [0.5400s] nsock_read(): Read request from IOD #5 [185.93.180.131:53] (timeout: -1ms) EID 82
1261NSOCK INFO [0.5400s] nsock_write(): Write request for 44 bytes to IOD #1 EID 91 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53]
1262NSOCK INFO [0.5400s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53]
1263NSOCK INFO [0.5400s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 91 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53]
1264NSOCK INFO [0.5400s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [192.168.0.1:53]
1265NSOCK INFO [0.5400s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [38.132.106.139:53]
1266NSOCK INFO [0.5400s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [194.187.251.67:53]
1267NSOCK INFO [0.5400s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 72 [185.93.180.131:53]
1268NSOCK INFO [0.5580s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53] (130 bytes)
1269NSOCK INFO [0.5590s] nsock_read(): Read request from IOD #1 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53] (timeout: -1ms) EID 98
1270NSOCK INFO [0.5590s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
1271NSOCK INFO [0.5590s] nevent_delete(): nevent_delete on event #98 (type READ)
1272NSOCK INFO [0.5590s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
1273NSOCK INFO [0.5590s] nevent_delete(): nevent_delete on event #34 (type READ)
1274NSOCK INFO [0.5590s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
1275NSOCK INFO [0.5590s] nevent_delete(): nevent_delete on event #50 (type READ)
1276NSOCK INFO [0.5590s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
1277NSOCK INFO [0.5590s] nevent_delete(): nevent_delete on event #66 (type READ)
1278NSOCK INFO [0.5590s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
1279NSOCK INFO [0.5590s] nevent_delete(): nevent_delete on event #82 (type READ)
1280Nmap scan report for wckkkk.org (107.152.98.18)
1281Host is up (0.30s latency).
1282rDNS record for 107.152.98.18: tss.centralprocessingunit.com
1283Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
1284######################################################################################################################################
1285Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 00:59 EST
1286Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
1287Host is up (0.46s latency).
1288Not shown: 982 filtered ports
1289PORT STATE SERVICE
129020/tcp closed ftp-data
129121/tcp open ftp
129225/tcp closed smtp
129343/tcp closed whois
129453/tcp open domain
129580/tcp open http
1296110/tcp open pop3
1297139/tcp closed netbios-ssn
1298143/tcp open imap
1299443/tcp open https
1300445/tcp closed microsoft-ds
1301465/tcp open smtps
1302587/tcp open submission
1303993/tcp open imaps
1304995/tcp open pop3s
13053690/tcp open svn
13068443/tcp open https-alt
13079080/tcp closed glrpc
1308
1309Host script results:
1310| dns-brute:
1311| DNS Brute-force hostnames:
1312| alpha.centralprocessingunit.com - 107.152.98.18
1313| beta.centralprocessingunit.com - 107.152.98.18
1314| ns.centralprocessingunit.com - 107.152.98.18
1315| ftp.centralprocessingunit.com - 107.152.98.18
1316| ns1.centralprocessingunit.com - 107.152.98.18
1317| ns2.centralprocessingunit.com - 107.152.98.16
1318| mail.centralprocessingunit.com - 107.152.98.24
1319|_ www.centralprocessingunit.com - 107.152.98.18
1320
1321Nmap done: 1 IP address (1 host up) scanned in 36.30 seconds
1322######################################################################################################################################
1323Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 01:18 EST
1324Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
1325Host is up (0.48s latency).
1326Not shown: 982 filtered ports
1327PORT STATE SERVICE VERSION
132820/tcp closed ftp-data
132921/tcp open ftp ProFTPD 1.3.5b
1330| vulscan: VulDB - https://vuldb.com:
1331| [138380] ProFTPD 1.3.5b mod_copy Code Execution
1332| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
1333|
1334| MITRE CVE - https://cve.mitre.org:
1335| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
1336| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
1337| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
1338| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
1339| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
1340| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
1341| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
1342| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
1343| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
1344| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
1345| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
1346| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
1347| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
1348| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
1349| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
1350| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
1351| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
1352| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
1353|
1354| SecurityFocus - https://www.securityfocus.com/bid/:
1355| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
1356|
1357| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1358| [80980] ProFTPD FTP commands symlink
1359| [71226] ProFTPD pool code execution
1360| [65207] ProFTPD mod_sftp module denial of service
1361| [64495] ProFTPD sql_prepare_where() buffer overflow
1362| [63658] ProFTPD FTP server backdoor
1363| [63407] mod_sql module for ProFTPD buffer overflow
1364| [63155] ProFTPD pr_data_xfer denial of service
1365| [62909] ProFTPD mod_site_misc directory traversal
1366| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
1367| [53936] ProFTPD mod_tls SSL certificate security bypass
1368| [48951] ProFTPD mod_sql username percent SQL injection
1369| [48558] ProFTPD NLS support SQL injection protection bypass
1370| [45274] ProFTPD URL cross-site request forgery
1371| [33733] ProFTPD Auth API security bypass
1372| [31461] ProFTPD mod_radius buffer overflow
1373| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
1374| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
1375| [30147] ProFTPD sreplace() buffer overflow
1376| [21530] ProFTPD mod_sql format string attack
1377| [21528] ProFTPD shutdown message format string attack
1378| [19410] GProFTPD file name format string attack
1379| [18453] ProFTPD SITE CHGRP command allows group ownership modification
1380| [17724] ProFTPD could allow an attacker to obtain valid accounts
1381| [16038] ProFTPD CIDR entry ACL bypass
1382| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
1383| [12369] ProFTPD mod_sql SQL injection
1384| [12200] ProFTPD ASCII file newline buffer overflow
1385| [10932] ProFTPD long PASS command buffer overflow
1386| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
1387| [7818] ProFTPD ls "
1388| [7816] ProFTPD file globbing denial of service
1389| [7126] ProFTPD fails to resolve hostnames
1390| [6433] ProFTPD format string
1391| [6209] proFTPD /var symlink
1392| [6208] ProFTPD contains configuration error in postinst script when running as root
1393| [5801] proftpd memory leak when using SIZE or USER commands
1394| [5737] ProFTPD system using mod_sqlpw unauthorized access
1395|
1396| Exploit-DB - https://www.exploit-db.com:
1397| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
1398| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
1399| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
1400| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
1401| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
1402| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
1403| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
1404| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
1405| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
1406| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
1407| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
1408|
1409| OpenVAS (Nessus) - http://www.openvas.org:
1410| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
1411| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
1412|
1413| SecurityTracker - https://www.securitytracker.com:
1414| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
1415| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
1416| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
1417| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
1418| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
1419| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
1420| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
1421| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
1422| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
1423| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
1424| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
1425| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
1426| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
1427| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
1428|
1429| OSVDB - http://www.osvdb.org:
1430| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
1431| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
1432| [70868] ProFTPD mod_sftp Component SSH Payload DoS
1433| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
1434| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
1435| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
1436| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
1437| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
1438| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
1439| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
1440| [57310] ProFTPD Multiple Unspecified Overflows
1441| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
1442| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
1443| [57307] ProFTPD Multiple Modules Unspecified Overflows
1444| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
1445| [57305] ProFTPD src/main.c Unspecified Overflow
1446| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
1447| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
1448| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
1449| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
1450| [51849] ProFTPD Character Encoding SQL Injection
1451| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
1452| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
1453| [48411] ProFTPD FTP Command Truncation CSRF
1454| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
1455| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
1456| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
1457| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
1458| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
1459| [23063] ProFTPD mod_radius Password Overflow DoS
1460| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
1461| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
1462| [18270] ProFTPD ftpshut Shutdown Message Format String
1463| [14012] GProftpd gprostats Utility Log Parser Remote Format String
1464| [10769] ProFTPD File Transfer Newline Character Overflow
1465| [10768] ProFTPD STAT Command Remote DoS
1466| [10758] ProFTPD Login Timing Account Name Enumeration
1467| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
1468| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
1469| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
1470| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
1471| [7165] ProFTPD USER Command Memory Leak DoS
1472| [5744] ProFTPD CIDR IP Subnet ACL Bypass
1473| [5705] ProFTPD Malformed cwd Command Format String
1474| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
1475| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
1476| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
1477|_
147825/tcp closed smtp
147943/tcp closed whois
148053/tcp open domain? (unknown banner: none)
1481| fingerprint-strings:
1482| DNSVersionBindReqTCP:
1483| version
1484| bind
1485|_ none
148680/tcp open http Apache httpd (PleskLin)
1487| vulscan: VulDB - https://vuldb.com:
1488| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1489| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1490| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1491| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1492| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1493| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1494| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1495| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1496| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1497| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1498| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1499| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1500| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1501| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1502| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1503| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1504| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1505| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1506| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1507| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1508| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1509| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1510| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1511| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1512| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1513| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1514| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1515| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1516| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1517| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1518| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1519| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1520| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1521| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1522| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1523| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1524| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1525| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1526| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1527| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1528| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1529| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1530| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1531| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1532| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1533| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1534| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1535| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1536| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1537| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1538| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1539| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1540| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1541| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1542| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1543| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1544| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1545| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1546| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1547| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1548| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1549| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1550| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1551| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1552| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1553| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1554| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1555| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1556| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1557| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1558| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1559| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1560| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1561| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1562| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1563| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1564| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1565| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1566| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1567| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1568| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1569| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1570| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1571| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1572| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1573| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1574| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1575| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1576| [136370] Apache Fineract up to 1.2.x sql injection
1577| [136369] Apache Fineract up to 1.2.x sql injection
1578| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1579| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1580| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1581| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1582| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1583| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1584| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1585| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1586| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1587| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1588| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1589| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1590| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1591| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1592| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1593| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1594| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1595| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1596| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1597| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1598| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1599| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1600| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1601| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1602| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1603| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1604| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1605| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1606| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1607| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1608| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1609| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1610| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1611| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1612| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1613| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1614| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1615| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1616| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1617| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1618| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1619| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1620| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1621| [130629] Apache Guacamole Cookie Flag weak encryption
1622| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1623| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1624| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1625| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1626| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1627| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1628| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1629| [130123] Apache Airflow up to 1.8.2 information disclosure
1630| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1631| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1632| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1633| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1634| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1635| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1636| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1637| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1638| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1639| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1640| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1641| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1642| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1643| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1644| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1645| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1646| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1647| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1648| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1649| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1650| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1651| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1652| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1653| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1654| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1655| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1656| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1657| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1658| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1659| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1660| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1661| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1662| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1663| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1664| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1665| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1666| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1667| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1668| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1669| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1670| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1671| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1672| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1673| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1674| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1675| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1676| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1677| [127007] Apache Spark Request Code Execution
1678| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1679| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1680| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1681| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1682| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1683| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1684| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1685| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1686| [126346] Apache Tomcat Path privilege escalation
1687| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1688| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1689| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1690| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1691| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1692| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1693| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1694| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1695| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1696| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1697| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1698| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1699| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1700| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1701| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1702| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1703| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1704| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1705| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1706| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1707| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1708| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1709| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1710| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1711| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1712| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1713| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1714| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1715| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1716| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1717| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1718| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1719| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1720| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1721| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1722| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1723| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1724| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1725| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1726| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1727| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1728| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1729| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1730| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1731| [123197] Apache Sentry up to 2.0.0 privilege escalation
1732| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1733| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1734| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1735| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1736| [122800] Apache Spark 1.3.0 REST API weak authentication
1737| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1738| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1739| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1740| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1741| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1742| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1743| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1744| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1745| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1746| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1747| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1748| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1749| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
1750| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
1751| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1752| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
1753| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
1754| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
1755| [121354] Apache CouchDB HTTP API Code Execution
1756| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
1757| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
1758| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
1759| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
1760| [120168] Apache CXF weak authentication
1761| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
1762| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1763| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
1764| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1765| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
1766| [119306] Apache MXNet Network Interface privilege escalation
1767| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
1768| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
1769| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
1770| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
1771| [118143] Apache NiFi activemq-client Library Deserialization denial of service
1772| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
1773| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
1774| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
1775| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
1776| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1777| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
1778| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
1779| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
1780| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
1781| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
1782| [117115] Apache Tika up to 1.17 tika-server command injection
1783| [116929] Apache Fineract getReportType Parameter privilege escalation
1784| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
1785| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
1786| [116926] Apache Fineract REST Parameter privilege escalation
1787| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
1788| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
1789| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
1790| [115883] Apache Hive up to 2.3.2 privilege escalation
1791| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
1792| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
1793| [115518] Apache Ignite 2.3 Deserialization privilege escalation
1794| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1795| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1796| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
1797| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
1798| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1799| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1800| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1801| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1802| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1803| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1804| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1805| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
1806| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
1807| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
1808| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
1809| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
1810| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1811| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
1812| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
1813| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
1814| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
1815| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1816| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1817| [113895] Apache Geode up to 1.3.x Code Execution
1818| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1819| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
1820| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
1821| [113747] Apache Tomcat Servlets privilege escalation
1822| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
1823| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
1824| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
1825| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
1826| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
1827| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1828| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
1829| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1830| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
1831| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
1832| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
1833| [112885] Apache Allura up to 1.8.0 File information disclosure
1834| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
1835| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
1836| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
1837| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
1838| [112625] Apache POI up to 3.16 Loop denial of service
1839| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
1840| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
1841| [112339] Apache NiFi 1.5.0 Header privilege escalation
1842| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
1843| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
1844| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
1845| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
1846| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
1847| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
1848| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
1849| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
1850| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
1851| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
1852| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
1853| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
1854| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
1855| [112114] Oracle 9.1 Apache Log4j privilege escalation
1856| [112113] Oracle 9.1 Apache Log4j privilege escalation
1857| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
1858| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
1859| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
1860| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
1861| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
1862| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
1863| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
1864| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
1865| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
1866| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
1867| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
1868| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
1869| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
1870| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
1871| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
1872| [110701] Apache Fineract Query Parameter sql injection
1873| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
1874| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
1875| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
1876| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
1877| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
1878| [110106] Apache CXF Fediz Spring cross site request forgery
1879| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
1880| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
1881| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
1882| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
1883| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
1884| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
1885| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
1886| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
1887| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
1888| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
1889| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
1890| [108938] Apple macOS up to 10.13.1 apache denial of service
1891| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
1892| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
1893| [108935] Apple macOS up to 10.13.1 apache denial of service
1894| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
1895| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
1896| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
1897| [108931] Apple macOS up to 10.13.1 apache denial of service
1898| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
1899| [108929] Apple macOS up to 10.13.1 apache denial of service
1900| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
1901| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
1902| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
1903| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
1904| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
1905| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
1906| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
1907| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
1908| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
1909| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
1910| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
1911| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
1912| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
1913| [108782] Apache Xerces2 XML Service denial of service
1914| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
1915| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
1916| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
1917| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
1918| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
1919| [108629] Apache OFBiz up to 10.04.01 privilege escalation
1920| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
1921| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
1922| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
1923| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
1924| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
1925| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
1926| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
1927| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
1928| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
1929| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
1930| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
1931| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
1932| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
1933| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
1934| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
1935| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
1936| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
1937| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1938| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
1939| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
1940| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
1941| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
1942| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
1943| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
1944| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
1945| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
1946| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
1947| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
1948| [107639] Apache NiFi 1.4.0 XML External Entity
1949| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
1950| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
1951| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
1952| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
1953| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
1954| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
1955| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
1956| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
1957| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
1958| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
1959| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
1960| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1961| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1962| [107197] Apache Xerces Jelly Parser XML File XML External Entity
1963| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
1964| [107084] Apache Struts up to 2.3.19 cross site scripting
1965| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
1966| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
1967| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
1968| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
1969| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
1970| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
1971| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
1972| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
1973| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
1974| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
1975| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
1976| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
1977| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1978| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1979| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
1980| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
1981| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
1982| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
1983| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
1984| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
1985| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
1986| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
1987| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
1988| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
1989| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
1990| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
1991| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
1992| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
1993| [105878] Apache Struts up to 2.3.24.0 privilege escalation
1994| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
1995| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
1996| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
1997| [105643] Apache Pony Mail up to 0.8b weak authentication
1998| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
1999| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2000| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2001| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2002| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2003| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2004| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2005| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2006| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2007| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2008| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2009| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2010| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2011| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2012| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2013| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2014| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2015| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2016| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2017| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2018| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2019| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2020| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2021| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2022| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2023| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2024| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2025| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2026| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2027| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2028| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2029| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2030| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2031| [103690] Apache OpenMeetings 1.0.0 sql injection
2032| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2033| [103688] Apache OpenMeetings 1.0.0 weak encryption
2034| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2035| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2036| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2037| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2038| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2039| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2040| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2041| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2042| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2043| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2044| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2045| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2046| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2047| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2048| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2049| [103352] Apache Solr Node weak authentication
2050| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2051| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2052| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2053| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2054| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2055| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2056| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2057| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2058| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2059| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2060| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2061| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2062| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2063| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2064| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2065| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2066| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2067| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2068| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2069| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2070| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2071| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2072| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2073| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2074| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2075| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2076| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2077| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2078| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2079| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2080| [99937] Apache Batik up to 1.8 privilege escalation
2081| [99936] Apache FOP up to 2.1 privilege escalation
2082| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2083| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2084| [99930] Apache Traffic Server up to 6.2.0 denial of service
2085| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2086| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2087| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2088| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2089| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2090| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2091| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2092| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2093| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2094| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2095| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2096| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2097| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2098| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2099| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2100| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2101| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2102| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2103| [98605] Apple macOS up to 10.12.3 Apache denial of service
2104| [98604] Apple macOS up to 10.12.3 Apache denial of service
2105| [98603] Apple macOS up to 10.12.3 Apache denial of service
2106| [98602] Apple macOS up to 10.12.3 Apache denial of service
2107| [98601] Apple macOS up to 10.12.3 Apache denial of service
2108| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2109| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2110| [98199] Apache Camel Validation XML External Entity
2111| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2112| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2113| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2114| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2115| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2116| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2117| [97081] Apache Tomcat HTTPS Request denial of service
2118| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2119| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2120| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2121| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2122| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2123| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2124| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2125| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2126| [95311] Apache Storm UI Daemon privilege escalation
2127| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2128| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2129| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2130| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2131| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2132| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2133| [94540] Apache Tika 1.9 tika-server File information disclosure
2134| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2135| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2136| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2137| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2138| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2139| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2140| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2141| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2142| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2143| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2144| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2145| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2146| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2147| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2148| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2149| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2150| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2151| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2152| [93532] Apache Commons Collections Library Java privilege escalation
2153| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2154| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2155| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2156| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2157| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2158| [93098] Apache Commons FileUpload privilege escalation
2159| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2160| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2161| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2162| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2163| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2164| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2165| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2166| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2167| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2168| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2169| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2170| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2171| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2172| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2173| [92549] Apache Tomcat on Red Hat privilege escalation
2174| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2175| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2176| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2177| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2178| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2179| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2180| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2181| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2182| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2183| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2184| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2185| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2186| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2187| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2188| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2189| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2190| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2191| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2192| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2193| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2194| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2195| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2196| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2197| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2198| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2199| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2200| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2201| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2202| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2203| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2204| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2205| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2206| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2207| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2208| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2209| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2210| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2211| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2212| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2213| [90263] Apache Archiva Header denial of service
2214| [90262] Apache Archiva Deserialize privilege escalation
2215| [90261] Apache Archiva XML DTD Connection privilege escalation
2216| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2217| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2218| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2219| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2220| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2221| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2222| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2223| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2224| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2225| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2226| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2227| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2228| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2229| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2230| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2231| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2232| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2233| [87765] Apache James Server 2.3.2 Command privilege escalation
2234| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2235| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2236| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2237| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2238| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2239| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2240| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2241| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2242| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2243| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2244| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2245| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2246| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2247| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2248| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2249| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2250| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2251| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2252| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2253| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2254| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2255| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2256| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2257| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2258| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2259| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2260| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2261| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2262| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2263| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2264| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2265| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2266| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2267| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2268| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2269| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2270| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2271| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2272| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2273| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2274| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2275| [82076] Apache Ranger up to 0.5.1 privilege escalation
2276| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2277| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2278| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2279| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2280| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2281| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2282| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2283| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2284| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2285| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2286| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2287| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2288| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2289| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2290| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2291| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2292| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2293| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2294| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2295| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2296| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2297| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2298| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2299| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2300| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2301| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2302| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2303| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2304| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2305| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2306| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2307| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2308| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2309| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2310| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2311| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2312| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2313| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2314| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2315| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2316| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2317| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2318| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2319| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2320| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2321| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2322| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2323| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2324| [78989] Apache Ambari up to 2.1.1 Open Redirect
2325| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2326| [78987] Apache Ambari up to 2.0.x cross site scripting
2327| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2328| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2329| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2330| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2331| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2332| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2333| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2334| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2335| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2336| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2337| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2338| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2339| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2340| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2341| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2342| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2343| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2344| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2345| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2346| [76567] Apache Struts 2.3.20 unknown vulnerability
2347| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2348| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2349| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2350| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2351| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2352| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2353| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2354| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2355| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2356| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2357| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2358| [74793] Apache Tomcat File Upload denial of service
2359| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2360| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2361| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2362| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2363| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2364| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2365| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2366| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2367| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2368| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2369| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2370| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2371| [74468] Apache Batik up to 1.6 denial of service
2372| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2373| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2374| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2375| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2376| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2377| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2378| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2379| [73731] Apache XML Security unknown vulnerability
2380| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2381| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2382| [73593] Apache Traffic Server up to 5.1.0 denial of service
2383| [73511] Apache POI up to 3.10 Deadlock denial of service
2384| [73510] Apache Solr up to 4.3.0 cross site scripting
2385| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2386| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2387| [73173] Apache CloudStack Stack-Based unknown vulnerability
2388| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2389| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2390| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2391| [72890] Apache Qpid 0.30 unknown vulnerability
2392| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2393| [72878] Apache Cordova 3.5.0 cross site request forgery
2394| [72877] Apache Cordova 3.5.0 cross site request forgery
2395| [72876] Apache Cordova 3.5.0 cross site request forgery
2396| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2397| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2398| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2399| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2400| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2401| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2402| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2403| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2404| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2405| [71629] Apache Axis2/C spoofing
2406| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2407| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2408| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2409| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2410| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2411| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2412| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2413| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2414| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2415| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2416| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2417| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2418| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2419| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2420| [70809] Apache POI up to 3.11 Crash denial of service
2421| [70808] Apache POI up to 3.10 unknown vulnerability
2422| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2423| [70749] Apache Axis up to 1.4 getCN spoofing
2424| [70701] Apache Traffic Server up to 3.3.5 denial of service
2425| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2426| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2427| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2428| [70661] Apache Subversion up to 1.6.17 denial of service
2429| [70660] Apache Subversion up to 1.6.17 spoofing
2430| [70659] Apache Subversion up to 1.6.17 spoofing
2431| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2432| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2433| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2434| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2435| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2436| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2437| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2438| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2439| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2440| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2441| [69846] Apache HBase up to 0.94.8 information disclosure
2442| [69783] Apache CouchDB up to 1.2.0 memory corruption
2443| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2444| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2445| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2446| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2447| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2448| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2449| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2450| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2451| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2452| [69431] Apache Archiva up to 1.3.6 cross site scripting
2453| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2454| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2455| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2456| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2457| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2458| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2459| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2460| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2461| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2462| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2463| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2464| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2465| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2466| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2467| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2468| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2469| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2470| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2471| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2472| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2473| [66356] Apache Wicket up to 6.8.0 information disclosure
2474| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2475| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2476| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2477| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2478| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2479| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2480| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2481| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2482| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2483| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2484| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2485| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2486| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2487| [65668] Apache Solr 4.0.0 Updater denial of service
2488| [65665] Apache Solr up to 4.3.0 denial of service
2489| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2490| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2491| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2492| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2493| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2494| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2495| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2496| [65410] Apache Struts 2.3.15.3 cross site scripting
2497| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2498| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2499| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2500| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2501| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2502| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2503| [65340] Apache Shindig 2.5.0 information disclosure
2504| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2505| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2506| [10826] Apache Struts 2 File privilege escalation
2507| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2508| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2509| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2510| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2511| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2512| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2513| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2514| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2515| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2516| [64722] Apache XML Security for C++ Heap-based memory corruption
2517| [64719] Apache XML Security for C++ Heap-based memory corruption
2518| [64718] Apache XML Security for C++ verify denial of service
2519| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2520| [64716] Apache XML Security for C++ spoofing
2521| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2522| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2523| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2524| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2525| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2526| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2527| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2528| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2529| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2530| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2531| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2532| [64467] Apache Geronimo 3.0 memory corruption
2533| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2534| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2535| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2536| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2537| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2538| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2539| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2540| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2541| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2542| [8873] Apache Struts 2.3.14 privilege escalation
2543| [8872] Apache Struts 2.3.14 privilege escalation
2544| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2545| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2546| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2547| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2548| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2549| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2550| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2551| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2552| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2553| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2554| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2555| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2556| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2557| [8427] Apache Tomcat Session Transaction weak authentication
2558| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2559| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2560| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2561| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2562| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2563| [63747] Apache Rave up to 0.20 User Account information disclosure
2564| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2565| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2566| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2567| [7687] Apache CXF up to 2.7.2 Token weak authentication
2568| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2569| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2570| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2571| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2572| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2573| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2574| [63090] Apache Tomcat up to 4.1.24 denial of service
2575| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2576| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2577| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2578| [62833] Apache CXF -/2.6.0 spoofing
2579| [62832] Apache Axis2 up to 1.6.2 spoofing
2580| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2581| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2582| [62826] Apache Libcloud up to 0.11.0 spoofing
2583| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2584| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2585| [62661] Apache Axis2 unknown vulnerability
2586| [62658] Apache Axis2 unknown vulnerability
2587| [62467] Apache Qpid up to 0.17 denial of service
2588| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2589| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2590| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2591| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2592| [62035] Apache Struts up to 2.3.4 denial of service
2593| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2594| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2595| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2596| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2597| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2598| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2599| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2600| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2601| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2602| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2603| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2604| [61229] Apache Sling up to 2.1.1 denial of service
2605| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2606| [61094] Apache Roller up to 5.0 cross site scripting
2607| [61093] Apache Roller up to 5.0 cross site request forgery
2608| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2609| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2610| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2611| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2612| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2613| [60708] Apache Qpid 0.12 unknown vulnerability
2614| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2615| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2616| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2617| [4882] Apache Wicket up to 1.5.4 directory traversal
2618| [4881] Apache Wicket up to 1.4.19 cross site scripting
2619| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2620| [60352] Apache Struts up to 2.2.3 memory corruption
2621| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2622| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2623| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2624| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2625| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2626| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2627| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2628| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2629| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2630| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2631| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2632| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2633| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2634| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2635| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2636| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2637| [59888] Apache Tomcat up to 6.0.6 denial of service
2638| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2639| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2640| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2641| [59850] Apache Geronimo up to 2.2.1 denial of service
2642| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2643| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2644| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2645| [58413] Apache Tomcat up to 6.0.10 spoofing
2646| [58381] Apache Wicket up to 1.4.17 cross site scripting
2647| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2648| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2649| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2650| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2651| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2652| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2653| [57568] Apache Archiva up to 1.3.4 cross site scripting
2654| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2655| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2656| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2657| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2658| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2659| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2660| [57025] Apache Tomcat up to 7.0.11 information disclosure
2661| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2662| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2663| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2664| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2665| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2666| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2667| [56512] Apache Continuum up to 1.4.0 cross site scripting
2668| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2669| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2670| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2671| [56441] Apache Tomcat up to 7.0.6 denial of service
2672| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2673| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2674| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2675| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2676| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2677| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2678| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2679| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2680| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2681| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2682| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2683| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2684| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2685| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2686| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2687| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2688| [54012] Apache Tomcat up to 6.0.10 denial of service
2689| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2690| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2691| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2692| [52894] Apache Tomcat up to 6.0.7 information disclosure
2693| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2694| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2695| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2696| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2697| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2698| [52584] Apache CouchDB up to 0.10.1 information disclosure
2699| [51757] Apache HTTP Server 2.0.44 cross site scripting
2700| [51756] Apache HTTP Server 2.0.44 spoofing
2701| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2702| [51690] Apache Tomcat up to 6.0 directory traversal
2703| [51689] Apache Tomcat up to 6.0 information disclosure
2704| [51688] Apache Tomcat up to 6.0 directory traversal
2705| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2706| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2707| [50626] Apache Solr 1.0.0 cross site scripting
2708| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2709| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2710| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2711| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2712| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2713| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2714| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2715| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2716| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2717| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2718| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2719| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2720| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2721| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2722| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2723| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2724| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2725| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2726| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2727| [47214] Apachefriends xampp 1.6.8 spoofing
2728| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2729| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2730| [47065] Apache Tomcat 4.1.23 cross site scripting
2731| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2732| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2733| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2734| [86625] Apache Struts directory traversal
2735| [44461] Apache Tomcat up to 5.5.0 information disclosure
2736| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2737| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2738| [43663] Apache Tomcat up to 6.0.16 directory traversal
2739| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2740| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2741| [43516] Apache Tomcat up to 4.1.20 directory traversal
2742| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2743| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2744| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2745| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2746| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2747| [40924] Apache Tomcat up to 6.0.15 information disclosure
2748| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2749| [40922] Apache Tomcat up to 6.0 information disclosure
2750| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
2751| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
2752| [40656] Apache Tomcat 5.5.20 information disclosure
2753| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
2754| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
2755| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
2756| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
2757| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
2758| [40234] Apache Tomcat up to 6.0.15 directory traversal
2759| [40221] Apache HTTP Server 2.2.6 information disclosure
2760| [40027] David Castro Apache Authcas 0.4 sql injection
2761| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
2762| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
2763| [3414] Apache Tomcat WebDAV Stored privilege escalation
2764| [39489] Apache Jakarta Slide up to 2.1 directory traversal
2765| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
2766| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
2767| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
2768| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
2769| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
2770| [38524] Apache Geronimo 2.0 unknown vulnerability
2771| [3256] Apache Tomcat up to 6.0.13 cross site scripting
2772| [38331] Apache Tomcat 4.1.24 information disclosure
2773| [38330] Apache Tomcat 4.1.24 information disclosure
2774| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
2775| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
2776| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
2777| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
2778| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
2779| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
2780| [37292] Apache Tomcat up to 5.5.1 cross site scripting
2781| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
2782| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
2783| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
2784| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
2785| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
2786| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
2787| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
2788| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
2789| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
2790| [36225] XAMPP Apache Distribution 1.6.0a sql injection
2791| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
2792| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
2793| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
2794| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
2795| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
2796| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
2797| [34252] Apache HTTP Server denial of service
2798| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
2799| [33877] Apache Opentaps 0.9.3 cross site scripting
2800| [33876] Apache Open For Business Project unknown vulnerability
2801| [33875] Apache Open For Business Project cross site scripting
2802| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
2803| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
2804|
2805| MITRE CVE - https://cve.mitre.org:
2806| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
2807| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
2808| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
2809| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
2810| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
2811| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
2812| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2813| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
2814| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
2815| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
2816| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
2817| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
2818| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
2819| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
2820| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
2821| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
2822| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
2823| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
2824| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
2825| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
2826| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
2827| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2828| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
2829| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
2830| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
2831| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
2832| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
2833| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
2834| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
2835| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
2836| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2837| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2838| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
2839| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
2840| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2841| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
2842| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
2843| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
2844| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
2845| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
2846| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
2847| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2848| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2849| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2850| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2851| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
2852| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
2853| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
2854| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
2855| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
2856| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
2857| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
2858| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
2859| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
2860| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
2861| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
2862| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
2863| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
2864| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
2865| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
2866| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
2867| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
2868| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
2869| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
2870| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2871| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
2872| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
2873| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
2874| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
2875| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
2876| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
2877| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
2878| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
2879| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
2880| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
2881| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
2882| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
2883| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
2884| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
2885| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
2886| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
2887| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
2888| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
2889| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
2890| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
2891| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
2892| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
2893| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
2894| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
2895| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
2896| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
2897| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
2898| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
2899| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
2900| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
2901| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
2902| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
2903| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
2904| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
2905| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
2906| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
2907| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
2908| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
2909| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
2910| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
2911| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
2912| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
2913| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
2914| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
2915| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
2916| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
2917| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
2918| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
2919| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
2920| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
2921| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
2922| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
2923| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
2924| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
2925| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
2926| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
2927| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
2928| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
2929| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
2930| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2931| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2932| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
2933| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
2934| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
2935| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
2936| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
2937| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
2938| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
2939| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
2940| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
2941| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
2942| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
2943| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
2944| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
2945| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
2946| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
2947| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
2948| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
2949| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
2950| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
2951| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
2952| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
2953| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
2954| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
2955| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
2956| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
2957| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
2958| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
2959| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
2960| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
2961| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
2962| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
2963| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
2964| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
2965| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
2966| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
2967| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
2968| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
2969| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2970| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
2971| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
2972| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
2973| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
2974| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
2975| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
2976| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
2977| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
2978| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
2979| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
2980| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
2981| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
2982| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
2983| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
2984| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
2985| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2986| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
2987| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
2988| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
2989| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
2990| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
2991| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
2992| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
2993| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
2994| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
2995| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
2996| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
2997| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
2998| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
2999| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3000| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3001| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3002| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3003| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3004| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3005| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3006| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3007| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3008| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3009| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3010| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3011| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3012| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3013| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3014| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3015| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3016| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3017| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3018| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3019| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3020| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3021| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3022| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3023| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3024| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3025| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3026| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3027| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3028| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3029| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3030| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3031| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3032| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3033| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3034| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3035| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3036| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3037| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3038| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3039| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3040| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3041| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3042| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3043| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3044| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3045| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3046| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3047| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3048| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3049| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3050| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3051| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3052| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3053| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3054| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3055| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3056| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3057| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3058| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3059| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3060| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3061| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3062| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3063| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3064| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3065| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3066| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3067| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3068| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3069| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3070| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3071| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3072| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3073| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3074| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3075| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3076| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3077| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3078| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3079| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3080| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3081| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3082| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3083| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3084| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3085| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3086| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3087| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3088| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3089| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3090| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3091| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3092| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3093| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3094| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3095| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3096| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3097| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3098| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3099| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3100| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3101| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3102| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3103| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3104| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3105| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3106| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3107| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3108| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3109| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3110| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3111| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3112| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3113| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3114| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3115| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3116| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3117| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3118| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3119| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3120| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3121| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3122| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3123| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3124| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3125| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3126| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3127| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3128| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3129| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3130| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3131| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3132| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3133| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3134| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3135| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3136| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3137| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3138| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3139| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3140| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3141| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3142| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3143| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3144| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3145| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3146| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3147| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3148| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3149| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3150| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3151| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3152| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3153| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3154| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3155| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3156| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3157| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3158| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3159| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3160| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3161| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3162| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3163| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3164| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3165| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3166| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3167| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3168| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3169| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3170| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3171| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3172| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3173| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3174| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3175| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3176| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3177| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3178| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3179| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3180| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3181| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3182| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3183| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3184| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3185| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3186| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3187| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3188| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3189| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3190| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3191| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3192| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3193| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3194| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3195| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3196| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3197| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3198| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3199| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3200| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3201| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3202| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3203| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3204| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3205| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3206| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3207| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3208| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3209| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3210| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3211| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3212| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3213| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3214| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3215| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3216| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3217| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3218| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3219| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3220| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3221| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3222| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3223| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3224| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3225| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3226| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3227| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3228| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3229| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3230| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3231| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3232| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3233| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3234| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3235| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3236| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3237| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3238| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3239| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3240| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3241| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3242| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3243| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3244| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3245| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3246| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3247| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3248| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3249| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3250| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3251| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3252| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3253| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3254| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3255| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3256| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3257| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3258| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3259| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3260| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3261| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3262| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3263| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3264| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3265| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3266| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3267| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3268| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3269| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3270| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3271| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3272| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3273| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3274| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3275| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3276| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3277| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3278| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3279| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3280| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3281| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3282| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3283| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3284| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3285| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3286| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3287| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3288| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3289| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3290| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3291| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3292| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3293| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3294| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3295| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3296| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3297| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3298| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3299| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3300| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3301| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3302| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3303| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3304| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3305| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3306| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3307| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3308| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3309| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3310| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3311| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3312| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3313| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3314| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3315| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3316| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3317| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3318| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3319| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3320| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3321| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3322| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3323| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3324| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3325| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3326| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3327| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3328| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3329| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3330| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3331| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3332| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3333| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3334| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3335| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3336| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3337| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3338| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3339| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3340| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3341| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3342| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3343| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3344| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3345| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3346| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3347| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3348| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3349| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3350| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3351| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3352| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3353| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3354| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3355| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3356| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3357| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3358| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3359| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3360| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3361| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3362| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3363| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3364| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3365| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3366| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3367| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3368| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3369| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3370| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3371| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3372| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3373| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3374| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3375| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3376| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3377| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3378| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3379| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3380| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3381| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3382| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3383| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3384| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3385| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3386| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3387| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3388| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3389| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3390| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3391| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3392| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3393| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3394| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3395| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3396| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3397| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3398| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3399| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3400| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3401| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3402| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3403| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3404| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3405| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3406| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3407| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3408| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3409| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3410| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3411| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3412| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3413| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3414| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3415|
3416| SecurityFocus - https://www.securityfocus.com/bid/:
3417| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3418| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3419| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3420| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3421| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3422| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3423| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3424| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3425| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3426| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3427| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3428| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3429| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3430| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3431| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3432| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3433| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3434| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3435| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3436| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3437| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3438| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3439| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3440| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3441| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3442| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3443| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3444| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3445| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3446| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3447| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3448| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3449| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3450| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3451| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3452| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3453| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3454| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3455| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3456| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3457| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3458| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3459| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3460| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3461| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3462| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3463| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3464| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3465| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3466| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3467| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3468| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3469| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3470| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3471| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3472| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3473| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3474| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3475| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3476| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3477| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3478| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3479| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3480| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3481| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3482| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3483| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3484| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3485| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3486| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3487| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3488| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3489| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3490| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3491| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3492| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3493| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3494| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3495| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3496| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3497| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3498| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3499| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3500| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3501| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3502| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3503| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3504| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3505| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3506| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3507| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3508| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3509| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3510| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3511| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3512| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3513| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3514| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3515| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3516| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3517| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3518| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3519| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3520| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3521| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3522| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3523| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3524| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3525| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3526| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3527| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3528| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3529| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3530| [100447] Apache2Triad Multiple Security Vulnerabilities
3531| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3532| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3533| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3534| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3535| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3536| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3537| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3538| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3539| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3540| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3541| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3542| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3543| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3544| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3545| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3546| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3547| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3548| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3549| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3550| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3551| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3552| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3553| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3554| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3555| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3556| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3557| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3558| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3559| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3560| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3561| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3562| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3563| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3564| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3565| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3566| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3567| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3568| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3569| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3570| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3571| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3572| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3573| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3574| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3575| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3576| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3577| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3578| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3579| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3580| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3581| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3582| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3583| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3584| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3585| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3586| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3587| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3588| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3589| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3590| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3591| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3592| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3593| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3594| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3595| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3596| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3597| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3598| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3599| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3600| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3601| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3602| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3603| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3604| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3605| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3606| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3607| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3608| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3609| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3610| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3611| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3612| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3613| [95675] Apache Struts Remote Code Execution Vulnerability
3614| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3615| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3616| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3617| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3618| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3619| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3620| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3621| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3622| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3623| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3624| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3625| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3626| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3627| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3628| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3629| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3630| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3631| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3632| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3633| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3634| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3635| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3636| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3637| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3638| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3639| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3640| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3641| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3642| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3643| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3644| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3645| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3646| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3647| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3648| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3649| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3650| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3651| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3652| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3653| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3654| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3655| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3656| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3657| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3658| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3659| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3660| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3661| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3662| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3663| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3664| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3665| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3666| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3667| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3668| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3669| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3670| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3671| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3672| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3673| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3674| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3675| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3676| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3677| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3678| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3679| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3680| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3681| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3682| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3683| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3684| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3685| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3686| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3687| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3688| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3689| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3690| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3691| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3692| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3693| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3694| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3695| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3696| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3697| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3698| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3699| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3700| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3701| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3702| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3703| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3704| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3705| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3706| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3707| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3708| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3709| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3710| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3711| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3712| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3713| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3714| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3715| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3716| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3717| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3718| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3719| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3720| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3721| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3722| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3723| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3724| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3725| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3726| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3727| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3728| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3729| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3730| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3731| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3732| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3733| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3734| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3735| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3736| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3737| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3738| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3739| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3740| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3741| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3742| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3743| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3744| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3745| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3746| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3747| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3748| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3749| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
3750| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
3751| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
3752| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
3753| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
3754| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
3755| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
3756| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
3757| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
3758| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
3759| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
3760| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
3761| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
3762| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
3763| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
3764| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
3765| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
3766| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
3767| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
3768| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
3769| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
3770| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
3771| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
3772| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
3773| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
3774| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
3775| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
3776| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
3777| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
3778| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
3779| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
3780| [76933] Apache James Server Unspecified Command Execution Vulnerability
3781| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
3782| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
3783| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
3784| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
3785| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
3786| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
3787| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
3788| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
3789| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
3790| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
3791| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
3792| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
3793| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
3794| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
3795| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
3796| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
3797| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
3798| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
3799| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
3800| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
3801| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
3802| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
3803| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
3804| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
3805| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
3806| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
3807| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
3808| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
3809| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
3810| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
3811| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
3812| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
3813| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
3814| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
3815| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
3816| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
3817| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
3818| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
3819| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
3820| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
3821| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
3822| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
3823| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
3824| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
3825| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
3826| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
3827| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
3828| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
3829| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
3830| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
3831| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
3832| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
3833| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
3834| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
3835| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
3836| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
3837| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
3838| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
3839| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
3840| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
3841| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
3842| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
3843| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
3844| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
3845| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
3846| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
3847| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
3848| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
3849| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
3850| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
3851| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
3852| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
3853| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
3854| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
3855| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
3856| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
3857| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
3858| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
3859| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
3860| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
3861| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
3862| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
3863| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
3864| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
3865| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
3866| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
3867| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
3868| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
3869| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
3870| [68229] Apache Harmony PRNG Entropy Weakness
3871| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
3872| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
3873| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
3874| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
3875| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
3876| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
3877| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
3878| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
3879| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
3880| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
3881| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
3882| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
3883| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
3884| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
3885| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
3886| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
3887| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
3888| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
3889| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
3890| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
3891| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
3892| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
3893| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
3894| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
3895| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
3896| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
3897| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
3898| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
3899| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
3900| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
3901| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
3902| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
3903| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
3904| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
3905| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
3906| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
3907| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
3908| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
3909| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
3910| [64780] Apache CloudStack Unauthorized Access Vulnerability
3911| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
3912| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
3913| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
3914| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
3915| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
3916| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
3917| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
3918| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
3919| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
3920| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
3921| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
3922| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3923| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
3924| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
3925| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
3926| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
3927| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
3928| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
3929| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
3930| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
3931| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
3932| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
3933| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
3934| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
3935| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
3936| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
3937| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
3938| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
3939| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
3940| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
3941| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
3942| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
3943| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
3944| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
3945| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
3946| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
3947| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
3948| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
3949| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
3950| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
3951| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
3952| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
3953| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
3954| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
3955| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
3956| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
3957| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
3958| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
3959| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
3960| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
3961| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
3962| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
3963| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
3964| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
3965| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
3966| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
3967| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
3968| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
3969| [59670] Apache VCL Multiple Input Validation Vulnerabilities
3970| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
3971| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
3972| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
3973| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
3974| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
3975| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
3976| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
3977| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
3978| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
3979| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
3980| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
3981| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
3982| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
3983| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
3984| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
3985| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
3986| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
3987| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
3988| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
3989| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
3990| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
3991| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
3992| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
3993| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
3994| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
3995| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
3996| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
3997| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
3998| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
3999| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4000| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4001| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4002| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4003| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4004| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4005| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4006| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4007| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4008| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4009| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4010| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4011| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4012| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4013| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4014| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4015| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4016| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4017| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4018| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4019| [54798] Apache Libcloud Man In The Middle Vulnerability
4020| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4021| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4022| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4023| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4024| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4025| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4026| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4027| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4028| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4029| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4030| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4031| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4032| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4033| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4034| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4035| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4036| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4037| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4038| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4039| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4040| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4041| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4042| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4043| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4044| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4045| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4046| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4047| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4048| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4049| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4050| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4051| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4052| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4053| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4054| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4055| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4056| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4057| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4058| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4059| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4060| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4061| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4062| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4063| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4064| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4065| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4066| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4067| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4068| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4069| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4070| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4071| [49290] Apache Wicket Cross Site Scripting Vulnerability
4072| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4073| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4074| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4075| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4076| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4077| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4078| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4079| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4080| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4081| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4082| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4083| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4084| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4085| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4086| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4087| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4088| [46953] Apache MPM-ITK Module Security Weakness
4089| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4090| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4091| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4092| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4093| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4094| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4095| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4096| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4097| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4098| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4099| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4100| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4101| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4102| [44616] Apache Shiro Directory Traversal Vulnerability
4103| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4104| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4105| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4106| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4107| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4108| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4109| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4110| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4111| [42492] Apache CXF XML DTD Processing Security Vulnerability
4112| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4113| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4114| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4115| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4116| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4117| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4118| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4119| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4120| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4121| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4122| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4123| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4124| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4125| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4126| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4127| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4128| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4129| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4130| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4131| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4132| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4133| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4134| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4135| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4136| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4137| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4138| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4139| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4140| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4141| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4142| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4143| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4144| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4145| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4146| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4147| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4148| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4149| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4150| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4151| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4152| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4153| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4154| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4155| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4156| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4157| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4158| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4159| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4160| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4161| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4162| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4163| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4164| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4165| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4166| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4167| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4168| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4169| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4170| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4171| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4172| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4173| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4174| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4175| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4176| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4177| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4178| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4179| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4180| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4181| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4182| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4183| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4184| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4185| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4186| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4187| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4188| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4189| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4190| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4191| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4192| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4193| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4194| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4195| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4196| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4197| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4198| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4199| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4200| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4201| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4202| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4203| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4204| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4205| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4206| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4207| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4208| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4209| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4210| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4211| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4212| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4213| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4214| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4215| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4216| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4217| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4218| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4219| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4220| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4221| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4222| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4223| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4224| [20527] Apache Mod_TCL Remote Format String Vulnerability
4225| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4226| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4227| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4228| [19106] Apache Tomcat Information Disclosure Vulnerability
4229| [18138] Apache James SMTP Denial Of Service Vulnerability
4230| [17342] Apache Struts Multiple Remote Vulnerabilities
4231| [17095] Apache Log4Net Denial Of Service Vulnerability
4232| [16916] Apache mod_python FileSession Code Execution Vulnerability
4233| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4234| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4235| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4236| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4237| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4238| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4239| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4240| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4241| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4242| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4243| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4244| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4245| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4246| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4247| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4248| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4249| [14106] Apache HTTP Request Smuggling Vulnerability
4250| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4251| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4252| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4253| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4254| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4255| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4256| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4257| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4258| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4259| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4260| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4261| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4262| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4263| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4264| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4265| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4266| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4267| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4268| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4269| [11094] Apache mod_ssl Denial Of Service Vulnerability
4270| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4271| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4272| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4273| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4274| [10478] ClueCentral Apache Suexec Patch Security Weakness
4275| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4276| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4277| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4278| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4279| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4280| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4281| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4282| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4283| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4284| [9733] Apache Cygwin Directory Traversal Vulnerability
4285| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4286| [9590] Apache-SSL Client Certificate Forging Vulnerability
4287| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4288| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4289| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4290| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4291| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4292| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4293| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4294| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4295| [8898] Red Hat Apache Directory Index Default Configuration Error
4296| [8883] Apache Cocoon Directory Traversal Vulnerability
4297| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4298| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4299| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4300| [8707] Apache htpasswd Password Entropy Weakness
4301| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4302| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4303| [8226] Apache HTTP Server Multiple Vulnerabilities
4304| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4305| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4306| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4307| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4308| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4309| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4310| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4311| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4312| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4313| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4314| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4315| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4316| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4317| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4318| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4319| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4320| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4321| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4322| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4323| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4324| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4325| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4326| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4327| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4328| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4329| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4330| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4331| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4332| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4333| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4334| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4335| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4336| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4337| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4338| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4339| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4340| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4341| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4342| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4343| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4344| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4345| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4346| [5485] Apache 2.0 Path Disclosure Vulnerability
4347| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4348| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4349| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4350| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4351| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4352| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4353| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4354| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4355| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4356| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4357| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4358| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4359| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4360| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4361| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4362| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4363| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4364| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4365| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4366| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4367| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4368| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4369| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4370| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4371| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4372| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4373| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4374| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4375| [3596] Apache Split-Logfile File Append Vulnerability
4376| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4377| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4378| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4379| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4380| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4381| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4382| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4383| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4384| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4385| [3169] Apache Server Address Disclosure Vulnerability
4386| [3009] Apache Possible Directory Index Disclosure Vulnerability
4387| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4388| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4389| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4390| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4391| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4392| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4393| [2216] Apache Web Server DoS Vulnerability
4394| [2182] Apache /tmp File Race Vulnerability
4395| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4396| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4397| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4398| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4399| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4400| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4401| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4402| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4403| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4404| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4405| [1457] Apache::ASP source.asp Example Script Vulnerability
4406| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4407| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4408|
4409| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4410| [86258] Apache CloudStack text fields cross-site scripting
4411| [85983] Apache Subversion mod_dav_svn module denial of service
4412| [85875] Apache OFBiz UEL code execution
4413| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4414| [85871] Apache HTTP Server mod_session_dbd unspecified
4415| [85756] Apache Struts OGNL expression command execution
4416| [85755] Apache Struts DefaultActionMapper class open redirect
4417| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4418| [85574] Apache HTTP Server mod_dav denial of service
4419| [85573] Apache Struts Showcase App OGNL code execution
4420| [85496] Apache CXF denial of service
4421| [85423] Apache Geronimo RMI classloader code execution
4422| [85326] Apache Santuario XML Security for C++ buffer overflow
4423| [85323] Apache Santuario XML Security for Java spoofing
4424| [85319] Apache Qpid Python client SSL spoofing
4425| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4426| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4427| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4428| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4429| [84952] Apache Tomcat CVE-2012-3544 denial of service
4430| [84763] Apache Struts CVE-2013-2135 security bypass
4431| [84762] Apache Struts CVE-2013-2134 security bypass
4432| [84719] Apache Subversion CVE-2013-2088 command execution
4433| [84718] Apache Subversion CVE-2013-2112 denial of service
4434| [84717] Apache Subversion CVE-2013-1968 denial of service
4435| [84577] Apache Tomcat security bypass
4436| [84576] Apache Tomcat symlink
4437| [84543] Apache Struts CVE-2013-2115 security bypass
4438| [84542] Apache Struts CVE-2013-1966 security bypass
4439| [84154] Apache Tomcat session hijacking
4440| [84144] Apache Tomcat denial of service
4441| [84143] Apache Tomcat information disclosure
4442| [84111] Apache HTTP Server command execution
4443| [84043] Apache Virtual Computing Lab cross-site scripting
4444| [84042] Apache Virtual Computing Lab cross-site scripting
4445| [83782] Apache CloudStack information disclosure
4446| [83781] Apache CloudStack security bypass
4447| [83720] Apache ActiveMQ cross-site scripting
4448| [83719] Apache ActiveMQ denial of service
4449| [83718] Apache ActiveMQ denial of service
4450| [83263] Apache Subversion denial of service
4451| [83262] Apache Subversion denial of service
4452| [83261] Apache Subversion denial of service
4453| [83259] Apache Subversion denial of service
4454| [83035] Apache mod_ruid2 security bypass
4455| [82852] Apache Qpid federation_tag security bypass
4456| [82851] Apache Qpid qpid::framing::Buffer denial of service
4457| [82758] Apache Rave User RPC API information disclosure
4458| [82663] Apache Subversion svn_fs_file_length() denial of service
4459| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4460| [82641] Apache Qpid AMQP denial of service
4461| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4462| [82618] Apache Commons FileUpload symlink
4463| [82360] Apache HTTP Server manager interface cross-site scripting
4464| [82359] Apache HTTP Server hostnames cross-site scripting
4465| [82338] Apache Tomcat log/logdir information disclosure
4466| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4467| [82268] Apache OpenJPA deserialization command execution
4468| [81981] Apache CXF UsernameTokens security bypass
4469| [81980] Apache CXF WS-Security security bypass
4470| [81398] Apache OFBiz cross-site scripting
4471| [81240] Apache CouchDB directory traversal
4472| [81226] Apache CouchDB JSONP code execution
4473| [81225] Apache CouchDB Futon user interface cross-site scripting
4474| [81211] Apache Axis2/C SSL spoofing
4475| [81167] Apache CloudStack DeployVM information disclosure
4476| [81166] Apache CloudStack AddHost API information disclosure
4477| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4478| [80518] Apache Tomcat cross-site request forgery security bypass
4479| [80517] Apache Tomcat FormAuthenticator security bypass
4480| [80516] Apache Tomcat NIO denial of service
4481| [80408] Apache Tomcat replay-countermeasure security bypass
4482| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4483| [80317] Apache Tomcat slowloris denial of service
4484| [79984] Apache Commons HttpClient SSL spoofing
4485| [79983] Apache CXF SSL spoofing
4486| [79830] Apache Axis2/Java SSL spoofing
4487| [79829] Apache Axis SSL spoofing
4488| [79809] Apache Tomcat DIGEST security bypass
4489| [79806] Apache Tomcat parseHeaders() denial of service
4490| [79540] Apache OFBiz unspecified
4491| [79487] Apache Axis2 SAML security bypass
4492| [79212] Apache Cloudstack code execution
4493| [78734] Apache CXF SOAP Action security bypass
4494| [78730] Apache Qpid broker denial of service
4495| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4496| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4497| [78562] Apache mod_pagespeed module security bypass
4498| [78454] Apache Axis2 security bypass
4499| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4500| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4501| [78321] Apache Wicket unspecified cross-site scripting
4502| [78183] Apache Struts parameters denial of service
4503| [78182] Apache Struts cross-site request forgery
4504| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4505| [77987] mod_rpaf module for Apache denial of service
4506| [77958] Apache Struts skill name code execution
4507| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4508| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4509| [77568] Apache Qpid broker security bypass
4510| [77421] Apache Libcloud spoofing
4511| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4512| [77046] Oracle Solaris Apache HTTP Server information disclosure
4513| [76837] Apache Hadoop information disclosure
4514| [76802] Apache Sling CopyFrom denial of service
4515| [76692] Apache Hadoop symlink
4516| [76535] Apache Roller console cross-site request forgery
4517| [76534] Apache Roller weblog cross-site scripting
4518| [76152] Apache CXF elements security bypass
4519| [76151] Apache CXF child policies security bypass
4520| [75983] MapServer for Windows Apache file include
4521| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4522| [75558] Apache POI denial of service
4523| [75545] PHP apache_request_headers() buffer overflow
4524| [75302] Apache Qpid SASL security bypass
4525| [75211] Debian GNU/Linux apache 2 cross-site scripting
4526| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4527| [74871] Apache OFBiz FlexibleStringExpander code execution
4528| [74870] Apache OFBiz multiple cross-site scripting
4529| [74750] Apache Hadoop unspecified spoofing
4530| [74319] Apache Struts XSLTResult.java file upload
4531| [74313] Apache Traffic Server header buffer overflow
4532| [74276] Apache Wicket directory traversal
4533| [74273] Apache Wicket unspecified cross-site scripting
4534| [74181] Apache HTTP Server mod_fcgid module denial of service
4535| [73690] Apache Struts OGNL code execution
4536| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4537| [73100] Apache MyFaces in directory traversal
4538| [73096] Apache APR hash denial of service
4539| [73052] Apache Struts name cross-site scripting
4540| [73030] Apache CXF UsernameToken security bypass
4541| [72888] Apache Struts lastName cross-site scripting
4542| [72758] Apache HTTP Server httpOnly information disclosure
4543| [72757] Apache HTTP Server MPM denial of service
4544| [72585] Apache Struts ParameterInterceptor security bypass
4545| [72438] Apache Tomcat Digest security bypass
4546| [72437] Apache Tomcat Digest security bypass
4547| [72436] Apache Tomcat DIGEST security bypass
4548| [72425] Apache Tomcat parameter denial of service
4549| [72422] Apache Tomcat request object information disclosure
4550| [72377] Apache HTTP Server scoreboard security bypass
4551| [72345] Apache HTTP Server HTTP request denial of service
4552| [72229] Apache Struts ExceptionDelegator command execution
4553| [72089] Apache Struts ParameterInterceptor directory traversal
4554| [72088] Apache Struts CookieInterceptor command execution
4555| [72047] Apache Geronimo hash denial of service
4556| [72016] Apache Tomcat hash denial of service
4557| [71711] Apache Struts OGNL expression code execution
4558| [71654] Apache Struts interfaces security bypass
4559| [71620] Apache ActiveMQ failover denial of service
4560| [71617] Apache HTTP Server mod_proxy module information disclosure
4561| [71508] Apache MyFaces EL security bypass
4562| [71445] Apache HTTP Server mod_proxy security bypass
4563| [71203] Apache Tomcat servlets privilege escalation
4564| [71181] Apache HTTP Server ap_pregsub() denial of service
4565| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4566| [70336] Apache HTTP Server mod_proxy information disclosure
4567| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4568| [69472] Apache Tomcat AJP security bypass
4569| [69396] Apache HTTP Server ByteRange filter denial of service
4570| [69394] Apache Wicket multi window support cross-site scripting
4571| [69176] Apache Tomcat XML information disclosure
4572| [69161] Apache Tomcat jsvc information disclosure
4573| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4574| [68541] Apache Tomcat sendfile information disclosure
4575| [68420] Apache XML Security denial of service
4576| [68238] Apache Tomcat JMX information disclosure
4577| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4578| [67804] Apache Subversion control rules information disclosure
4579| [67803] Apache Subversion control rules denial of service
4580| [67802] Apache Subversion baselined denial of service
4581| [67672] Apache Archiva multiple cross-site scripting
4582| [67671] Apache Archiva multiple cross-site request forgery
4583| [67564] Apache APR apr_fnmatch() denial of service
4584| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4585| [67515] Apache Tomcat annotations security bypass
4586| [67480] Apache Struts s:submit information disclosure
4587| [67414] Apache APR apr_fnmatch() denial of service
4588| [67356] Apache Struts javatemplates cross-site scripting
4589| [67354] Apache Struts Xwork cross-site scripting
4590| [66676] Apache Tomcat HTTP BIO information disclosure
4591| [66675] Apache Tomcat web.xml security bypass
4592| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4593| [66241] Apache HttpComponents information disclosure
4594| [66154] Apache Tomcat ServletSecurity security bypass
4595| [65971] Apache Tomcat ServletSecurity security bypass
4596| [65876] Apache Subversion mod_dav_svn denial of service
4597| [65343] Apache Continuum unspecified cross-site scripting
4598| [65162] Apache Tomcat NIO connector denial of service
4599| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4600| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4601| [65159] Apache Tomcat ServletContect security bypass
4602| [65050] Apache CouchDB web-based administration UI cross-site scripting
4603| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4604| [64473] Apache Subversion blame -g denial of service
4605| [64472] Apache Subversion walk() denial of service
4606| [64407] Apache Axis2 CVE-2010-0219 code execution
4607| [63926] Apache Archiva password privilege escalation
4608| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4609| [63493] Apache Archiva credentials cross-site request forgery
4610| [63477] Apache Tomcat HttpOnly session hijacking
4611| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4612| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4613| [62959] Apache Shiro filters security bypass
4614| [62790] Apache Perl cgi module denial of service
4615| [62576] Apache Qpid exchange denial of service
4616| [62575] Apache Qpid AMQP denial of service
4617| [62354] Apache Qpid SSL denial of service
4618| [62235] Apache APR-util apr_brigade_split_line() denial of service
4619| [62181] Apache XML-RPC SAX Parser information disclosure
4620| [61721] Apache Traffic Server cache poisoning
4621| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4622| [61186] Apache CouchDB Futon cross-site request forgery
4623| [61169] Apache CXF DTD denial of service
4624| [61070] Apache Jackrabbit search.jsp SQL injection
4625| [61006] Apache SLMS Quoting cross-site request forgery
4626| [60962] Apache Tomcat time cross-site scripting
4627| [60883] Apache mod_proxy_http information disclosure
4628| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4629| [60264] Apache Tomcat Transfer-Encoding denial of service
4630| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4631| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4632| [59413] Apache mod_proxy_http timeout information disclosure
4633| [59058] Apache MyFaces unencrypted view state cross-site scripting
4634| [58827] Apache Axis2 xsd file include
4635| [58790] Apache Axis2 modules cross-site scripting
4636| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4637| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4638| [58056] Apache ActiveMQ .jsp source code disclosure
4639| [58055] Apache Tomcat realm name information disclosure
4640| [58046] Apache HTTP Server mod_auth_shadow security bypass
4641| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4642| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4643| [57429] Apache CouchDB algorithms information disclosure
4644| [57398] Apache ActiveMQ Web console cross-site request forgery
4645| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4646| [56653] Apache HTTP Server DNS spoofing
4647| [56652] Apache HTTP Server DNS cross-site scripting
4648| [56625] Apache HTTP Server request header information disclosure
4649| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4650| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4651| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4652| [55857] Apache Tomcat WAR files directory traversal
4653| [55856] Apache Tomcat autoDeploy attribute security bypass
4654| [55855] Apache Tomcat WAR directory traversal
4655| [55210] Intuit component for Joomla! Apache information disclosure
4656| [54533] Apache Tomcat 404 error page cross-site scripting
4657| [54182] Apache Tomcat admin default password
4658| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4659| [53666] Apache HTTP Server Solaris pollset support denial of service
4660| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4661| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4662| [53041] mod_proxy_ftp module for Apache denial of service
4663| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4664| [51953] Apache Tomcat Path Disclosure
4665| [51952] Apache Tomcat Path Traversal
4666| [51951] Apache stronghold-status Information Disclosure
4667| [51950] Apache stronghold-info Information Disclosure
4668| [51949] Apache PHP Source Code Disclosure
4669| [51948] Apache Multiviews Attack
4670| [51946] Apache JServ Environment Status Information Disclosure
4671| [51945] Apache error_log Information Disclosure
4672| [51944] Apache Default Installation Page Pattern Found
4673| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4674| [51942] Apache AXIS XML External Entity File Retrieval
4675| [51941] Apache AXIS Sample Servlet Information Leak
4676| [51940] Apache access_log Information Disclosure
4677| [51626] Apache mod_deflate denial of service
4678| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4679| [51365] Apache Tomcat RequestDispatcher security bypass
4680| [51273] Apache HTTP Server Incomplete Request denial of service
4681| [51195] Apache Tomcat XML information disclosure
4682| [50994] Apache APR-util xml/apr_xml.c denial of service
4683| [50993] Apache APR-util apr_brigade_vprintf denial of service
4684| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4685| [50930] Apache Tomcat j_security_check information disclosure
4686| [50928] Apache Tomcat AJP denial of service
4687| [50884] Apache HTTP Server XML ENTITY denial of service
4688| [50808] Apache HTTP Server AllowOverride privilege escalation
4689| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4690| [50059] Apache mod_proxy_ajp information disclosure
4691| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4692| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4693| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4694| [49921] Apache ActiveMQ Web interface cross-site scripting
4695| [49898] Apache Geronimo Services/Repository directory traversal
4696| [49725] Apache Tomcat mod_jk module information disclosure
4697| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4698| [49712] Apache Struts unspecified cross-site scripting
4699| [49213] Apache Tomcat cal2.jsp cross-site scripting
4700| [48934] Apache Tomcat POST doRead method information disclosure
4701| [48211] Apache Tomcat header HTTP request smuggling
4702| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4703| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4704| [47709] Apache Roller "
4705| [47104] Novell Netware ApacheAdmin console security bypass
4706| [47086] Apache HTTP Server OS fingerprinting unspecified
4707| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4708| [45791] Apache Tomcat RemoteFilterValve security bypass
4709| [44435] Oracle WebLogic Apache Connector buffer overflow
4710| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4711| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4712| [44156] Apache Tomcat RequestDispatcher directory traversal
4713| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4714| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4715| [42987] Apache HTTP Server mod_proxy module denial of service
4716| [42915] Apache Tomcat JSP files path disclosure
4717| [42914] Apache Tomcat MS-DOS path disclosure
4718| [42892] Apache Tomcat unspecified unauthorized access
4719| [42816] Apache Tomcat Host Manager cross-site scripting
4720| [42303] Apache 403 error cross-site scripting
4721| [41618] Apache-SSL ExpandCert() authentication bypass
4722| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4723| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4724| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4725| [40562] Apache Geronimo init information disclosure
4726| [40478] Novell Web Manager webadmin-apache.conf security bypass
4727| [40411] Apache Tomcat exception handling information disclosure
4728| [40409] Apache Tomcat native (APR based) connector weak security
4729| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4730| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4731| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4732| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4733| [39804] Apache Tomcat SingleSignOn information disclosure
4734| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4735| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4736| [39608] Apache HTTP Server balancer manager cross-site request forgery
4737| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4738| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4739| [39472] Apache HTTP Server mod_status cross-site scripting
4740| [39201] Apache Tomcat JULI logging weak security
4741| [39158] Apache HTTP Server Windows SMB shares information disclosure
4742| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4743| [38951] Apache::AuthCAS Perl module cookie SQL injection
4744| [38800] Apache HTTP Server 413 error page cross-site scripting
4745| [38211] Apache Geronimo SQLLoginModule authentication bypass
4746| [37243] Apache Tomcat WebDAV directory traversal
4747| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4748| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4749| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
4750| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
4751| [36782] Apache Geronimo MEJB unauthorized access
4752| [36586] Apache HTTP Server UTF-7 cross-site scripting
4753| [36468] Apache Geronimo LoginModule security bypass
4754| [36467] Apache Tomcat functions.jsp cross-site scripting
4755| [36402] Apache Tomcat calendar cross-site request forgery
4756| [36354] Apache HTTP Server mod_proxy module denial of service
4757| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
4758| [36336] Apache Derby lock table privilege escalation
4759| [36335] Apache Derby schema privilege escalation
4760| [36006] Apache Tomcat "
4761| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
4762| [35999] Apache Tomcat \"
4763| [35795] Apache Tomcat CookieExample cross-site scripting
4764| [35536] Apache Tomcat SendMailServlet example cross-site scripting
4765| [35384] Apache HTTP Server mod_cache module denial of service
4766| [35097] Apache HTTP Server mod_status module cross-site scripting
4767| [35095] Apache HTTP Server Prefork MPM module denial of service
4768| [34984] Apache HTTP Server recall_headers information disclosure
4769| [34966] Apache HTTP Server MPM content spoofing
4770| [34965] Apache HTTP Server MPM information disclosure
4771| [34963] Apache HTTP Server MPM multiple denial of service
4772| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
4773| [34869] Apache Tomcat JSP example Web application cross-site scripting
4774| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
4775| [34496] Apache Tomcat JK Connector security bypass
4776| [34377] Apache Tomcat hello.jsp cross-site scripting
4777| [34212] Apache Tomcat SSL configuration security bypass
4778| [34210] Apache Tomcat Accept-Language cross-site scripting
4779| [34209] Apache Tomcat calendar application cross-site scripting
4780| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
4781| [34167] Apache Axis WSDL file path disclosure
4782| [34068] Apache Tomcat AJP connector information disclosure
4783| [33584] Apache HTTP Server suEXEC privilege escalation
4784| [32988] Apache Tomcat proxy module directory traversal
4785| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
4786| [32708] Debian Apache tty privilege escalation
4787| [32441] ApacheStats extract() PHP call unspecified
4788| [32128] Apache Tomcat default account
4789| [31680] Apache Tomcat RequestParamExample cross-site scripting
4790| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
4791| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
4792| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
4793| [30456] Apache mod_auth_kerb off-by-one buffer overflow
4794| [29550] Apache mod_tcl set_var() format string
4795| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
4796| [28357] Apache HTTP Server mod_alias script source information disclosure
4797| [28063] Apache mod_rewrite off-by-one buffer overflow
4798| [27902] Apache Tomcat URL information disclosure
4799| [26786] Apache James SMTP server denial of service
4800| [25680] libapache2 /tmp/svn file upload
4801| [25614] Apache Struts lookupMap cross-site scripting
4802| [25613] Apache Struts ActionForm denial of service
4803| [25612] Apache Struts isCancelled() security bypass
4804| [24965] Apache mod_python FileSession command execution
4805| [24716] Apache James spooler memory leak denial of service
4806| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
4807| [24158] Apache Geronimo jsp-examples cross-site scripting
4808| [24030] Apache auth_ldap module multiple format strings
4809| [24008] Apache mod_ssl custom error message denial of service
4810| [24003] Apache mod_auth_pgsql module multiple syslog format strings
4811| [23612] Apache mod_imap referer field cross-site scripting
4812| [23173] Apache Struts error message cross-site scripting
4813| [22942] Apache Tomcat directory listing denial of service
4814| [22858] Apache Multi-Processing Module code allows denial of service
4815| [22602] RHSA-2005:582 updates for Apache httpd not installed
4816| [22520] Apache mod-auth-shadow "
4817| [22466] ApacheTop symlink
4818| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
4819| [22006] Apache HTTP Server byte-range filter denial of service
4820| [21567] Apache mod_ssl off-by-one buffer overflow
4821| [21195] Apache HTTP Server header HTTP request smuggling
4822| [20383] Apache HTTP Server htdigest buffer overflow
4823| [19681] Apache Tomcat AJP12 request denial of service
4824| [18993] Apache HTTP server check_forensic symlink attack
4825| [18790] Apache Tomcat Manager cross-site scripting
4826| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
4827| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
4828| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
4829| [17961] Apache Web server ServerTokens has not been set
4830| [17930] Apache HTTP Server HTTP GET request denial of service
4831| [17785] Apache mod_include module buffer overflow
4832| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
4833| [17473] Apache HTTP Server Satisfy directive allows access to resources
4834| [17413] Apache htpasswd buffer overflow
4835| [17384] Apache HTTP Server environment variable configuration file buffer overflow
4836| [17382] Apache HTTP Server IPv6 apr_util denial of service
4837| [17366] Apache HTTP Server mod_dav module LOCK denial of service
4838| [17273] Apache HTTP Server speculative mode denial of service
4839| [17200] Apache HTTP Server mod_ssl denial of service
4840| [16890] Apache HTTP Server server-info request has been detected
4841| [16889] Apache HTTP Server server-status request has been detected
4842| [16705] Apache mod_ssl format string attack
4843| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
4844| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
4845| [16230] Apache HTTP Server PHP denial of service
4846| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
4847| [15958] Apache HTTP Server authentication modules memory corruption
4848| [15547] Apache HTTP Server mod_disk_cache local information disclosure
4849| [15540] Apache HTTP Server socket starvation denial of service
4850| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
4851| [15422] Apache HTTP Server mod_access information disclosure
4852| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
4853| [15293] Apache for Cygwin "
4854| [15065] Apache-SSL has a default password
4855| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
4856| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
4857| [14751] Apache Mod_python output filter information disclosure
4858| [14125] Apache HTTP Server mod_userdir module information disclosure
4859| [14075] Apache HTTP Server mod_php file descriptor leak
4860| [13703] Apache HTTP Server account
4861| [13689] Apache HTTP Server configuration allows symlinks
4862| [13688] Apache HTTP Server configuration allows SSI
4863| [13687] Apache HTTP Server Server: header value
4864| [13685] Apache HTTP Server ServerTokens value
4865| [13684] Apache HTTP Server ServerSignature value
4866| [13672] Apache HTTP Server config allows directory autoindexing
4867| [13671] Apache HTTP Server default content
4868| [13670] Apache HTTP Server config file directive references outside content root
4869| [13668] Apache HTTP Server httpd not running in chroot environment
4870| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
4871| [13664] Apache HTTP Server config file contains ScriptAlias entry
4872| [13663] Apache HTTP Server CGI support modules loaded
4873| [13661] Apache HTTP Server config file contains AddHandler entry
4874| [13660] Apache HTTP Server 500 error page not CGI script
4875| [13659] Apache HTTP Server 413 error page not CGI script
4876| [13658] Apache HTTP Server 403 error page not CGI script
4877| [13657] Apache HTTP Server 401 error page not CGI script
4878| [13552] Apache HTTP Server mod_cgid module information disclosure
4879| [13550] Apache GET request directory traversal
4880| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
4881| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
4882| [13429] Apache Tomcat non-HTTP request denial of service
4883| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
4884| [13295] Apache weak password encryption
4885| [13254] Apache Tomcat .jsp cross-site scripting
4886| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
4887| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
4888| [12681] Apache HTTP Server mod_proxy could allow mail relaying
4889| [12662] Apache HTTP Server rotatelogs denial of service
4890| [12554] Apache Tomcat stores password in plain text
4891| [12553] Apache HTTP Server redirects and subrequests denial of service
4892| [12552] Apache HTTP Server FTP proxy server denial of service
4893| [12551] Apache HTTP Server prefork MPM denial of service
4894| [12550] Apache HTTP Server weaker than expected encryption
4895| [12549] Apache HTTP Server type-map file denial of service
4896| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
4897| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
4898| [12091] Apache HTTP Server apr_password_validate denial of service
4899| [12090] Apache HTTP Server apr_psprintf code execution
4900| [11804] Apache HTTP Server mod_access_referer denial of service
4901| [11750] Apache HTTP Server could leak sensitive file descriptors
4902| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
4903| [11703] Apache long slash path allows directory listing
4904| [11695] Apache HTTP Server LF (Line Feed) denial of service
4905| [11694] Apache HTTP Server filestat.c denial of service
4906| [11438] Apache HTTP Server MIME message boundaries information disclosure
4907| [11412] Apache HTTP Server error log terminal escape sequence injection
4908| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
4909| [11195] Apache Tomcat web.xml could be used to read files
4910| [11194] Apache Tomcat URL appended with a null character could list directories
4911| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
4912| [11126] Apache HTTP Server illegal character file disclosure
4913| [11125] Apache HTTP Server DOS device name HTTP POST code execution
4914| [11124] Apache HTTP Server DOS device name denial of service
4915| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
4916| [10938] Apache HTTP Server printenv test CGI cross-site scripting
4917| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
4918| [10575] Apache mod_php module could allow an attacker to take over the httpd process
4919| [10499] Apache HTTP Server WebDAV HTTP POST view source
4920| [10457] Apache HTTP Server mod_ssl "
4921| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
4922| [10414] Apache HTTP Server htdigest multiple buffer overflows
4923| [10413] Apache HTTP Server htdigest temporary file race condition
4924| [10412] Apache HTTP Server htpasswd temporary file race condition
4925| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
4926| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
4927| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
4928| [10280] Apache HTTP Server shared memory scorecard overwrite
4929| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
4930| [10241] Apache HTTP Server Host: header cross-site scripting
4931| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
4932| [10208] Apache HTTP Server mod_dav denial of service
4933| [10206] HP VVOS Apache mod_ssl denial of service
4934| [10200] Apache HTTP Server stderr denial of service
4935| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
4936| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
4937| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
4938| [10098] Slapper worm targets OpenSSL/Apache systems
4939| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
4940| [9875] Apache HTTP Server .var file request could disclose installation path
4941| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
4942| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
4943| [9623] Apache HTTP Server ap_log_rerror() path disclosure
4944| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
4945| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
4946| [9396] Apache Tomcat null character to threads denial of service
4947| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
4948| [9249] Apache HTTP Server chunked encoding heap buffer overflow
4949| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
4950| [8932] Apache Tomcat example class information disclosure
4951| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
4952| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
4953| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
4954| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
4955| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
4956| [8400] Apache HTTP Server mod_frontpage buffer overflows
4957| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
4958| [8308] Apache "
4959| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
4960| [8119] Apache and PHP OPTIONS request reveals "
4961| [8054] Apache is running on the system
4962| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
4963| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
4964| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
4965| [7836] Apache HTTP Server log directory denial of service
4966| [7815] Apache for Windows "
4967| [7810] Apache HTTP request could result in unexpected behavior
4968| [7599] Apache Tomcat reveals installation path
4969| [7494] Apache "
4970| [7419] Apache Web Server could allow remote attackers to overwrite .log files
4971| [7363] Apache Web Server hidden HTTP requests
4972| [7249] Apache mod_proxy denial of service
4973| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
4974| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
4975| [7059] Apache "
4976| [7057] Apache "
4977| [7056] Apache "
4978| [7055] Apache "
4979| [7054] Apache "
4980| [6997] Apache Jakarta Tomcat error message may reveal information
4981| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
4982| [6970] Apache crafted HTTP request could reveal the internal IP address
4983| [6921] Apache long slash path allows directory listing
4984| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
4985| [6527] Apache Web Server for Windows and OS2 denial of service
4986| [6316] Apache Jakarta Tomcat may reveal JSP source code
4987| [6305] Apache Jakarta Tomcat directory traversal
4988| [5926] Linux Apache symbolic link
4989| [5659] Apache Web server discloses files when used with php script
4990| [5310] Apache mod_rewrite allows attacker to view arbitrary files
4991| [5204] Apache WebDAV directory listings
4992| [5197] Apache Web server reveals CGI script source code
4993| [5160] Apache Jakarta Tomcat default installation
4994| [5099] Trustix Secure Linux installs Apache with world writable access
4995| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
4996| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
4997| [4931] Apache source.asp example file allows users to write to files
4998| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
4999| [4205] Apache Jakarta Tomcat delivers file contents
5000| [2084] Apache on Debian by default serves the /usr/doc directory
5001| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5002| [697] Apache HTTP server beck exploit
5003| [331] Apache cookies buffer overflow
5004|
5005| Exploit-DB - https://www.exploit-db.com:
5006| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5007| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5008| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5009| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5010| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5011| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5012| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5013| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5014| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5015| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5016| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5017| [29859] Apache Roller OGNL Injection
5018| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5019| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5020| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5021| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5022| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5023| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5024| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5025| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5026| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5027| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5028| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5029| [27096] Apache Geronimo 1.0 Error Page XSS
5030| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5031| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5032| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5033| [25986] Plesk Apache Zeroday Remote Exploit
5034| [25980] Apache Struts includeParams Remote Code Execution
5035| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5036| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5037| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5038| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5039| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5040| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5041| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5042| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5043| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5044| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5045| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5046| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5047| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5048| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5049| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5050| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5051| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5052| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5053| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5054| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5055| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5056| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5057| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5058| [21719] Apache 2.0 Path Disclosure Vulnerability
5059| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5060| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5061| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5062| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5063| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5064| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5065| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5066| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5067| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5068| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5069| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5070| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5071| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5072| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5073| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5074| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5075| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5076| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5077| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5078| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5079| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5080| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5081| [20558] Apache 1.2 Web Server DoS Vulnerability
5082| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5083| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5084| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5085| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5086| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5087| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5088| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5089| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5090| [19231] PHP apache_request_headers Function Buffer Overflow
5091| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5092| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5093| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5094| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5095| [18442] Apache httpOnly Cookie Disclosure
5096| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5097| [18221] Apache HTTP Server Denial of Service
5098| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5099| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5100| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5101| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5102| [16782] Apache Win32 Chunked Encoding
5103| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5104| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5105| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5106| [15319] Apache 2.2 (Windows) Local Denial of Service
5107| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5108| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5109| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5110| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5111| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5112| [12330] Apache OFBiz - Multiple XSS
5113| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5114| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5115| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5116| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5117| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5118| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5119| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5120| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5121| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5122| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5123| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5124| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5125| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5126| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5127| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5128| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5129| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5130| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5131| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5132| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5133| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5134| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5135| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5136| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5137| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5138| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5139| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5140| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5141| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5142| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5143| [466] htpasswd Apache 1.3.31 - Local Exploit
5144| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5145| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5146| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5147| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5148| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5149| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5150| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5151| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5152| [9] Apache HTTP Server 2.x Memory Leak Exploit
5153|
5154| OpenVAS (Nessus) - http://www.openvas.org:
5155| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5156| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5157| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5158| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5159| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5160| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5161| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5162| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5163| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5164| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5165| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5166| [900571] Apache APR-Utils Version Detection
5167| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5168| [900496] Apache Tiles Multiple XSS Vulnerability
5169| [900493] Apache Tiles Version Detection
5170| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5171| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5172| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5173| [870175] RedHat Update for apache RHSA-2008:0004-01
5174| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5175| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5176| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5177| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5178| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5179| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5180| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5181| [855821] Solaris Update for Apache 1.3 122912-19
5182| [855812] Solaris Update for Apache 1.3 122911-19
5183| [855737] Solaris Update for Apache 1.3 122911-17
5184| [855731] Solaris Update for Apache 1.3 122912-17
5185| [855695] Solaris Update for Apache 1.3 122911-16
5186| [855645] Solaris Update for Apache 1.3 122912-16
5187| [855587] Solaris Update for kernel update and Apache 108529-29
5188| [855566] Solaris Update for Apache 116973-07
5189| [855531] Solaris Update for Apache 116974-07
5190| [855524] Solaris Update for Apache 2 120544-14
5191| [855494] Solaris Update for Apache 1.3 122911-15
5192| [855478] Solaris Update for Apache Security 114145-11
5193| [855472] Solaris Update for Apache Security 113146-12
5194| [855179] Solaris Update for Apache 1.3 122912-15
5195| [855147] Solaris Update for kernel update and Apache 108528-29
5196| [855077] Solaris Update for Apache 2 120543-14
5197| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5198| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5199| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5200| [841209] Ubuntu Update for apache2 USN-1627-1
5201| [840900] Ubuntu Update for apache2 USN-1368-1
5202| [840798] Ubuntu Update for apache2 USN-1259-1
5203| [840734] Ubuntu Update for apache2 USN-1199-1
5204| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5205| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5206| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5207| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5208| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5209| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5210| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5211| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5212| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5213| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5214| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5215| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5216| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5217| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5218| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5219| [835188] HP-UX Update for Apache HPSBUX02308
5220| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5221| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5222| [835172] HP-UX Update for Apache HPSBUX02365
5223| [835168] HP-UX Update for Apache HPSBUX02313
5224| [835148] HP-UX Update for Apache HPSBUX01064
5225| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5226| [835131] HP-UX Update for Apache HPSBUX00256
5227| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5228| [835104] HP-UX Update for Apache HPSBUX00224
5229| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5230| [835101] HP-UX Update for Apache HPSBUX01232
5231| [835080] HP-UX Update for Apache HPSBUX02273
5232| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5233| [835044] HP-UX Update for Apache HPSBUX01019
5234| [835040] HP-UX Update for Apache PHP HPSBUX00207
5235| [835025] HP-UX Update for Apache HPSBUX00197
5236| [835023] HP-UX Update for Apache HPSBUX01022
5237| [835022] HP-UX Update for Apache HPSBUX02292
5238| [835005] HP-UX Update for Apache HPSBUX02262
5239| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5240| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5241| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5242| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5243| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5244| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5245| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5246| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5247| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5248| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5249| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5250| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5251| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5252| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5253| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5254| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5255| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5256| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5257| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5258| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5259| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5260| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5261| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5262| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5263| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5264| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5265| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5266| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5267| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5268| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5269| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5270| [801942] Apache Archiva Multiple Vulnerabilities
5271| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5272| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5273| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5274| [801284] Apache Derby Information Disclosure Vulnerability
5275| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5276| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5277| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5278| [800680] Apache APR Version Detection
5279| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5280| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5281| [800677] Apache Roller Version Detection
5282| [800279] Apache mod_jk Module Version Detection
5283| [800278] Apache Struts Cross Site Scripting Vulnerability
5284| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5285| [800276] Apache Struts Version Detection
5286| [800271] Apache Struts Directory Traversal Vulnerability
5287| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5288| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5289| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5290| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5291| [103074] Apache Continuum Cross Site Scripting Vulnerability
5292| [103073] Apache Continuum Detection
5293| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5294| [101023] Apache Open For Business Weak Password security check
5295| [101020] Apache Open For Business HTML injection vulnerability
5296| [101019] Apache Open For Business service detection
5297| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5298| [100923] Apache Archiva Detection
5299| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5300| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5301| [100813] Apache Axis2 Detection
5302| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5303| [100795] Apache Derby Detection
5304| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5305| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5306| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5307| [100514] Apache Multiple Security Vulnerabilities
5308| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5309| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5310| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5311| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5312| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5313| [72612] FreeBSD Ports: apache22
5314| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5315| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5316| [71512] FreeBSD Ports: apache
5317| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5318| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5319| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5320| [70737] FreeBSD Ports: apache
5321| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5322| [70600] FreeBSD Ports: apache
5323| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5324| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5325| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5326| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5327| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5328| [67868] FreeBSD Ports: apache
5329| [66816] FreeBSD Ports: apache
5330| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5331| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5332| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5333| [66081] SLES11: Security update for Apache 2
5334| [66074] SLES10: Security update for Apache 2
5335| [66070] SLES9: Security update for Apache 2
5336| [65998] SLES10: Security update for apache2-mod_python
5337| [65893] SLES10: Security update for Apache 2
5338| [65888] SLES10: Security update for Apache 2
5339| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5340| [65510] SLES9: Security update for Apache 2
5341| [65472] SLES9: Security update for Apache
5342| [65467] SLES9: Security update for Apache
5343| [65450] SLES9: Security update for apache2
5344| [65390] SLES9: Security update for Apache2
5345| [65363] SLES9: Security update for Apache2
5346| [65309] SLES9: Security update for Apache and mod_ssl
5347| [65296] SLES9: Security update for webdav apache module
5348| [65283] SLES9: Security update for Apache2
5349| [65249] SLES9: Security update for Apache 2
5350| [65230] SLES9: Security update for Apache 2
5351| [65228] SLES9: Security update for Apache 2
5352| [65212] SLES9: Security update for apache2-mod_python
5353| [65209] SLES9: Security update for apache2-worker
5354| [65207] SLES9: Security update for Apache 2
5355| [65168] SLES9: Security update for apache2-mod_python
5356| [65142] SLES9: Security update for Apache2
5357| [65136] SLES9: Security update for Apache 2
5358| [65132] SLES9: Security update for apache
5359| [65131] SLES9: Security update for Apache 2 oes/CORE
5360| [65113] SLES9: Security update for apache2
5361| [65072] SLES9: Security update for apache and mod_ssl
5362| [65017] SLES9: Security update for Apache 2
5363| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5364| [64783] FreeBSD Ports: apache
5365| [64774] Ubuntu USN-802-2 (apache2)
5366| [64653] Ubuntu USN-813-2 (apache2)
5367| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5368| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5369| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5370| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5371| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5372| [64443] Ubuntu USN-802-1 (apache2)
5373| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5374| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5375| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5376| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5377| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5378| [64201] Ubuntu USN-787-1 (apache2)
5379| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5380| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5381| [63565] FreeBSD Ports: apache
5382| [63562] Ubuntu USN-731-1 (apache2)
5383| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5384| [61185] FreeBSD Ports: apache
5385| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5386| [60387] Slackware Advisory SSA:2008-045-02 apache
5387| [58826] FreeBSD Ports: apache-tomcat
5388| [58825] FreeBSD Ports: apache-tomcat
5389| [58804] FreeBSD Ports: apache
5390| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5391| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5392| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5393| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5394| [57335] Debian Security Advisory DSA 1167-1 (apache)
5395| [57201] Debian Security Advisory DSA 1131-1 (apache)
5396| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5397| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5398| [57145] FreeBSD Ports: apache
5399| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5400| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5401| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5402| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5403| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5404| [56067] FreeBSD Ports: apache
5405| [55803] Slackware Advisory SSA:2005-310-04 apache
5406| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5407| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5408| [55355] FreeBSD Ports: apache
5409| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5410| [55261] Debian Security Advisory DSA 805-1 (apache2)
5411| [55259] Debian Security Advisory DSA 803-1 (apache)
5412| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5413| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5414| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5415| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5416| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5417| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5418| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5419| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5420| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5421| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5422| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5423| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5424| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5425| [54439] FreeBSD Ports: apache
5426| [53931] Slackware Advisory SSA:2004-133-01 apache
5427| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5428| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5429| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5430| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5431| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5432| [53848] Debian Security Advisory DSA 131-1 (apache)
5433| [53784] Debian Security Advisory DSA 021-1 (apache)
5434| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5435| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5436| [53735] Debian Security Advisory DSA 187-1 (apache)
5437| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5438| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5439| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5440| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5441| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5442| [53282] Debian Security Advisory DSA 594-1 (apache)
5443| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5444| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5445| [53215] Debian Security Advisory DSA 525-1 (apache)
5446| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5447| [52529] FreeBSD Ports: apache+ssl
5448| [52501] FreeBSD Ports: apache
5449| [52461] FreeBSD Ports: apache
5450| [52390] FreeBSD Ports: apache
5451| [52389] FreeBSD Ports: apache
5452| [52388] FreeBSD Ports: apache
5453| [52383] FreeBSD Ports: apache
5454| [52339] FreeBSD Ports: apache+mod_ssl
5455| [52331] FreeBSD Ports: apache
5456| [52329] FreeBSD Ports: ru-apache+mod_ssl
5457| [52314] FreeBSD Ports: apache
5458| [52310] FreeBSD Ports: apache
5459| [15588] Detect Apache HTTPS
5460| [15555] Apache mod_proxy content-length buffer overflow
5461| [15554] Apache mod_include priviledge escalation
5462| [14771] Apache <= 1.3.33 htpasswd local overflow
5463| [14177] Apache mod_access rule bypass
5464| [13644] Apache mod_rootme Backdoor
5465| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5466| [12280] Apache Connection Blocking Denial of Service
5467| [12239] Apache Error Log Escape Sequence Injection
5468| [12123] Apache Tomcat source.jsp malformed request information disclosure
5469| [12085] Apache Tomcat servlet/JSP container default files
5470| [11438] Apache Tomcat Directory Listing and File disclosure
5471| [11204] Apache Tomcat Default Accounts
5472| [11092] Apache 2.0.39 Win32 directory traversal
5473| [11046] Apache Tomcat TroubleShooter Servlet Installed
5474| [11042] Apache Tomcat DOS Device Name XSS
5475| [11041] Apache Tomcat /servlet Cross Site Scripting
5476| [10938] Apache Remote Command Execution via .bat files
5477| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5478| [10773] MacOS X Finder reveals contents of Apache Web files
5479| [10766] Apache UserDir Sensitive Information Disclosure
5480| [10756] MacOS X Finder reveals contents of Apache Web directories
5481| [10752] Apache Auth Module SQL Insertion Attack
5482| [10704] Apache Directory Listing
5483| [10678] Apache /server-info accessible
5484| [10677] Apache /server-status accessible
5485| [10440] Check for Apache Multiple / vulnerability
5486|
5487| SecurityTracker - https://www.securitytracker.com:
5488| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5489| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5490| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5491| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5492| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5493| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5494| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5495| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5496| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5497| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5498| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5499| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5500| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5501| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5502| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5503| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5504| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5505| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5506| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5507| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5508| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5509| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5510| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5511| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5512| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5513| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5514| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5515| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5516| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5517| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5518| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5519| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5520| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5521| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5522| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5523| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5524| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5525| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5526| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5527| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5528| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5529| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5530| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5531| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5532| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5533| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5534| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5535| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5536| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5537| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5538| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5539| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5540| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5541| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5542| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5543| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5544| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5545| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5546| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5547| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5548| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5549| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5550| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5551| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5552| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5553| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5554| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5555| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5556| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5557| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5558| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5559| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5560| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5561| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5562| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5563| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5564| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5565| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5566| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5567| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5568| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5569| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5570| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5571| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5572| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5573| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5574| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5575| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5576| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5577| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5578| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5579| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5580| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5581| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5582| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5583| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5584| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5585| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5586| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5587| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5588| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5589| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5590| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5591| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5592| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5593| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5594| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5595| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5596| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5597| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5598| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5599| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5600| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5601| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5602| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5603| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5604| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5605| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5606| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5607| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5608| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5609| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5610| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5611| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5612| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5613| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5614| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5615| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5616| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5617| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5618| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5619| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5620| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5621| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5622| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5623| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5624| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5625| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5626| [1008920] Apache mod_digest May Validate Replayed Client Responses
5627| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5628| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5629| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5630| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5631| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5632| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5633| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5634| [1008029] Apache mod_alias Contains a Buffer Overflow
5635| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5636| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5637| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5638| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5639| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5640| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5641| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5642| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5643| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5644| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5645| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5646| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5647| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5648| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5649| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5650| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5651| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5652| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5653| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5654| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5655| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5656| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5657| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5658| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5659| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5660| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5661| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5662| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5663| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5664| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5665| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5666| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5667| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5668| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5669| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5670| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5671| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5672| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5673| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5674| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5675| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5676| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5677| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5678| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5679| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5680| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5681| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5682| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5683| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5684| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5685| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5686| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5687| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5688| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5689| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5690| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5691|
5692| OSVDB - http://www.osvdb.org:
5693| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5694| [96077] Apache CloudStack Global Settings Multiple Field XSS
5695| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5696| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5697| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5698| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5699| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5700| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5701| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5702| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5703| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5704| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5705| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5706| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5707| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5708| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5709| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5710| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5711| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5712| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5713| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5714| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5715| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5716| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5717| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5718| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5719| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5720| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5721| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5722| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5723| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5724| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5725| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5726| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5727| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5728| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5729| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5730| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5731| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5732| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5733| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5734| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5735| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5736| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5737| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5738| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5739| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5740| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5741| [94279] Apache Qpid CA Certificate Validation Bypass
5742| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5743| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5744| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5745| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5746| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5747| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5748| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5749| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
5750| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
5751| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
5752| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
5753| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
5754| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
5755| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
5756| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
5757| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
5758| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
5759| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
5760| [93541] Apache Solr json.wrf Callback XSS
5761| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
5762| [93521] Apache jUDDI Security API Token Session Persistence Weakness
5763| [93520] Apache CloudStack Default SSL Key Weakness
5764| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
5765| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
5766| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
5767| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
5768| [93515] Apache HBase table.jsp name Parameter XSS
5769| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
5770| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
5771| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
5772| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
5773| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
5774| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
5775| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
5776| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
5777| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
5778| [93252] Apache Tomcat FORM Authenticator Session Fixation
5779| [93172] Apache Camel camel/endpoints/ Endpoint XSS
5780| [93171] Apache Sling HtmlResponse Error Message XSS
5781| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
5782| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
5783| [93168] Apache Click ErrorReport.java id Parameter XSS
5784| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
5785| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
5786| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
5787| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
5788| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
5789| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
5790| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
5791| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
5792| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
5793| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
5794| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
5795| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
5796| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
5797| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
5798| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
5799| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
5800| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
5801| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
5802| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
5803| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
5804| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
5805| [93144] Apache Solr Admin Command Execution CSRF
5806| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
5807| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
5808| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
5809| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
5810| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
5811| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
5812| [92748] Apache CloudStack VM Console Access Restriction Bypass
5813| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
5814| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
5815| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
5816| [92706] Apache ActiveMQ Debug Log Rendering XSS
5817| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
5818| [92270] Apache Tomcat Unspecified CSRF
5819| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
5820| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
5821| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
5822| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
5823| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
5824| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
5825| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
5826| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
5827| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
5828| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
5829| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
5830| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
5831| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
5832| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
5833| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
5834| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
5835| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
5836| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
5837| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
5838| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
5839| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
5840| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
5841| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
5842| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
5843| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
5844| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
5845| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
5846| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
5847| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
5848| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
5849| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
5850| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
5851| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
5852| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
5853| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
5854| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
5855| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
5856| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
5857| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
5858| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
5859| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
5860| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
5861| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
5862| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
5863| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
5864| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
5865| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
5866| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
5867| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
5868| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
5869| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
5870| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
5871| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
5872| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
5873| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
5874| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
5875| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
5876| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
5877| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
5878| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
5879| [86901] Apache Tomcat Error Message Path Disclosure
5880| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
5881| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
5882| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
5883| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
5884| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
5885| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
5886| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
5887| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
5888| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
5889| [85430] Apache mod_pagespeed Module Unspecified XSS
5890| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
5891| [85249] Apache Wicket Unspecified XSS
5892| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
5893| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
5894| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
5895| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
5896| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
5897| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
5898| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
5899| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
5900| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
5901| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
5902| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
5903| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
5904| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
5905| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
5906| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
5907| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
5908| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
5909| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
5910| [83339] Apache Roller Blogger Roll Unspecified XSS
5911| [83270] Apache Roller Unspecified Admin Action CSRF
5912| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
5913| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
5914| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
5915| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
5916| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
5917| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
5918| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
5919| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
5920| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
5921| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
5922| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
5923| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
5924| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
5925| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
5926| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
5927| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
5928| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
5929| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
5930| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
5931| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
5932| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
5933| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
5934| [80300] Apache Wicket wicket:pageMapName Parameter XSS
5935| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
5936| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
5937| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
5938| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
5939| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
5940| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
5941| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
5942| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
5943| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
5944| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
5945| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
5946| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
5947| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
5948| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
5949| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
5950| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
5951| [78331] Apache Tomcat Request Object Recycling Information Disclosure
5952| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
5953| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
5954| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
5955| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
5956| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
5957| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
5958| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
5959| [77593] Apache Struts Conversion Error OGNL Expression Injection
5960| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
5961| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
5962| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
5963| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
5964| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
5965| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
5966| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
5967| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
5968| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
5969| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
5970| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
5971| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
5972| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
5973| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
5974| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
5975| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
5976| [74725] Apache Wicket Multi Window Support Unspecified XSS
5977| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
5978| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
5979| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
5980| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
5981| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
5982| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
5983| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
5984| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
5985| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
5986| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
5987| [73644] Apache XML Security Signature Key Parsing Overflow DoS
5988| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
5989| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
5990| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
5991| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
5992| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
5993| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
5994| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
5995| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
5996| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
5997| [73154] Apache Archiva Multiple Unspecified CSRF
5998| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
5999| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6000| [72238] Apache Struts Action / Method Names <
6001| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6002| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6003| [71557] Apache Tomcat HTML Manager Multiple XSS
6004| [71075] Apache Archiva User Management Page XSS
6005| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6006| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6007| [70924] Apache Continuum Multiple Admin Function CSRF
6008| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6009| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6010| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6011| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6012| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6013| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6014| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6015| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6016| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6017| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6018| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6019| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6020| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6021| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6022| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6023| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6024| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6025| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6026| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6027| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6028| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6029| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6030| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6031| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6032| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6033| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6034| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6035| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6036| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6037| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6038| [65054] Apache ActiveMQ Jetty Error Handler XSS
6039| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6040| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6041| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6042| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6043| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6044| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6045| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6046| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6047| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6048| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6049| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6050| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6051| [63895] Apache HTTP Server mod_headers Unspecified Issue
6052| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6053| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6054| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6055| [63140] Apache Thrift Service Malformed Data Remote DoS
6056| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6057| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6058| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6059| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6060| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6061| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6062| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6063| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6064| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6065| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6066| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6067| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6068| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6069| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6070| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6071| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6072| [60678] Apache Roller Comment Email Notification Manipulation DoS
6073| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6074| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6075| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6076| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6077| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6078| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6079| [60232] PHP on Apache php.exe Direct Request Remote DoS
6080| [60176] Apache Tomcat Windows Installer Admin Default Password
6081| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6082| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6083| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6084| [59944] Apache Hadoop jobhistory.jsp XSS
6085| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6086| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6087| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6088| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6089| [59019] Apache mod_python Cookie Salting Weakness
6090| [59018] Apache Harmony Error Message Handling Overflow
6091| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6092| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6093| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6094| [59010] Apache Solr get-file.jsp XSS
6095| [59009] Apache Solr action.jsp XSS
6096| [59008] Apache Solr analysis.jsp XSS
6097| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6098| [59006] Apache Beehive select / checkbox Tag XSS
6099| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6100| [59004] Apache Beehive Error Message XSS
6101| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6102| [59002] Apache Jetspeed default-page.psml URI XSS
6103| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6104| [59000] Apache CXF Unsigned Message Policy Bypass
6105| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6106| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6107| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6108| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6109| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6110| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6111| [58993] Apache Hadoop browseBlock.jsp XSS
6112| [58991] Apache Hadoop browseDirectory.jsp XSS
6113| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6114| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6115| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6116| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6117| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6118| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6119| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6120| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6121| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6122| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6123| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6124| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6125| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6126| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6127| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6128| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6129| [58974] Apache Sling /apps Script User Session Management Access Weakness
6130| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6131| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6132| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6133| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6134| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6135| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6136| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6137| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6138| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6139| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6140| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6141| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6142| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6143| [58805] Apache Derby Unauthenticated Database / Admin Access
6144| [58804] Apache Wicket Header Contribution Unspecified Issue
6145| [58803] Apache Wicket Session Fixation
6146| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6147| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6148| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6149| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6150| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6151| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6152| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6153| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6154| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6155| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6156| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6157| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6158| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6159| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6160| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6161| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6162| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6163| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6164| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6165| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6166| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6167| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6168| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6169| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6170| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6171| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6172| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6173| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6174| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6175| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6176| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6177| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6178| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6179| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6180| [58755] Apache Harmony DRLVM Non-public Class Member Access
6181| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6182| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6183| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6184| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6185| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6186| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6187| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6188| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6189| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6190| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6191| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6192| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6193| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6194| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6195| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6196| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6197| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6198| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6199| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6200| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6201| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6202| [58724] Apache Roller Logout Functionality Failure Session Persistence
6203| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6204| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6205| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6206| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6207| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6208| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6209| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6210| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6211| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6212| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6213| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6214| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6215| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6216| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6217| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6218| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6219| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6220| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6221| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6222| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6223| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6224| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6225| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6226| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6227| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6228| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6229| [58687] Apache Axis Invalid wsdl Request XSS
6230| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6231| [58685] Apache Velocity Template Designer Privileged Code Execution
6232| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6233| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6234| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6235| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6236| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6237| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6238| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6239| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6240| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6241| [58667] Apache Roller Database Cleartext Passwords Disclosure
6242| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6243| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6244| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6245| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6246| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6247| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6248| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6249| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6250| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6251| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6252| [56984] Apache Xerces2 Java Malformed XML Input DoS
6253| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6254| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6255| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6256| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6257| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6258| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6259| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6260| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6261| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6262| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6263| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6264| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6265| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6266| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6267| [55056] Apache Tomcat Cross-application TLD File Manipulation
6268| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6269| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6270| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6271| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6272| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6273| [54589] Apache Jserv Nonexistent JSP Request XSS
6274| [54122] Apache Struts s:a / s:url Tag href Element XSS
6275| [54093] Apache ActiveMQ Web Console JMS Message XSS
6276| [53932] Apache Geronimo Multiple Admin Function CSRF
6277| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6278| [53930] Apache Geronimo /console/portal/ URI XSS
6279| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6280| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6281| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6282| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6283| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6284| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6285| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6286| [53380] Apache Struts Unspecified XSS
6287| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6288| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6289| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6290| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6291| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6292| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6293| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6294| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6295| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6296| [51151] Apache Roller Search Function q Parameter XSS
6297| [50482] PHP with Apache php_value Order Unspecified Issue
6298| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6299| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6300| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6301| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6302| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6303| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6304| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6305| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6306| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6307| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6308| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6309| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6310| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6311| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6312| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6313| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6314| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6315| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6316| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6317| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6318| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6319| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6320| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6321| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6322| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6323| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6324| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6325| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6326| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6327| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6328| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6329| [43452] Apache Tomcat HTTP Request Smuggling
6330| [43309] Apache Geronimo LoginModule Login Method Bypass
6331| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6332| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6333| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6334| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6335| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6336| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6337| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6338| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6339| [42091] Apache Maven Site Plugin Installation Permission Weakness
6340| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6341| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6342| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6343| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6344| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6345| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6346| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6347| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6348| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6349| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6350| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6351| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6352| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6353| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6354| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6355| [40262] Apache HTTP Server mod_status refresh XSS
6356| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6357| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6358| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6359| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6360| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6361| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6362| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6363| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6364| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6365| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6366| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6367| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6368| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6369| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6370| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6371| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6372| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6373| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6374| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6375| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6376| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6377| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6378| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6379| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6380| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6381| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6382| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6383| [36079] Apache Tomcat Manager Uploaded Filename XSS
6384| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6385| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6386| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6387| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6388| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6389| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6390| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6391| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6392| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6393| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6394| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6395| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6396| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6397| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6398| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6399| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6400| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6401| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6402| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6403| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6404| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6405| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6406| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6407| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6408| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6409| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6410| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6411| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6412| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6413| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6414| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6415| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6416| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6417| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6418| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6419| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6420| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6421| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6422| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6423| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6424| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6425| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6426| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6427| [24365] Apache Struts Multiple Function Error Message XSS
6428| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6429| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6430| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6431| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6432| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6433| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6434| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6435| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6436| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6437| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6438| [22459] Apache Geronimo Error Page XSS
6439| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6440| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6441| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6442| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6443| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6444| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6445| [21021] Apache Struts Error Message XSS
6446| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6447| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6448| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6449| [20439] Apache Tomcat Directory Listing Saturation DoS
6450| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6451| [20285] Apache HTTP Server Log File Control Character Injection
6452| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6453| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6454| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6455| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6456| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6457| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6458| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6459| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6460| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6461| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6462| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6463| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6464| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6465| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6466| [18233] Apache HTTP Server htdigest user Variable Overfow
6467| [17738] Apache HTTP Server HTTP Request Smuggling
6468| [16586] Apache HTTP Server Win32 GET Overflow DoS
6469| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6470| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6471| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6472| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6473| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6474| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6475| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6476| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6477| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6478| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6479| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6480| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6481| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6482| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6483| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6484| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6485| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6486| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6487| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6488| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6489| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6490| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6491| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6492| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6493| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6494| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6495| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6496| [13304] Apache Tomcat realPath.jsp Path Disclosure
6497| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6498| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6499| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6500| [12848] Apache HTTP Server htdigest realm Variable Overflow
6501| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6502| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6503| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6504| [12557] Apache HTTP Server prefork MPM accept Error DoS
6505| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6506| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6507| [12231] Apache Tomcat web.xml Arbitrary File Access
6508| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6509| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6510| [12178] Apache Jakarta Lucene results.jsp XSS
6511| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6512| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6513| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6514| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6515| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6516| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6517| [10471] Apache Xerces-C++ XML Parser DoS
6518| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6519| [10068] Apache HTTP Server htpasswd Local Overflow
6520| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6521| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6522| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6523| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6524| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6525| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6526| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6527| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6528| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6529| [9714] Apache Authentication Module Threaded MPM DoS
6530| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6531| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6532| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6533| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6534| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6535| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6536| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6537| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6538| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6539| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6540| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6541| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6542| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6543| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6544| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6545| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6546| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6547| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6548| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6549| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6550| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6551| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6552| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6553| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6554| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6555| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6556| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6557| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6558| [9208] Apache Tomcat .jsp Encoded Newline XSS
6559| [9204] Apache Tomcat ROOT Application XSS
6560| [9203] Apache Tomcat examples Application XSS
6561| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6562| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6563| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6564| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6565| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6566| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6567| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6568| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6569| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6570| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6571| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6572| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6573| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6574| [7611] Apache HTTP Server mod_alias Local Overflow
6575| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6576| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6577| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6578| [6882] Apache mod_python Malformed Query String Variant DoS
6579| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6580| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6581| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6582| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6583| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6584| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6585| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6586| [5278] Apache Tomcat web.xml Restriction Bypass
6587| [5051] Apache Tomcat Null Character DoS
6588| [4973] Apache Tomcat servlet Mapping XSS
6589| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6590| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6591| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6592| [4568] mod_survey For Apache ENV Tags SQL Injection
6593| [4553] Apache HTTP Server ApacheBench Overflow DoS
6594| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6595| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6596| [4383] Apache HTTP Server Socket Race Condition DoS
6597| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6598| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6599| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6600| [4231] Apache Cocoon Error Page Server Path Disclosure
6601| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6602| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6603| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6604| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6605| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6606| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6607| [3322] mod_php for Apache HTTP Server Process Hijack
6608| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6609| [2885] Apache mod_python Malformed Query String DoS
6610| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6611| [2733] Apache HTTP Server mod_rewrite Local Overflow
6612| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6613| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6614| [2149] Apache::Gallery Privilege Escalation
6615| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6616| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6617| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6618| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6619| [872] Apache Tomcat Multiple Default Accounts
6620| [862] Apache HTTP Server SSI Error Page XSS
6621| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6622| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6623| [845] Apache Tomcat MSDOS Device XSS
6624| [844] Apache Tomcat Java Servlet Error Page XSS
6625| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6626| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6627| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6628| [775] Apache mod_python Module Importing Privilege Function Execution
6629| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6630| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6631| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6632| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6633| [637] Apache HTTP Server UserDir Directive Username Enumeration
6634| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6635| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6636| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6637| [561] Apache Web Servers mod_status /server-status Information Disclosure
6638| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6639| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6640| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6641| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6642| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6643| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6644| [376] Apache Tomcat contextAdmin Arbitrary File Access
6645| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6646| [222] Apache HTTP Server test-cgi Arbitrary File Access
6647| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6648| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6649|_
6650110/tcp open pop3 Courier pop3d
6651| vulscan: VulDB - https://vuldb.com:
6652| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
6653| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
6654| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
6655| [50725] e-Courier CMS cross site scripting
6656| [46287] Pre Courier and Cargo Business unknown vulnerability
6657| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
6658| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
6659|
6660| MITRE CVE - https://cve.mitre.org:
6661| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
6662| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
6663| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
6664| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
6665| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
6666| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
6667| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
6668| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
6669| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
6670| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
6671| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
6672| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
6673| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
6674| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
6675| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
6676| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
6677| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
6678| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
6679| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
6680| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
6681| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
6682| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
6683| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
6684| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
6685| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
6686| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
6687| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
6688|
6689| SecurityFocus - https://www.securityfocus.com/bid/:
6690| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
6691| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
6692| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
6693| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
6694| [39838] tpop3d Remote Denial of Service Vulnerability
6695| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
6696| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
6697| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
6698| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
6699| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
6700| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
6701| [15771] Courier Mail Server Unauthorized Access Vulnerability
6702| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
6703| [10976] Courier-IMAP Remote Format String Vulnerability
6704| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
6705| [8495] akpop3d User Name SQL Injection Vulnerability
6706| [8473] Vpop3d Remote Denial Of Service Vulnerability
6707| [6738] Courier-IMAP Username SQL Injection Vulnerability
6708| [6189] Courier SqWebMail File Disclosure Vulnerability
6709| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
6710| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
6711| [3990] ZPop3D Bad Login Logging Failure Vulnerability
6712| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
6713|
6714| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6715| [54180] e-Courier CMS multiple scripts cross-site scripting
6716| [54143] e-Courier CMS index.asp cross-site scripting
6717| [47494] Courier Authentication Library Postgres SQL injection
6718| [47436] PRE COURIER &
6719| [43628] Novell OpenSUSE courier-authlib SQL injection
6720| [42950] Courier authentication library username SQL injection
6721| [33805] Gentoo Courier-IMAP command execution
6722| [26998] Courier Mail Server libs/comverp.c usernames denial of service
6723| [26578] Cyrus IMAP pop3d buffer overflow
6724| [23532] Courier Mail Server authentication daemon allows deactivated account access
6725| [21565] Courier Mail Server rfc1035/spf.c denial of service
6726| [17034] Courier-IMAP auth_debug format string attack
6727| [15434] Courier Japanese codeset converter buffer overflow
6728| [13018] akpop3d authentication code SQL injection
6729| [11213] Courier-IMAP authpgsqllib username SQL injection
6730| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
6731| [9228] Courier MTA long year denial of service
6732| [7345] Slackware Linux imapd and ipop3d core dump
6733| [6269] imap, ipop2d and ipop3d buffer overflows
6734| [5923] Linuxconf vpop3d symbolic link
6735| [4918] IPOP3D, Buffer overflow attack
6736| [1560] IPOP3D, user login successful
6737| [1559] IPOP3D user login to remote host successful
6738| [1525] IPOP3D, user logout
6739| [1524] IPOP3D, user auto-logout
6740| [1523] IPOP3D, user login failure
6741| [1522] IPOP3D, brute force attack
6742| [1521] IPOP3D, user kiss of death logout
6743| [418] pop3d mktemp creates insecure temporary files
6744|
6745| Exploit-DB - https://www.exploit-db.com:
6746| [23053] Vpop3d Remote Denial of Service Vulnerability
6747| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
6748| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
6749| [11893] tPop3d 1.5.3 DoS
6750| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
6751| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
6752| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
6753| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
6754|
6755| OpenVAS (Nessus) - http://www.openvas.org:
6756| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
6757| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
6758| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
6759| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
6760| [61192] FreeBSD Ports: courier-authlib
6761| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
6762| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
6763| [57001] Debian Security Advisory DSA 1101-1 (courier)
6764| [55972] Debian Security Advisory DSA 917-1 (courier)
6765| [55421] Debian Security Advisory DSA 820-1 (courier)
6766| [55204] Debian Security Advisory DSA 793-1 (courier)
6767| [55165] Debian Security Advisory DSA 784-1 (courier)
6768| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
6769| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
6770| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
6771| [53589] Debian Security Advisory DSA 247-1 (courier)
6772| [53441] Debian Security Advisory DSA 197-1 (courier)
6773| [53222] Debian Security Advisory DSA 533-1 (courier)
6774| [52431] FreeBSD Ports: courier
6775| [52418] FreeBSD Ports: courier-imap
6776|
6777| SecurityTracker - https://www.securitytracker.com:
6778| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
6779| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
6780| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
6781| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
6782| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
6783| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
6784| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
6785|
6786| OSVDB - http://www.osvdb.org:
6787| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
6788| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
6789| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
6790| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
6791| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
6792| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
6793| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
6794| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
6795| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
6796| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
6797| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
6798| [47516] openSUSE courier-authlib Unspecified SQL Injection
6799| [46049] Courier Authentication Library Username SQL Injection
6800| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
6801| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
6802| [26232] Courier Mail Server Crafted Username Encoding DoS
6803| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
6804| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
6805| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
6806| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
6807| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
6808| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
6809| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
6810| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
6811| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
6812| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
6813| [5857] Linux pop3d Arbitrary Mail File Access
6814| [5052] Double Precision Courier MTA Invalid Year DoS
6815| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
6816| [2471] akpop3d username SQL Injection
6817|_
6818139/tcp closed netbios-ssn
6819143/tcp open imap Courier Imapd (released 2015)
6820| vulscan: VulDB - https://vuldb.com:
6821| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
6822| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
6823| [59792] Cyrus IMAPd 2.4.11 weak authentication
6824| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
6825| [50725] e-Courier CMS cross site scripting
6826| [46287] Pre Courier and Cargo Business unknown vulnerability
6827| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
6828| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
6829| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
6830| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
6831|
6832| MITRE CVE - https://cve.mitre.org:
6833| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
6834| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
6835| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
6836| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
6837| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
6838| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
6839| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
6840| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
6841| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
6842| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
6843| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
6844| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
6845| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
6846| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
6847| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
6848| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
6849| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
6850| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
6851| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
6852| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
6853| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
6854| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
6855| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
6856| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
6857| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
6858| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
6859| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
6860| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
6861| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
6862| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
6863| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
6864| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
6865| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
6866| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
6867| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
6868| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
6869| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
6870| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
6871| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
6872| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
6873| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
6874| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
6875| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
6876| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
6877| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
6878| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
6879| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
6880| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
6881| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
6882| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
6883|
6884| SecurityFocus - https://www.securityfocus.com/bid/:
6885| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
6886| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
6887| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
6888| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
6889| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
6890| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
6891| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
6892| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
6893| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
6894| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
6895| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
6896| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
6897| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
6898| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
6899| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
6900| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
6901| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
6902| [15771] Courier Mail Server Unauthorized Access Vulnerability
6903| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
6904| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
6905| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
6906| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
6907| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
6908| [10976] Courier-IMAP Remote Format String Vulnerability
6909| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
6910| [6738] Courier-IMAP Username SQL Injection Vulnerability
6911| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
6912| [6189] Courier SqWebMail File Disclosure Vulnerability
6913| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
6914| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
6915| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
6916| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
6917| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
6918| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
6919| [130] imapd Buffer Overflow Vulnerability
6920|
6921| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6922| [70325] Cyrus IMAPd NNTP security bypass
6923| [54180] e-Courier CMS multiple scripts cross-site scripting
6924| [54143] e-Courier CMS index.asp cross-site scripting
6925| [47526] UW-imapd rfc822_output_char() denial of service
6926| [47494] Courier Authentication Library Postgres SQL injection
6927| [47436] PRE COURIER &
6928| [43628] Novell OpenSUSE courier-authlib SQL injection
6929| [42950] Courier authentication library username SQL injection
6930| [33805] Gentoo Courier-IMAP command execution
6931| [26998] Courier Mail Server libs/comverp.c usernames denial of service
6932| [23532] Courier Mail Server authentication daemon allows deactivated account access
6933| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
6934| [21565] Courier Mail Server rfc1035/spf.c denial of service
6935| [19460] Cyrus IMAP imapd buffer overflow
6936| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
6937| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
6938| [17034] Courier-IMAP auth_debug format string attack
6939| [15434] Courier Japanese codeset converter buffer overflow
6940| [11213] Courier-IMAP authpgsqllib username SQL injection
6941| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
6942| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
6943| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
6944| [9228] Courier MTA long year denial of service
6945| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
6946| [7345] Slackware Linux imapd and ipop3d core dump
6947| [573] Imapd denial of service
6948|
6949| Exploit-DB - https://www.exploit-db.com:
6950| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
6951| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
6952| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
6953| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
6954| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
6955| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
6956| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
6957| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
6958| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
6959| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
6960| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
6961| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
6962| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
6963| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
6964| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
6965| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
6966| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
6967| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
6968| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
6969| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
6970| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
6971| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
6972| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
6973| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
6974| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
6975| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
6976| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
6977| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
6978| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
6979| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
6980| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
6981| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
6982| [340] Linux imapd Remote Overflow File Retrieve Exploit
6983|
6984| OpenVAS (Nessus) - http://www.openvas.org:
6985| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
6986| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
6987| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
6988| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
6989| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
6990| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
6991| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
6992| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
6993| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
6994| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
6995| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
6996| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
6997| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
6998| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
6999| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
7000| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
7001| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
7002| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
7003| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
7004| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
7005| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
7006| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
7007| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
7008| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
7009| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
7010| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
7011| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
7012| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
7013| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
7014| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
7015| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
7016| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
7017| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
7018| [66233] SLES10: Security update for Cyrus IMAPD
7019| [66226] SLES11: Security update for Cyrus IMAPD
7020| [66222] SLES9: Security update for Cyrus IMAPD
7021| [65938] SLES10: Security update for Cyrus IMAPD
7022| [65723] SLES11: Security update for Cyrus IMAPD
7023| [65523] SLES9: Security update for Cyrus IMAPD
7024| [65479] SLES9: Security update for cyrus-imapd
7025| [65094] SLES9: Security update for cyrus-imapd
7026| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
7027| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
7028| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
7029| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
7030| [64898] FreeBSD Ports: cyrus-imapd
7031| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
7032| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
7033| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
7034| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
7035| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
7036| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
7037| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
7038| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
7039| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
7040| [61192] FreeBSD Ports: courier-authlib
7041| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
7042| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
7043| [57001] Debian Security Advisory DSA 1101-1 (courier)
7044| [55972] Debian Security Advisory DSA 917-1 (courier)
7045| [55807] Slackware Advisory SSA:2005-310-06 imapd
7046| [55421] Debian Security Advisory DSA 820-1 (courier)
7047| [55204] Debian Security Advisory DSA 793-1 (courier)
7048| [55165] Debian Security Advisory DSA 784-1 (courier)
7049| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
7050| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
7051| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
7052| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
7053| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
7054| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
7055| [53589] Debian Security Advisory DSA 247-1 (courier)
7056| [53441] Debian Security Advisory DSA 197-1 (courier)
7057| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
7058| [53222] Debian Security Advisory DSA 533-1 (courier)
7059| [52431] FreeBSD Ports: courier
7060| [52418] FreeBSD Ports: courier-imap
7061| [52297] FreeBSD Ports: cyrus-imapd
7062| [52296] FreeBSD Ports: cyrus-imapd
7063| [52295] FreeBSD Ports: cyrus-imapd
7064| [52294] FreeBSD Ports: cyrus-imapd
7065| [52172] FreeBSD Ports: cyrus-imapd
7066|
7067| SecurityTracker - https://www.securitytracker.com:
7068| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
7069| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
7070| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
7071| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
7072| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
7073| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
7074| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
7075| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
7076|
7077| OSVDB - http://www.osvdb.org:
7078| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
7079| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
7080| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
7081| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
7082| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
7083| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
7084| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
7085| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
7086| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
7087| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
7088| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
7089| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
7090| [52906] UW-imapd c-client Initial Request Remote Format String
7091| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
7092| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
7093| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
7094| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
7095| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
7096| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
7097| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
7098| [47516] openSUSE courier-authlib Unspecified SQL Injection
7099| [46049] Courier Authentication Library Username SQL Injection
7100| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
7101| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
7102| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
7103| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
7104| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
7105| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
7106| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
7107| [26232] Courier Mail Server Crafted Username Encoding DoS
7108| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7109| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
7110| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
7111| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
7112| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
7113| [13242] UW-imapd CRAM-MD5 Authentication Bypass
7114| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
7115| [12042] UoW imapd Multiple Unspecified Overflows
7116| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
7117| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7118| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
7119| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
7120| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
7121| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
7122| [5052] Double Precision Courier MTA Invalid Year DoS
7123| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
7124| [911] UoW imapd AUTHENTICATE Command Remote Overflow
7125| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
7126| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
7127|_
7128443/tcp open ssl/https?
7129445/tcp closed microsoft-ds
7130465/tcp open ssl/smtps?
7131587/tcp open smtp Postfix smtpd
7132| vulscan: VulDB - https://vuldb.com:
7133| [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability
7134| [98314] PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status denial of service
7135| [71720] Postfix up to 2.3.0 backup.php pacrypt sql injection
7136| [12746] Postfix Admin 2.3.6 functions.inc.php sql injection
7137| [57422] Postfix memory corruption
7138| [56843] Postfix up to 2.7.2 Cleartext weak encryption
7139|
7140| MITRE CVE - https://cve.mitre.org:
7141| [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
7142| [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
7143| [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
7144| [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
7145| [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
7146| [CVE-2008-4977] ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
7147| [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
7148| [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
7149| [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
7150| [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
7151| [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
7152| [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
7153| [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
7154| [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
7155| [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
7156| [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
7157| [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
7158| [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
7159| [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
7160| [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
7161|
7162| SecurityFocus - https://www.securityfocus.com/bid/:
7163| [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability
7164| [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities
7165| [67250] Postfix Arbitrary Content Security Bypass Vulnerability
7166| [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability
7167| [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability
7168| [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
7169| [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
7170| [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
7171| [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
7172| [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
7173| [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
7174| [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability
7175| [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability
7176| [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability
7177| [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability
7178| [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability
7179| [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
7180| [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
7181| [8361] Postfix Connection Proxying Vulnerability
7182| [8333] Multiple Postfix Denial of Service Vulnerabilities
7183| [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability
7184| [3637] SuSEConfig.postfix chroot File Ownership Vulnerability
7185| [3544] Postfix SMTP Log Denial Of Service Vulnerability
7186| [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
7187|
7188| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7189| [72752] Postfix Admin multiple parameters SQL injection
7190| [72751] PostfixAdmin multiple parameters cross-site scripting
7191| [67359] Postfix Cyrus SASL library in the SMTP server code execution
7192| [55970] SUSE Linux Enterprise postfix security bypass
7193| [53425] Postfix in Debian and Ubuntu pid symlink
7194| [45876] Apple Mac OS X Postfix configuration file weak security
7195| [44865] Postfix file descriptor denial of service
7196| [44461] Postfix email information disclosure
7197| [44460] Postfix symlink code execution
7198| [22655] RHSA-2005:152 updates for postfix not installed
7199| [19218] Postfix IPv6 mail relay
7200| [18435] SQLgrey Postfix greylisting service SQL injection
7201| [18353] Postfix CRAM-MD5 authentication replay attack
7202| [17998] SQLgrey Postfix greylisting service SQL injection
7203| [17595] Apple Mac OS postfix SMTPD AUTH denial of service
7204| [12816] Postfix MAIL FROM or RCPT TO denial of service
7205| [12815] Postfix could be used as a distributed denial of service tool
7206| [7568] Postfix SMTP log denial of service
7207| [4905] Cyrus with postfix and procmail integration could allow remote command execution
7208|
7209| Exploit-DB - https://www.exploit-db.com:
7210| [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
7211| [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2)
7212| [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1)
7213| [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow
7214| [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow
7215| [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
7216| [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
7217| [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit
7218|
7219| OpenVAS (Nessus) - http://www.openvas.org:
7220| [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
7221| [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64
7222| [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64
7223| [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64
7224| [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64
7225| [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386
7226| [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386
7227| [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386
7228| [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386
7229| [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386
7230| [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64
7231| [870658] RedHat Update for postfix RHSA-2011:0423-01
7232| [870440] RedHat Update for postfix RHSA-2011:0843-01
7233| [870418] RedHat Update for postfix RHSA-2011:0422-01
7234| [870021] RedHat Update for postfix RHSA-2008:0839-01
7235| [863100] Fedora Update for postfix FEDORA-2011-6777
7236| [863097] Fedora Update for postfix FEDORA-2011-6771
7237| [862950] Fedora Update for postfix FEDORA-2011-3394
7238| [862938] Fedora Update for postfix FEDORA-2011-3355
7239| [860510] Fedora Update for postfix FEDORA-2008-8593
7240| [860419] Fedora Update for postfix FEDORA-2008-8595
7241| [850126] SuSE Update for postfix SUSE-SA:2010:011
7242| [850031] SuSE Update for postfix SUSE-SA:2008:040
7243| [840658] Ubuntu Update for postfix USN-1131-1
7244| [840648] Ubuntu Update for postfix USN-1113-1
7245| [840227] Ubuntu Update for postfix vulnerabilities USN-642-1
7246| [840190] Ubuntu Update for postfix vulnerability USN-636-1
7247| [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix)
7248| [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix)
7249| [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix)
7250| [830075] Mandriva Update for postfix MDKA-2007:079 (postfix)
7251| [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
7252| [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix)
7253| [70744] FreeBSD Ports: postfixadmin
7254| [69770] FreeBSD Ports: postfix, postfix-base
7255| [69733] Debian Security Advisory DSA 2233-1 (postfix)
7256| [69363] FreeBSD Ports: postfix, postfix-base
7257| [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix)
7258| [65957] SLES10: Security update for Postfix
7259| [65911] SLES10: Security update for Postfix
7260| [65353] SLES9: Security update for Postfix
7261| [65350] SLES9: Security update for postfix
7262| [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix)
7263| [61646] Gentoo Security Advisory GLSA 200809-09 (postfix)
7264| [61445] Gentoo Security Advisory GLSA 200808-12 (postfix)
7265| [61435] Debian Security Advisory DSA 1629-2 (postfix)
7266| [61434] Debian Security Advisory DSA 1629-1 (postfix)
7267| [60836] FreeBSD Ports: postfix-policyd-weight
7268| [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd)
7269| [53833] Debian Security Advisory DSA 093-1 (postfix)
7270| [53652] Debian Security Advisory DSA 363-1 (postfix)
7271|
7272| SecurityTracker - https://www.securitytracker.com:
7273| [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service
7274| [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands
7275| [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service
7276| [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges
7277| [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail
7278| [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
7279| [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts
7280| [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System
7281| [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
7282|
7283| OSVDB - http://www.osvdb.org:
7284| [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation
7285| [78567] Postfix Admin backup.php Unspecified SQL Injection
7286| [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection
7287| [78565] Postfix Admin create-domain.php Unspecified SQL Injection
7288| [78564] Postfix Admin Unspecified XSS
7289| [78563] Postfix Admin edit-alias.php Unspecified XSS
7290| [78562] Postfix Admin create-alias.php Unspecified XSS
7291| [78561] Postfix Admin create-domain.php Unspecified XSS
7292| [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS
7293| [78559] Postfix Admin templates/menu.php domain Parameter XSS
7294| [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption
7295| [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection
7296| [68340] Artica postfix.events.php Unrestricted Access Information Disclosure
7297| [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass
7298| [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite
7299| [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite
7300| [48973] Apple Mac OS X Postfix Network Access Configuration Weakness
7301| [48108] Postfix epoll File Descriptor Leak Local DoS
7302| [47659] Postfix Cross-user Filename Local Mail Interception
7303| [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append
7304| [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
7305| [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow
7306| [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
7307| [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
7308| [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection
7309| [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
7310| [11571] SQLgrey Postfix greylisting Email Address SQL Injection
7311| [10545] Postfix Multiple Mail Header SMTP listener DoS
7312| [10544] Postfix Malformed Envelope Address nqmgr DoS
7313| [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
7314| [6551] Postfix Bounce Scan / Packet Amplification DDoS
7315| [1991] Postfix SMTP Log DoS
7316|_
7317993/tcp open ssl/imaps?
7318995/tcp open ssl/pop3s?
73193690/tcp open svnserve Subversion
7320| vulscan: VulDB - https://vuldb.com:
7321| [135452] Computrols CBAS 18.0.0 subversion information disclosure
7322| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7323| [114456] Subversion Plugin up to 2.10.2 on Jenkins SubversionStatus.java information disclosure
7324| [107449] Jenkins Subversion Plugin cross site request forgery
7325| [107073] Apple Xcode up to 8.3.3 subversion privilege escalation
7326| [105248] Subversion up to 1.8.19/1.9.6/1.10.0-alpha3 svn+ssh:// URL Shell privilege escalation
7327| [103563] Subversion 5.11 on RHEL5 mod_dontdothat Memory Consumption denial of service
7328| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7329| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7330| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7331| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7332| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7333| [77876] Apple Xcode up to 6.4 subversion spoofing
7334| [77875] Apple Xcode up to 6.4 subversion denial of service
7335| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7336| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7337| [74675] Subversion up to 1.7.19/1.8.11 mod_dav_svn Server spoofing
7338| [74674] Subversion up to 1.7.19/1.8.11 mod_dav_svn/svnserve denial of service
7339| [74673] Subversion up to 1.8.11 mod_dav_svn Server REPORT Request Memory Consumption denial of service
7340| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
7341| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
7342| [70661] Apache Subversion up to 1.6.17 denial of service
7343| [70660] Apache Subversion up to 1.6.17 spoofing
7344| [70659] Apache Subversion up to 1.6.17 spoofing
7345| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
7346| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
7347| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
7348| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
7349| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
7350| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
7351| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
7352| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
7353| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
7354| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
7355| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
7356| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
7357| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
7358| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7359| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7360| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
7361| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
7362| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
7363| [6928] Microsoft .NET Framework up to 4 Path Subversion Libraries privilege escalation
7364| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
7365| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
7366| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
7367| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
7368| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
7369| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
7370| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
7371| [49314] Subversion up to 0.35.0 Integer memory corruption
7372| [37291] Subversion 1.4.3 information disclosure
7373|
7374| MITRE CVE - https://cve.mitre.org:
7375| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
7376| [CVE-2013-2112] The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
7377| [CVE-2013-2088] contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
7378| [CVE-2013-1968] Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
7379| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
7380| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
7381| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
7382| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
7383| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
7384| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
7385| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
7386| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
7387| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
7388| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
7389| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
7390| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
7391| [CVE-2009-2411] Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
7392| [CVE-2008-1290] ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
7393| [CVE-2007-6350] scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
7394| [CVE-2007-3846] Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
7395| [CVE-2007-2448] Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
7396| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
7397| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
7398| [CVE-2004-0749] The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
7399| [CVE-2004-0413] libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
7400| [CVE-2004-0397] Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
7401| [CVE-2004-0179] Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
7402|
7403| SecurityFocus - https://www.securityfocus.com/bid/:
7404| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
7405| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
7406| [99574] Jenkins Subversion Plugin CVE-2017-1000085 Cross Site Request Forgery Vulnerability
7407| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
7408| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
7409| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
7410| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
7411| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
7412| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
7413| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
7414| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
7415| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
7416| [75484] CollabNet Subversion Edge Multiple Security Vulnerabilities
7417| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
7418| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
7419| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
7420| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
7421| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
7422| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
7423| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
7424| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
7425| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
7426| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
7427| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
7428| [63864] Jenkins Subversion Plugin CVE-2013-6372 Credentials Disclosure Vulnerability
7429| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
7430| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
7431| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
7432| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
7433| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
7434| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
7435| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
7436| [58896] Subversion 'mod_dav_svn' CVE-2013-1845 Denial of Service Vulnerability
7437| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
7438| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
7439| [48091] Subversion 'mod_dav_svn' Multiple Denial of Service and Information Disclosure Vulnerabilities
7440| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
7441| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
7442| [43678] Subversion Server 'SVNPathAuthz' Restriction Security Bypass Vulnerability
7443| [43378] CollabNet Subversion Edge Log Parser HTML Injection Vulnerability
7444| [35983] Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
7445| [26384] USVN Subversion Repository Information Disclosure Vulnerability
7446| [25468] Subversion for Windows Remote Directory Traversal Vulnerability
7447| [24463] Subversion Remote Revision Property Information Disclosure Vulnerability
7448| [11243] Subversion Mod_Authz_Svn Metadata Information Disclosure Vulnerability
7449| [10800] Subversion 'mod_authz_svn' Access Control Bypass Vulnerabilities
7450| [10519] Subversion SVN Protocol Parser Remote Integer Overflow Vulnerability
7451| [10428] Subversion Pre-Commit-Hook Template Undisclosed Vulnerability
7452| [10386] Subversion Date Parsing Function Buffer Overflow Vulnerability
7453| [5290] Multiple Vendor Web Browser JavaScript Modifier Keypress Event Subversion Vulnerability
7454| [1023] Realsecure CGI Attack Subversion Vulnerability
7455| [1022] Realsecure DoS Attack Subversion Vulnerability
7456|
7457| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7458| [85983] Apache Subversion mod_dav_svn module denial of service
7459| [84719] Apache Subversion CVE-2013-2088 command execution
7460| [84718] Apache Subversion CVE-2013-2112 denial of service
7461| [84717] Apache Subversion CVE-2013-1968 denial of service
7462| [83263] Apache Subversion denial of service
7463| [83262] Apache Subversion denial of service
7464| [83261] Apache Subversion denial of service
7465| [83259] Apache Subversion denial of service
7466| [82663] Apache Subversion svn_fs_file_length() denial of service
7467| [67804] Apache Subversion control rules information disclosure
7468| [67803] Apache Subversion control rules denial of service
7469| [67802] Apache Subversion baselined denial of service
7470| [65876] Apache Subversion mod_dav_svn denial of service
7471| [64473] Apache Subversion blame -g denial of service
7472| [64472] Apache Subversion walk() denial of service
7473| [62236] Subversion WebDAV module security bypass
7474| [61949] CollabNet Subversion Edge logs cross-site scripting
7475| [53083] Subversion libsvn_delta library buffer overflow
7476| [52499] Application Logic Subversion
7477| [38365] Userfriendly SVN Subversion information disclosure
7478| [36312] Subversion filename directory traversal
7479| [34990] Subversion partial access information disclosure
7480| [17472] Subversion mod_authz_svn information disclosure
7481| [16803] Subversion mod_authz_svn bypass read restrictions
7482| [16396] Subversion svn protocol buffer overflow
7483| [16345] Subversion pre-commit-hook insecure script
7484| [16191] Subversion date parsing allows command execution
7485|
7486| Exploit-DB - https://www.exploit-db.com:
7487| [21636] Opera 6.0.1,MS IE 5/6 JavaScript Modifier Keypress Event Subversion Vulnerability
7488| [16284] Subversion Date Svnserve
7489| [9935] Subversion 1.0.2 - Date Overflow
7490| [4537] Subversion 0.3.7/1.0.0 - Remote Buffer Overflow Exploit
7491| [304] Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit
7492|
7493| OpenVAS (Nessus) - http://www.openvas.org:
7494| [870654] RedHat Update for subversion RHSA-2011:0258-01
7495| [870610] RedHat Update for subversion RHSA-2011:0328-01
7496| [870444] RedHat Update for subversion RHSA-2011:0861-01
7497| [870442] RedHat Update for subversion RHSA-2011:0862-01
7498| [870406] RedHat Update for subversion RHSA-2011:0327-01
7499| [870397] RedHat Update for subversion RHSA-2011:0257-01
7500| [863323] Fedora Update for subversion FEDORA-2011-8341
7501| [863295] Fedora Update for subversion FEDORA-2011-8352
7502| [862924] Fedora Update for subversion FEDORA-2011-2698
7503| [862918] Fedora Update for subversion FEDORA-2011-2657
7504| [862797] Fedora Update for subversion FEDORA-2011-0099
7505| [862666] Fedora Update for subversion FEDORA-2010-16148
7506| [862480] Fedora Update for subversion FEDORA-2010-16136
7507| [862476] Fedora Update for subversion FEDORA-2010-16115
7508| [861141] Fedora Update for subversion FEDORA-2007-2635
7509| [840674] Ubuntu Update for subversion USN-1144-1
7510| [840621] Ubuntu Update for subversion vulnerability USN-1096-1
7511| [840580] Ubuntu Update for subversion vulnerabilities USN-1053-1
7512| [831415] Mandriva Update for subversion MDVSA-2011:106 (subversion)
7513| [831366] Mandriva Update for subversion MDVSA-2011:067 (subversion)
7514| [831306] Mandriva Update for subversion MDVSA-2011:006 (subversion)
7515| [831199] Mandriva Update for subversion MDVSA-2010:199 (subversion)
7516| [69958] Debian Security Advisory DSA 2251-1 (subversion)
7517| [69755] FreeBSD Ports: subversion
7518| [69345] Slackware Advisory SSA:2011-070-01 subversion
7519| [69146] FreeBSD Ports: subversion
7520| [69116] Debian Security Advisory DSA 2181-1 (subversion)
7521| [68819] FreeBSD Ports: subversion
7522| [68459] Debian Security Advisory DSA 2118-1 (subversion)
7523| [66423] Mandriva Security Advisory MDVSA-2009:199-1 (subversion)
7524| [64762] Gentoo Security Advisory GLSA 200908-05 (subversion)
7525| [64663] CentOS Security Advisory CESA-2009:1203 (subversion)
7526| [64659] FreeBSD Ports: subversion, subversion-freebsd, p5-subversion, py-subversion
7527| [64652] Ubuntu USN-812-1 (subversion)
7528| [64648] Slackware Advisory SSA:2009-219-01 subversion
7529| [64642] SuSE Security Advisory SUSE-SA:2009:044 (subversion)
7530| [64634] Debian Security Advisory DSA 1855-1 (subversion)
7531| [64620] Fedora Core 11 FEDORA-2009-8449 (subversion)
7532| [64618] Fedora Core 10 FEDORA-2009-8432 (subversion)
7533| [64606] Mandrake Security Advisory MDVSA-2009:199 (subversion)
7534| [54691] Gentoo Security Advisory GLSA 200409-35 (Subversion)
7535| [54627] Gentoo Security Advisory GLSA 200407-20 (subversion)
7536| [54592] Gentoo Security Advisory GLSA 200406-07 (dev-util/subversion)
7537| [54574] Gentoo Security Advisory GLSA 200405-14 (subversion)
7538| [52460] FreeBSD Ports: subversion
7539| [52373] FreeBSD Ports: subversion, subversion-perl, subversion-python
7540| [14800] Subversion Module unreadeable path information disclosure
7541| [13848] Subversion Module File Restriction Bypass
7542| [12284] Subversion SVN Protocol Parser Remote Integer Overflow
7543|
7544| SecurityTracker - https://www.securitytracker.com:
7545| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7546| [1025619] Subversion mod_dav_svn May Disclose Unreadable Files to Remote Users in Certain Cases
7547| [1025618] Subversion mod_dav_svn SVNPathAuthz Infinite Memory Allocation Loop Lets Remote Users Deny Service
7548| [1025617] Subversion mod_dav_svn Baselined WebDAV Request Processing Lets Remote Users Deny Service
7549| [1025161] Subversion mod_dav_svn Null Pointer Dereference Lets Remote Users Deny Service
7550| [1024935] Subversion 'rev_hunt.c' Memory Consumption Error Lets Remote Users Execute Arbitrary Code
7551| [1024934] Subversion SVNParentPath Collection Processing Error Lets Remote Users Execute Arbitrary Code
7552| [1024504] Subversion mod_dav_svn Bug Lets Remote Users Bypass Certain Access Controls
7553| [1022697] Subversion Heap Overflow in libsvn_delta Library Lets Remote Users Execute Arbitrary Code
7554| [1018617] Subversion Windows Client Input Validation Flaw in filename Parameter Lets Remote Authenticated Users Create/Overwrite Files
7555| [1018237] Subversion Discloses Potentially Sensitive Revision Properties to Remote Authenticated Users in Certain Cases
7556| [1011390] Subversion mod_authz_svn Discloses Metadata to Remote Users
7557| [1010779] Subversion mod_authz_svn Lets Remote Authenticated Users View Restricted Sections
7558| [1010469] Subversion Buffer Overflow in 'svn://' Parser Lets Remote Users Execute Arbitrary Code
7559| [1010209] Subversion Date Parsing Buffer Overflow Lets Remote Users Execute Arbitrary Code
7560|
7561| OSVDB - http://www.osvdb.org:
7562| [96083] Lenovo ThinkPad QCtray.exe Path Subversion Arbitrary DLL Injection Code Execution
7563| [96059] NetworkMiner Path Subversion Arbitrary DLL Injection Code Execution
7564| [95996] Karotz autorunwifi Python Path Subversion Local Privilege Escalation
7565| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7566| [94934] Corel PDF Fusion wintab32.dll Path Subversion Arbitrary DLL Injection Code Execution
7567| [94830] AjaXplorer Subversion Repository Plugin (meta.svn) revert_file Request revision Parameter Remote Command Execution
7568| [94647] JRuby Search Path Subversion Local Privilege Escalation
7569| [94094] Splunk for Windows Universal Forwarder Path Subversion Local Privilege Escalation
7570| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7571| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7572| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7573| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7574| [92853] autojump /etc/profile.d/autojump.sh Path Subversion Arbitrary File Creation
7575| [92648] Global Mapper dwmapi.dll / ibfs32.dll Path Subversion Arbitrary DLL Injection Code Execution
7576| [92310] Opera Third-party App Search Bar Service Subversion Weakness
7577| [92118] Nitro Pro Path Subversion Arbitrary DLL Injection Code Execution
7578| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7579| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7580| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7581| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7582| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7583| [91878] Mozilla Multiple Products Updater Path Subversion Arbitrary DLL Loading Local Privilege Escalation
7584| [91655] gquilt PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7585| [91654] snappea PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7586| [91653] mMass PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7587| [91652] Calendar and Contacts Server (calendarserver) PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7588| [91651] Pybliographer PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7589| [91650] GNUmed PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7590| [91649] ironpython PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7591| [91648] OpenDNSSEC PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7592| [91647] PyMca PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7593| [91646] Guake PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7594| [91645] Gnome-schedule PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7595| [91644] distcc PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7596| [91261] Automatic Bug Reporting Tool (ABRT) plugins/abrt-action-install-debuginfo-to-abrt-cache.c PYTHONPATH Environment Variable Path Subversion Local Privilege Escalation
7597| [91169] XFree86 x11perf x11perfcomp Search Path Subversion Local Privilege Escalation
7598| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7599| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7600| [90664] Photodex ProShow Producer Multiple Library Path Subversion Arbitrary DLL Injection Code Execution
7601| [90268] mora Downloader Path Subversion Local Privilege Escalation
7602| [89630] IBM InfoSphere Information Server Import Export Manager Path Subversion Arbitrary DLL Injection Code Execution
7603| [89483] Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software Path Subversion Arbitrary DLL Injection Code Execution
7604| [89066] XMind eclipse_1206.dll Path Subversion Arbitrary DLL Injection Code Execution
7605| [88788] Rand Mail Handler Multiple Utility Path Subversion Local Privilege Escalation
7606| [88778] GNU Emacs Local Variables outline.el Path Subversion Local Privilege Escalation
7607| [88698] libpng makefile.s2x Path Subversion Arbitrary File Loading Weakness
7608| [88667] Ubuntu AppArmor Unconfined Ux Rules PATH Subversion Application Sandbox Bypass
7609| [88497] Puppet External Program Call Path Subversion Local Privilege Escalation
7610| [88096] Panda Internet Security Multiple Library Path Subversion Arbitrary DLL Injection Code Execution
7611| [87943] Facter Search Path Subversion Local Privilege Escalation
7612| [87590] Mozilla Firefox Installer Path Subversion Arbitrary DLL Injection Code Execution
7613| [87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution
7614| [87119] VMware Multiple Product Path Subversion Arbitrary DLL Injection Code Execution
7615| [87057] Sophos Anti-Virus Updater Service sophos_autoupdate1.dir/ Directory Path Subversion Local Privilege Escalation
7616| [86179] ActiveTcl on Windows Path Subversion Arbitrary DLL Injection Code Execution
7617| [86178] Python on Windows Path Subversion Arbitrary DLL Injection Code Execution
7618| [86177] ActivePerl on Windows Path Subversion Arbitrary DLL Injection Code Execution
7619| [86176] ActivePython on Windows Path Subversion Arbitrary DLL Injection Code Execution
7620| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
7621| [86174] Zend Server on Windows Path Subversion Arbitrary DLL Injection Code Execution
7622| [86173] RubyInstaller on Windows Path Subversion Arbitrary DLL Injection Code Execution
7623| [86172] PHP on Windows Path Subversion Arbitrary DLL Injection Code Execution
7624| [85992] Procomp Amazonia Industria Electronia (Diebold) Brazil SEC Voting Machine Integrity Check Subversion Weakness
7625| [85957] VMware Movie Decoder Path Subversion Arbitrary DLL Injection Code Execution
7626| [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation
7627| [85774] Foxit Reader fxdecod1.dll Path Subversion Arbitrary DLL Injection Code Execution
7628| [85578] Cisco VPN Client Path Subversion Arbitrary DLL Injection Code Execution
7629| [85477] VMware Multiple Product tpfc.dll Path Subversion Arbitrary DLL Injection Code Execution
7630| [85302] Xtreme RAT dwmapi.dll Path Subversion Path Subversion Arbitrary DLL Injection Code Execution
7631| [85257] REALWINDEMO realwin.dll / keyhook.dll Path Subversion Path Subversion Arbitrary DLL Injection Code Execution
7632| [85123] CyberLink Multiple Product Multiple Library Path Subversion Path Subversion Arbitrary DLL Injection Code Execution
7633| [84903] sblim-sfcb sfcb LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7634| [84865] Foxit Reader Facebook Plugin dwmapi.dll Path Subversion Arbitrary DLL Injection Code Execution
7635| [84124] Symantec Backup Exec System Recovery imapi.dll Path Subversion Arbitrary DLL Injection Code Execution
7636| [84111] Invensys Wonderware Multiple Product Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7637| [84110] Siemens SIMATIC STEP 7 / PCS 7 Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7638| [83763] GNU Automake distcheck Installation Permission Weakness File Subversion Local Privilege Escalation
7639| [83723] Python python-wrapper Path Subversion Local Privilege Escalation
7640| [83655] Microsoft Visual Basic for Applications Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7641| [83566] IRIX day5notifier PATH Variable Subversion Arbitrary Command Execution
7642| [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion
7643| [83405] Apple QuickTime quicktime.util.QTByteObject Initialization CLASSPATH Path Subversion Arbitrary Code Execution
7644| [83251] Google Chrome for Windows metro_driver.dll Path Subversion Arbitrary DLL Injection Code Execution Weakness
7645| [83163] IBM Lotus Expeditor Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7646| [83140] IBM AIX fortune LIBPATH Path Subversion Local Privilege Escalation
7647| [82852] Microsoft Lync Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7648| [82840] Check Point EndPoint Connect Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7649| [82776] Red Hat Linux resizecons Path Subversion Local Privilege Escalation
7650| [82233] Measuresoft ScadaPro Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7651| [82003] 3DVIA Composer dwmapi.dll / ibfs32.dll Path Subversion Arbitrary DLL Injection Code Execution
7652| [82002] 3D XML Player dwmapi.dll / JT0DevPhase.dll Path Subversion Arbitrary DLL Injection Code Execution
7653| [81960] Google Chrome for Windows NPAPI Plugins Search Path Subversion Local Privilege Escalation
7654| [81702] WellinTech KingView Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7655| [81558] KMPlayer ehtrace.dll Path Subversion Arbitrary DLL Injection Code Execution
7656| [81544] Ettercap exchndl.dll / quserex.dll DLL Subversion
7657| [81472] JustSystems Multiple Product Path Subversion Arbitrary DLL Injection Code Execution
7658| [81457] Xunlei Thunder Path Subversion Arbitrary DLL Injection Code Execution
7659| [81248] Adobe Reader / Acrobat msiexec.exe Path Subversion Executable File Injection Code Execution
7660| [80031] moviEZ HD avrt.dll Path Subversion Arbitrary DLL Injection Code Execution
7661| [80030] Vegas Movie Studio HD enc_mp2v.200 / CFHDDecoder.dll Path Subversion Arbitrary DLL Injection Code Execution
7662| [80029] DVD Architect Pro / Studio enc_mp2v.200 / CFHDDecoder.dll Path Subversion Arbitrary DLL Injection Code Execution
7663| [80028] Jam Trax Xpress sage.dll Path Subversion Arbitrary DLL Injection Code Execution
7664| [80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution
7665| [79408] 7-Technologies AQUIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7666| [79407] 7-Technologies TERMIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7667| [79215] ALFTP readme.exe Path Subversion Executable File Injection Code Execution
7668| [79129] PDFXChange Viewer Path Subversion Arbitrary DLL Injection Code Execution
7669| [79128] SoMud P2P Path Subversion Arbitrary DLL Injection Code Execution
7670| [79127] Steam Games Path Subversion Arbitrary DLL Injection Code Execution
7671| [79126] SMPlayer Path Subversion Arbitrary DLL Injection Code Execution
7672| [79125] Roxio Central Path Subversion Arbitrary DLL Injection Code Execution
7673| [79124] Forensic CaseNotes Path Subversion Arbitrary DLL Injection Code Execution
7674| [79123] Omnipeek Personal Path Subversion Arbitrary DLL Injection Code Execution
7675| [79122] Muvee Reveal Path Subversion Arbitrary DLL Injection Code Execution
7676| [79121] Moovida Media Player Path Subversion Arbitrary DLL Injection Code Execution
7677| [79120] Microsoft Live Writer Path Subversion Arbitrary DLL Injection Code Execution
7678| [79118] Microsoft RDP Client Path Subversion Arbitrary DLL Injection Code Execution
7679| [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution
7680| [79116] Microsoft Snapshot Viewer Path Subversion Arbitrary DLL Injection Code Execution
7681| [79115] Microsoft MS Clip Book Viewer Path Subversion Arbitrary DLL Injection Code Execution
7682| [79114] Microsoft Clip Organizer Path Subversion Arbitrary DLL Injection Code Execution
7683| [79113] Microsoft Movie Maker Path Subversion Arbitrary DLL Injection Code Execution
7684| [79112] Microsoft Virtual PC Path Subversion Arbitrary DLL Injection Code Execution
7685| [79111] Mediamonkey Path Subversion Arbitrary DLL Injection Code Execution
7686| [79110] Kineti Count Path Subversion Arbitrary DLL Injection Code Execution
7687| [79109] Inkscape Path Subversion Arbitrary DLL Injection Code Execution
7688| [79108] IBM Rational License Key Administrator Path Subversion Arbitrary DLL Injection Code Execution
7689| [79107] Forensic Toolkit Path Subversion Arbitrary DLL Injection Code Execution
7690| [79106] Encase Path Subversion Arbitrary DLL Injection Code Execution
7691| [79105] gDoc Fusion Path Subversion Arbitrary DLL Injection Code Execution
7692| [79104] Citrix ICA Client Path Subversion Arbitrary DLL Injection Code Execution
7693| [79103] HexWorkshop Path Subversion Arbitrary DLL Injection Code Execution
7694| [79102] Brava PDF Reader Path Subversion Arbitrary DLL Injection Code Execution
7695| [79101] Aviscreen Pro Path Subversion Arbitrary DLL Injection Code Execution
7696| [79100] Aladdin eToken PKI Client Path Subversion Arbitrary DLL Injection Code Execution
7697| [79099] Adobe Fireworks Path Subversion Arbitrary DLL Injection Code Execution
7698| [78986] SciTools Understand Path Subversion Arbitrary DLL Injection Code Execution
7699| [78832] GhostScript -P- Option Path Subversion Arbitrary PostScript DLL Injection Code Execution
7700| [78725] MindManager Path Subversion Arbitrary DLL Injection Code Execution
7701| [78328] 7-Technologies Interactive Graphical SCADA System (IGSS) Path Subversion Arbitrary DLL Injection Code Execution
7702| [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution
7703| [77741] RSA SecurID Software Token Path Subversion Arbitrary DLL Injection Code Execution
7704| [77674] Microsoft IE Path Subversion Arbitrary DLL Injection Code Execution
7705| [77668] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution
7706| [77594] FFFTP readme.exe Path Subversion Executable File Injection Code Execution
7707| [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution
7708| [76771] Attachmate Reflection Path Subversion Arbitrary DLL Injection Code Execution
7709| [76624] FFFTP notepad.exe Path Subversion Arbitrary Program Execution
7710| [76569] Network Security Services NSS_NoDB_Init() Function pkcss11.txt library Directive Path Subversion Arbitrary Security Module Loading
7711| [76457] IBM DB2 Tivoli Monitoring Agent (ITMA) kbbacf1 libkbb.so Path Subversion Arbitrary DLL Injection Code Execution
7712| [76456] IBM DB2 Tivoli Monitoring Agent (ITMA) db2rspgn libkbb.so Path Subversion Arbitrary DLL Injection Code Execution
7713| [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution
7714| [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution
7715| [75491] Progea Movicon / PowerHMI dwmapi.dll Path Subversion Arbitrary DLL Injection Code Execution
7716| [75458] eSignal JRS_UT.dll Path Subversion Arbitrary DLL Injection Code Execution
7717| [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution
7718| [75379] Microsoft Office MSO.dll Path Subversion Arbitrary DLL Injection Code Execution
7719| [75347] Wireshark DLL Hijacking Path Subversion Local Privilege Escalation
7720| [75289] GTK+ modules/engines/ms-windows/xp_theme.c uxtheme.dll Path Subversion Arbitrary DLL Injection Code Execution
7721| [75225] GnuCash Perl.exe Path Subversion Executable File Injection Code Execution
7722| [75140] GTK+ gdk/win32/gdkinput-win32.c Wintab32.dll Path Subversion Arbitrary DLL Injection Code Execution
7723| [75075] PDF-Pro dwmapi.dll Path Subversion Arbitrary DLL Injection Code Execution
7724| [74750] libgssglue GSSAPI_MECH_CONF Environment Variable Path Subversion Local Privilege Escalation
7725| [74634] Linux Kernel perf Configuration Loading Path Subversion Local Privilege Escalation
7726| [74583] Mozilla Multiple Products ThinkPadSensor::Startup() Function Path Subversion Arbitrary DLL Injection Code Execution
7727| [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution
7728| [74330] Oracle Java JRE Path Subversion Executable File Injection Code Execution
7729| [74316] Foxit Reader Multiple Library Path Subversion Arbitrary DLL Injection Code Execution
7730| [73665] Effective File Search Path Subversion Arbitrary DLL Injection Code Execution
7731| [73660] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution
7732| [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution
7733| [73619] XnView File Search Path Subversion Executable File Injection Code Execution
7734| [73586] Donar Player Path Subversion Arbitrary DLL Injection Code Execution
7735| [73420] Oracle Sun Microsystems SunScreen Firewall Java Service Path Subversion Local Privilege Escalation
7736| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
7737| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
7738| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
7739| [73080] Oracle Java SE / JRE Java Web Start DLL Search Path Subversion Arbitrary DLL Injection Code Execution
7740| [73062] Adobe Reader / Acrobat Unspecified Path Subversion Arbitrary DLL Injection Code Execution
7741| [72907] FirstClass Client quserex.dll Path Subversion Arbitrary DLL Injection Code Execution
7742| [72899] ACDSee Picture Frame Manager ShellIntMgrPFMU.dll Path Subversion Arbitrary DLL Injection Code Execution
7743| [72898] ACDSee FotoSlate dwmapi.dll Path Subversion Arbitrary DLL Injection Code Execution
7744| [72897] ACDSee Photo Editor 2008 Path Subversion Arbitrary DLL Injection Code Execution
7745| [72894] PDFill PDF Editor mfc70u.dll Path Subversion Arbitrary DLL Injection Code Execution
7746| [72547] Red Hat Directory Server Multiple Script LD_LIBRARY_PATH Path Subversion Local Privilege Escalation
7747| [72401] Nagios XI /usr/local/nagiosxi/scripts/reset_config_perms chmod Path Subversion Local Privilege Escalation
7748| [71767] Microsoft Office Path Subversion Arbitrary DLL Injection Code Execution
7749| [71574] AOL Instant Messenger (AIM) Path Subversion Arbitrary DLL Injection Code Execution
7750| [71573] Google Desktop Path Subversion Arbitrary DLL Injection Code Execution
7751| [71477] FlipAlbum Vista Pro Path Subversion Arbitrary DLL Injection Code Execution
7752| [71476] Internet Download Manager Path Subversion Arbitrary DLL Injection Code Execution
7753| [71475] Orbit Downloader Path Subversion Arbitrary DLL Injection Code Execution
7754| [71413] Lunascape Path Subversion Arbitrary DLL Injection Code Execution
7755| [71411] SAP GUI Path Subversion Arbitrary DLL Injection Code Execution
7756| [71376] Adobe Reader / Acrobat Path Subversion Arbitrary DLL Injection Code Execution
7757| [71360] Audacity Path Subversion Arbitrary DLL Injection Code Execution
7758| [71354] Nessus Client on Windows Path Subversion Arbitrary DLL Injection Code Execution
7759| [71316] Secunia PSI Schannel.dll Path Subversion Arbitrary DLL Injection Code Execution
7760| [71281] Google Picasa Path Subversion Arbitrary DLL Injection Code Execution
7761| [71086] Microsoft Visual Studio MFC Applications Path Subversion Arbitrary DLL Injection Code Execution
7762| [71085] Accounting Pro 2003 Path Subversion Arbitrary DLL Injection Code Execution
7763| [71084] Rafe 7 Path Subversion Arbitrary DLL Injection Code Execution
7764| [71083] Brilliant Accounting System Path Subversion Arbitrary DLL Injection Code Execution
7765| [71082] Sahar Money Manager Path Subversion Arbitrary DLL Injection Code Execution
7766| [71081] Holoo Path Subversion Arbitrary EXE Injection Code Execution
7767| [71080] Xilisoft Video Converter Path Subversion Arbitrary DLL Injection Code Execution
7768| [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution
7769| [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution
7770| [70964] Subversion mod_dav_svn Lock Token NULL Dereference DoS
7771| [70939] mintty Path Subversion Arbitrary DLL Injection Code Execution
7772| [70919] Adobe Flash Player Path Subversion Arbitrary DLL Injection Code Execution
7773| [70716] OpenOffice.org (OOo) soffice LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7774| [70633] DATEV Grundpaket Basis Path Subversion Arbitrary DLL Injection Code Execution
7775| [70604] Lunascape Path Subversion Arbitrary DLL Injection Code Execution
7776| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7777| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7778| [70273] ImgBurn ImgBurn.exe Path Subversion Arbitrary DLL Injection Code Execution
7779| [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution
7780| [69985] AttacheCase Path Subversion Arbitrary EXE Injection Code Execution
7781| [69948] Ecava IntegraXor Path Subversion Arbitrary DLL Injection Code Execution
7782| [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution
7783| [69763] Altova Multiple Products Path Subversion Arbitrary DLL Injection Code Execution
7784| [69677] Babylon Path Subversion Arbitrary DLL Injection Code Execution
7785| [69645] Intel Threading Building Blocks (TBB) Path Subversion Arbitrary DLL Injection Code Execution
7786| [69641] NorduGrid Advanced Resource Connector LD_LIBRARY_PATH Path Subversion Local Privilege Escalation
7787| [69636] WebEx Meeting Manager WebexUCFObject ActiveX Path Subversion Arbitrary DLL Injection Code Execution
7788| [69629] Adobe Device Central Path Subversion Arbitrary DLL Injection Code Execution
7789| [69623] WaveMax Sound Editor Path Subversion Arbitrary DLL Injection Code Execution
7790| [69615] Google Earth Path Subversion Arbitrary DLL Injection Code Execution
7791| [69587] Kindle for PC Path Subversion Arbitrary DLL Injection Code Execution
7792| [69503] McAfee VirusScan Enterprise Path Subversion Arbitrary DLL Injection Code Execution
7793| [69487] Kontakt Player Path Subversion Arbitrary DLL Injection Code Execution
7794| [69486] Reaktor 5 Player Path Subversion Arbitrary DLL Injection Code Execution
7795| [69445] ImageMagick configure.c Search Path Subversion Local Privilege Escalation
7796| [69325] Mono metadata/loader.c Path Subversion Local Privilege Escalation
7797| [69298] GnuCash gnc-test-env LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7798| [69287] CollabNet Subversion Edge Log Parser XSS
7799| [69250] IBM OmniFind estaskwrapper ES_LIBRARY_PATH Path Subversion Local Privilege Escalation
7800| [69233] Sysinternals Process Explorer Path Subversion Arbitrary DLL Injection Code Execution
7801| [69108] GNOME Tomboy Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7802| [69107] Gromacs GMXRC.bash LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7803| [69106] GNOME Shell gnome-shell LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7804| [69105] Novell Banshee Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7805| [69104] CSTR Festival festival_server LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7806| [69077] Acoustica Path Subversion Arbitrary DLL Injection Code Execution
7807| [69072] FL Studio Path Subversion Arbitrary DLL Injection Code Execution
7808| [68979] Advantage Data Architect Path Subversion Arbitrary DLL Injection Code Execution
7809| [68958] GVim Path Subversion Arbitrary DLL Injection Code Execution
7810| [68957] ACDSee Canvas Path Subversion Arbitrary DLL Injection Code Execution
7811| [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution
7812| [68919] Nero Products Path Subversion Arbitrary DLL Injection Code Execution
7813| [68918] Windows Server 2008 Color Control Panel Path Subversion Arbitrary DLL Injection Code Execution
7814| [68917] YokkaSoft Products Path Subversion Arbitrary EXE Injection Code Execution
7815| [68916] Sleipnir Path Subversion Arbitrary DLL Injection Code Execution
7816| [68915] Photodex ProShow Producer Path Subversion Arbitrary DLL Injection Code Execution
7817| [68914] Wondershare Flash Gallery Factory Path Subversion Arbitrary DLL Injection Code Execution
7818| [68913] AutoPlay Media Studio Path Subversion Arbitrary DLL Injection Code Execution
7819| [68912] GetRight Path Subversion Arbitrary DLL Injection Code Execution
7820| [68911] Wondershare DVD Slideshow Builder Path Subversion Arbitrary DLL Injection Code Execution
7821| [68858] Notepad++ Path Subversion Arbitrary DLL Injection Code Execution
7822| [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution
7823| [68853] Mozilla Multiple Products on Linux Unspecified Application-launch Script LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7824| [68852] Mozilla Multiple Products Path Subversion Arbitrary DLL Injection Code Execution (2010-3181)
7825| [68810] GNU TeXmacs Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7826| [68809] Magics++ magics-config LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7827| [68808] OCF Resource Agents Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7828| [68807] Video Disk Recorder (VDR) vdrleaktest LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7829| [68806] Userspace Tracer (UST) usttrace LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7830| [68805] TuxGuitar LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7831| [68804] TORCS Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7832| [68802] TeamSpeak Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7833| [68801] Tuning and Analysis Utilities (TAU) tauex LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7834| [68800] Tangerine Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7835| [68799] Scilab Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7836| [68798] SALOME Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7837| [68796] ROOT Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7838| [68795] mono-debugger Multiple Script LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7839| [68794] Mn_Fit LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7840| [68793] Mistelix LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7841| [68792] VIPS vips-7.22 LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7842| [68790] roaraudio roarify LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7843| [68789] lastfm LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7844| [68788] IKE Multiple Script LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7845| [68781] Hipo LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7846| [68780] HenPlus JDBC SQL-Shell LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7847| [68779] Ember LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7848| [68778] Dropbox dropboxd LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7849| [68777] Cowbell LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7850| [68776] Bristol startBristol LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7851| [68775] bareFTP LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7852| [68768] Apsaly Path Subversion Arbitrary DLL Injection Code Execution
7853| [68766] TeraPad Path Subversion Arbitrary DLL Injection Code Execution
7854| [68765] Ardour LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7855| [68737] Adobe Flash Player Path Subversion Arbitrary DLL Injection Code Execution
7856| [68736] Adobe Flash Player (IE Version) Path Subversion Arbitrary DLL Injection Code Execution
7857| [68735] Lhaplus Path Subversion Arbitrary Executable Injection Code Execution
7858| [68731] Archive Decoder Path Subversion Arbitrary Executable Injection Code Execution
7859| [68727] Explzh Path Subversion Arbitrary DLL Injection Code Execution
7860| [68717] Cool iPhone Ringtone Maker Path Subversion Arbitrary DLL Injection Code Execution
7861| [68716] Free 3GP Video Converter Path Subversion Arbitrary DLL Injection Code Execution
7862| [68715] PCDJ Karaoki Path Subversion Arbitrary Executable Injection Code Execution
7863| [68713] Phoenix Project Manager Path Subversion Arbitrary DLL Injection Code Execution
7864| [68702] Ease Jukebox Path Subversion Arbitrary DLL Injection Code Execution
7865| [68699] K2Editor Path Subversion Arbitrary Executable Injection Code Execution
7866| [68697] XacRett Path Subversion Arbitrary Executable Injection Code Execution
7867| [68665] VCam Path Subversion Arbitrary DLL Injection Code Execution
7868| [68664] STDU Explorer Path Subversion Arbitrary DLL Injection Code Execution
7869| [68663] MEO Encryption Software Path Subversion Arbitrary DLL Injection Code Execution
7870| [68659] SmartFTP Path Subversion Arbitrary DLL Injection Code Execution
7871| [68653] GNOME Subtitles gnome-subtitles LD_LIBRARY_PATH Path Subversion Local Privilege Escalation
7872| [68616] Lhaplus Path Subversion Arbitrary DLL Injection Code Execution
7873| [68611] Lhasa Path Subversion Executable File Injection Arbitrary Code Execution
7874| [68530] Dupehunter Professional Path Subversion Arbitrary DLL Injection Code Execution
7875| [68379] Digital Music Pad Path Subversion Arbitrary DLL Injection Code Execution
7876| [68378] LINGO Path Subversion Arbitrary DLL Injection Code Execution
7877| [68377] TuneUp Utilities Path Subversion Arbitrary DLL Injection Code Execution
7878| [68375] VirIT eXplorer Path Subversion Arbitrary DLL Injection Code Execution
7879| [68374] Nitro PDF Reader Path Subversion Arbitrary DLL Injection Code Execution
7880| [68366] Qt Creator LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation
7881| [68328] Subversion mod_dav_svn Module authz.c svn Command Access Restriction Bypass
7882| [68259] SLURM slurmdbd LD_LIBRARY_PATH Path Subversion Local Privilege Escalation
7883| [68258] SLURM slurm LD_LIBRARY_PATH Path Subversion Local Privilege Escalation
7884| [68230] SmartSniff Path Subversion Arbitrary DLL Injection Code Execution
7885| [68229] Prof-UIS Path Subversion Arbitrary DLL Injection Code Execution
7886| [68228] YLoader Path Subversion Arbitrary DLL Injection Code Execution
7887| [68227] Gromada Multimedia Conversion Library Path Subversion Arbitrary DLL Injection Code Execution
7888| [68226] MunSoft Easy Office Recovery Path Subversion Arbitrary DLL Injection Code Execution
7889| [68225] Sothink SWF Decompiler Path Subversion Arbitrary DLL Injection Code Execution
7890| [68224] SnowFox Total Video Converter Path Subversion Arbitrary DLL Injection Code Execution
7891| [68223] Agrin All DVD Ripper Path Subversion Arbitrary DLL Injection Code Execution
7892| [68222] Fotobook Editor Path Subversion Arbitrary DLL Injection Code Execution
7893| [68221] SWiSH Max3 Path Subversion Arbitrary DLL Injection Code Execution
7894| [68220] VideoCharge Studio Path Subversion Arbitrary DLL Injection Code Execution
7895| [68159] Python on Gentoo python-updater Module Search Path Subversion Local Privilege Escalation
7896| [68155] Subversion Edge Log Viewing Unspecified XSS
7897| [68118] ALSee Path Subversion Arbitrary DLL Injection Code Execution
7898| [68075] Qt QtCore4.dll Path Subversion Arbitrary DLL Injection Code Execution
7899| [68037] CelFrame Multiple Office Products Path Subversion Arbitrary DLL Injection Code Execution
7900| [68017] e-press ONE Office Multiple Product Path Subversion Arbitrary DLL Injection Code Execution
7901| [68016] Adobe LiveCycle Designer Path Subversion Arbitrary DLL Injection Code Execution
7902| [68015] ALShow Path Subversion Arbitrary DLL Injection Code Execution
7903| [68014] ALZip Path Subversion Arbitrary DLL Injection Code Execution
7904| [68013] Kingsoft Office 2010 Path Subversion Arbitrary DLL Injection Code Execution
7905| [68012] Sorax Reader Path Subversion Arbitrary DLL Injection Code Execution
7906| [68011] Nuance PDF Reader Path Subversion Arbitrary DLL Injection Code Execution
7907| [68010] IBM Lotus Symphony Path Subversion Arbitrary DLL Injection Code Execution
7908| [68009] NCP Secure Entry Client Path Subversion Arbitrary DLL Injection Code Execution
7909| [67995] UltraEdit Path Subversion Arbitrary DLL Injection Code Execution
7910| [67993] QuickBooks Path Subversion Arbitrary DLL Injection Code Execution
7911| [67992] BlackBerry Desktop Software Path Subversion Arbitrary DLL Injection Code Execution
7912| [67991] Qualcomm eXtensible Diagnostic Monitor (QXDM) Path Subversion Arbitrary DLL Injection Code Execution
7913| [67990] jetAudio Path Subversion Arbitrary DLL Injection Code Execution
7914| [67989] MAGIX Samplitude Producer Path Subversion Arbitrary DLL Injection Code Execution
7915| [67977] Microsoft Visual C++ Redistributable Path Subversion Arbitrary DLL Injection Code Execution
7916| [67976] CouchDB on Debian GNU / Linux couchdb Patch Search Path Subversion Crafted Shared Library Local Privilege Escalation
7917| [67960] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution
7918| [67821] PDF-XChange Viewer Path Subversion Arbitrary DLL Injection Code Execution
7919| [67787] PhotoImpact Path Subversion Arbitrary DLL Injection Code Execution
7920| [67786] L0phtCrack Path Subversion Arbitrary DLL Injection Code Execution
7921| [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution
7922| [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution
7923| [67782] Symantec PGP Desktop Path Subversion Arbitrary DLL Injection Code Execution
7924| [67781] KeePass Password Safe Path Subversion Arbitrary DLL Injection Code Execution
7925| [67780] Pixia Path Subversion Arbitrary DLL Injection Code Execution
7926| [67778] Pthreads-win32 Path Subversion Arbitrary DLL Injection Code Execution
7927| [67767] WinMerge Path Subversion Arbitrary DLL Injection Code Execution
7928| [67766] TortoiseSVN Path Subversion Arbitrary DLL Injection Code Execution
7929| [67765] MPLAB IDE Path Subversion Arbitrary DLL Injection Code Execution
7930| [67764] NetStumbler Path Subversion Arbitrary DLL Injection Code Execution
7931| [67763] GFI Backup Path Subversion Arbitrary DLL Injection Code Execution
7932| [67762] ArchiCAD Path Subversion Arbitrary DLL Injection Code Execution
7933| [67759] Sound Forge Pro Path Subversion Arbitrary DLL Injection Code Execution
7934| [67758] HTTrack Path Subversion Arbitrary DLL Injection Code Execution
7935| [67752] Nokia PC Suite Path Subversion Arbitrary DLL Injection Code Execution
7936| [67751] BS Contact Path Subversion Arbitrary DLL Injection Code Execution
7937| [67750] Atlantis Studio Path Subversion Arbitrary DLL Injection Code Execution
7938| [67749] IBM Lotus Notes Path Subversion Arbitrary DLL Injection Code Execution
7939| [67744] DVDFab Path Subversion Arbitrary DLL Injection Code Execution
7940| [67729] IsoBuster Path Subversion Arbitrary DLL Injection Code Execution
7941| [67728] Sophos Free Encryption Path Subversion Arbitrary DLL Injection Code Execution
7942| [67727] UltraISO Path Subversion Arbitrary DLL Injection Code Execution
7943| [67726] SiSoftware Sandra Path Subversion Arbitrary DLL Injection Code Execution
7944| [67725] QtWeb Browser Path Subversion Arbitrary DLL Injection Code Execution
7945| [67724] Virtual DJ Path Subversion Arbitrary DLL Injection Code Execution
7946| [67723] WinImage Path Subversion Arbitrary DLL Injection Code Execution
7947| [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution
7948| [67707] UltraVNC Viewer Path Subversion Arbitrary DLL Injection Code Execution
7949| [67695] Adobe Captivate Path Subversion Arbitrary DLL Injection Code Execution
7950| [67694] Maxthon Browser Path Subversion Arbitrary DLL Injection Code Execution
7951| [67678] Adobe Audition Path Subversion Arbitrary DLL Injection Code Execution
7952| [67675] CDisplay Path Subversion Arbitrary DLL Injection Code Execution
7953| [67674] Microsft Visual Studio Path Subversion Arbitrary DLL Injection Code Execution
7954| [67610] Irfan View Path Subversion Arbitrary DLL Injection Code Execution
7955| [67609] Yahoo! Messenger Path Subversion Arbitrary DLL Injection Code Execution
7956| [67608] Pidgin Path Subversion Arbitrary DLL Injection Code Execution
7957| [67607] Adobe Acrobat Reader Path Subversion Arbitrary DLL Injection Code Execution
7958| [67606] Google Chrome Path Subversion Arbitrary DLL Injection Code Execution
7959| [67605] Google Talk (gTalk) Path Subversion Arbitrary DLL Injection Code Execution
7960| [67604] Google Picasa Path Subversion Arbitrary DLL Injection Code Execution
7961| [67603] Google Desktop Path Subversion Arbitrary DLL Injection Code Execution
7962| [67602] Apple QuickTime on Windows Path Subversion Arbitrary DLL Injection Code Execution
7963| [67601] Foxit Reader Path Subversion Arbitrary DLL Injection Code Execution
7964| [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution
7965| [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution
7966| [67598] Microsoft Office OneNote Path Subversion Arbitrary DLL Injection Code Execution
7967| [67597] Microsoft Office Word Path Subversion Arbitrary DLL Injection Code Execution
7968| [67596] Microsoft Office Excel Path Subversion Arbitrary DLL Injection Code Execution
7969| [67595] Microsoft Office Access Path Subversion Arbitrary DLL Injection Code Execution
7970| [67594] Microsoft Outlook Path Subversion Arbitrary DLL Injection Code Execution
7971| [67591] Apple QuickTime PictureViewer Path Subversion Arbitrary DLL Injection Code Execution
7972| [67590] Nero Path Subversion Arbitrary DLL Injection Code Execution
7973| [67589] Bentley Microstation Path Subversion Arbitrary DLL Injection Code Execution
7974| [67587] CyberLink PowerDirector Path Subversion Arbitrary DLL Injection Code Execution
7975| [67586] CyberLink Power2Go Path Subversion Arbitrary DLL Injection Code Execution
7976| [67585] DivX Plus Player Path Subversion Arbitrary DLL Injection Code Execution
7977| [67583] Roxio MyDVD Path Subversion Arbitrary DLL Injection Code Execution
7978| [67582] Corel PHOTO-PAINT Path Subversion Arbitrary DLL Injection Code Execution
7979| [67581] DAEMON Tools Lite Path Subversion Arbitrary DLL Injection Code Execution
7980| [67579] Ettercap Path Subversion Arbitrary DLL Injection Code Execution
7981| [67574] NVIDIA Driver Path Subversion Arbitrary DLL Injection Code Execution
7982| [67573] WinDVD Path Subversion Arbitrary DLL Injection Code Execution
7983| [67567] Roxio Photosuite Path Subversion Arbitrary DLL Injection Code Execution
7984| [67566] Adobe Extension Manager CS5 Path Subversion Arbitrary DLL Injection Code Execution
7985| [67563] Adobe InDesign Path Subversion Arbitrary DLL Injection Code Execution
7986| [67562] Adobe On Location Path Subversion Arbitrary DLL Injection Code Execution
7987| [67554] Adobe Premier Pro Path Subversion Arbitrary DLL Injection Code Execution
7988| [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution
7989| [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution
7990| [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution
7991| [67550] Adobe ExtendedScript Toolkit CS5 Path Subversion Arbitrary DLL Injection Code Execution
7992| [67549] TeamMate Audit Management Software Suite Path Subversion Arbitrary DLL Injection Code Execution
7993| [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution
7994| [67547] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution
7995| [67546] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution
7996| [67545] Adobe Photoshop Path Subversion Arbitrary DLL Injection Code Execution
7997| [67544] BS.Player Path Subversion Arbitrary DLL Injection Code Execution
7998| [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution
7999| [67542] Autodesk AutoCAD 2007 Path Subversion Arbitrary DLL Injection Code Execution
8000| [67541] PuTTY Path Subversion Arbitrary DLL Injection Code Execution
8001| [67540] Skype Path Subversion Arbitrary DLL Injection Code Execution
8002| [67539] Google Earth Path Subversion Arbitrary DLL Injection Code Execution
8003| [67538] CorelDRAW Path Subversion Arbitrary DLL Injection Code Execution
8004| [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution
8005| [67534] Adobe Illustrator Path Subversion Arbitrary DLL Injection Code Execution
8006| [67533] Adobe Device Central Path Subversion Arbitrary DLL Injection Code Execution
8007| [67532] Winamp Path Subversion Arbitrary DLL Injection Code Execution
8008| [67531] RealPlayer SP Path Subversion Arbitrary DLL Injection Code Execution
8009| [67530] uTorrent Path Subversion Arbitrary DLL Injection Code Execution
8010| [67504] Wireshark Path Subversion Arbitrary DLL Injection Code Execution
8011| [67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution
8012| [67502] Mozilla Multiple Products Path Subversion Arbitrary DLL Injection Code Execution (2010-3131)
8013| [67501] Autodesk Design Review Path Subversion Arbitrary DLL Injection Code Execution
8014| [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution
8015| [67498] Opera Path Subversion Arbitrary DLL Injection Code Execution
8016| [67497] Cisco Packet Tracer Path Subversion Arbitrary DLL Injection Code Execution
8017| [67496] Roxio Media Creator Path Subversion Arbitrary DLL Injection Code Execution
8018| [67495] PKZIP Path Subversion Arbitrary DLL Injection Code Execution
8019| [67494] IZArc Path Subversion Arbitrary DLL Injection Code Execution
8020| [67493] Adobe Dreamweaver Path Subversion Arbitrary DLL Injection Code Execution
8021| [67492] VLC Media Player Path Subversion Arbitrary DLL Injection Code Execution
8022| [67484] Microsoft Office Groove Path Subversion Arbitrary DLL Injection Code Execution
8023| [67483] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution
8024| [67482] TeamViewer Path Subversion Arbitrary DLL Injection Code Execution
8025| [67481] avast! Antivirus Path Subversion Arbitrary DLL Injection Code Execution
8026| [67480] Camtasia Studio Path Subversion Arbitrary DLL Injection Code Execution
8027| [67479] Snagit Path Subversion Arbitrary DLL Injection Code Execution
8028| [67478] 010 Editor Path Subversion Arbitrary DLL Injection Code Execution
8029| [67329] Apple iTunes for Windows Path Subversion Arbitrary DLL Injection Code Execution
8030| [61569] Quick Heal AntiVirus Product Files Path Subversion Local Privilege Escalation
8031| [60568] Dstat Plugins Subdirectory Search Path Subversion Python Code Execution Local Privilege Escalation
8032| [60522] libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation
8033| [60511] Dstat Plugins Subdirectory Search Path Subversion Python Code Execution Local Privilege Escalation
8034| [60336] HP-UX rs.F300 PATH Environment Variable Subversion Local Privilege Escalation
8035| [60330] Qpopper PATH Variable Search Path Subversion Arbitrary Code Execution
8036| [60180] McAfee VirusScan WebScanX.exe Module DLL Search Path Subversion Local Privilege Escalation
8037| [60038] amaya on Debian RPATH Search Path Subversion Local Privilege Escalation
8038| [60028] QNX RTOS ptrace Running Process Subversion Arbitrary Code Execution
8039| [60022] SAS/Base sastcpd authprog Environment Variable Subversion Arbitrary Code Execution
8040| [59290] IRIX InPerson inpview Path Subversion Local Privilege Escalation
8041| [58548] Premier Election Solutions (Diebold) AccuVote-TSX Memory Card BallotStation.exe Subversion Local Privilege Escalation
8042| [58403] avast! Home / Professional for Windows avast4.ini ashWsFtr.dll Subversion Local Privilege Escalation
8043| [58049] Sequoia AVC Edge Audit Trail System Files Subversion
8044| [57740] X Windows (X11R4) -L Linked Binary Path Subversion Handling Local Privilege Escalation
8045| [57678] SunOS .cshrc Path Subversion Local Privilege Escalation
8046| [56856] Subversion libsvn_delta Library Binary Delta svndiff Stream Parsing Multiple Overflows
8047| [56734] Asbolute Software Computrace LoJack for Laptops Call Home Process Subversion
8048| [56494] QNX RTOS phgrafx-startup PATH Variable Subversion Local Privilege Escalation
8049| [56493] QNX RTOS phrafx PATH Variable Subversion Local Privilege Escalation
8050| [56432] Microsoft IE onclick Action Mouse Click Subversion (Clickjacking)
8051| [55718] OCS Inventory Unified Agent Module Search Path Subversion Local Privilege Escalation
8052| [54537] GTK2 in OpenSUSE Unspecified Search Path Subversion Arbitrary Local Code Execution
8053| [54343] Russ Allbery pam-krb5 Kerberos Library Initialization Subversion Local Privilege Escalation
8054| [53529] Xpdf in Gentoo poppler Library Search Path Subversion Local Privilege Escalation
8055| [53373] Python PySys_SetArgv API Function Search Path Subversion Local Privilege Escalation
8056| [53305] PDFjam Multiple Scripts Search Path Subversion Local Privilege Escalation
8057| [53000] Gnumeric GObject Python Interpreter Wrapper Search Path Subversion Arbitrary Code Execution
8058| [52999] dash login shell .profile Search Path Subversion Arbitrary Code Execution
8059| [52850] trickle trickle-overload.so LD_PRELOAD Search Path Subversion Local Arbitrary Code Execution
8060| [52746] Adobe Flash Player on Linux RPATH Variable Search Path Subversion Local Privilege Escalation
8061| [51515] Ganglia gmetad Service Path Request Subversion Remote DoS
8062| [50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass
8063| [50296] Blender BPY_interface sys.path Search Path Subversion Local Privilege Escalation
8064| [50262] valgrind .valgrindrc File Option Handling Search Path Subversion Arbitrary Local Program Execution
8065| [50244] Adobe Reader / Acrobat on *nix Insecure RPATH Search Path Subversion Privilege Escalation
8066| [50059] Gentoo Linux Portage Multiple ebuild Python Module Search Path Subversion Local Privilege Escalation
8067| [48581] Diebold AccuVote-TSX Smart Cart Authentication Protocol Subversion
8068| [47728] Oracle Database Scheduler extjob Path Subversion Local Privilege Escalation
8069| [47664] Ingres ingvalidpw Search Path Subversion Local Privilege Escalation
8070| [47449] Citrix MetaFrame Presentation Server icabar.exe Search Path Subversion Local Privilege Escalation
8071| [46784] SUSE Linux zen-remover Wrapper Script Search Path Subversion Local Privilege Escalation
8072| [46783] SUSE Linux zen-installer Wrapper Script Search Path Subversion Local Privilege Escalation
8073| [46782] SUSE Linux zen-updater Wrapper Script Search Path Subversion Local Privilege Escalation
8074| [46781] SUSE Linux rug Wrapper Script Search Path Subversion Local Privilege Escalation
8075| [46643] OpenOffice.org (OOo) on Red Hat Enterprise Linux Path RPATH Library Path Subversion Local Privilege Escalation
8076| [46547] Red Hat Linux sblim RPATH Variable Search Path Subversion Local Privilege Escalation
8077| [46308] reportbug-ng Search Path Subversion Arbitrary Code Execution
8078| [46307] reportbug Search Path Subversion Arbitrary Code Execution
8079| [46204] VMware Multiple Products vmware-authd Search Path Subversion Local Privilege Escalation
8080| [45450] Zango Downloads Adware Component DNS Server Download Subversion
8081| [45449] ACT P202S IP Phone Hardcoded NTP Server IP Time Subversion
8082| [45448] ZyXEL P2000W VOIP WIFI Phone Hardcoded DNS Server Subversion Weakness
8083| [45447] Bitrix Site Manager Update Functionality DNS Subversion Update Download Verification Failure
8084| [45249] Tor Low Resource Node Advertisement Spoofing Route Subversion
8085| [45187] VLC modules / plugins Subdirectory Search Path Subversion Local Privilege Escalation
8086| [45014] CVSup ELF Unspecified Executables RPATH Field Path Subversion Local Privilege Escalation
8087| [44158] SuSE Linux yast2-core Search Path Subversion Arbitrary Code Execution
8088| [44137] scponly Multiple Subcommands Crafted Subversion (SVN) Repository Restriction Bypass
8089| [43691] IBM AIX usr/sbin/chnfsmnt Path Subversion Local Privilege Escalation
8090| [43655] IBM AIX bos.loc.com.JP Search Path Subversion Local Privilege Escalation
8091| [43654] IBM AIX devices.common.IBM.fc.hba-api Multiple Scripts Search Path Subversion Local Privilege Escalation
8092| [43652] IBM AIX Unspecified Search Path Subversion Local Privilege Escalation
8093| [43148] RemotelyAnywhere RAMaint Service Path Subversion Local Privilege Escalation
8094| [42970] Net Activity Viewer src/mainwindow.c Search Path Subversion Local Privilege Escalation
8095| [42810] apt-listchanges apt-listchanges.py Search Path Subversion Local Privilege Escalation
8096| [42794] IBM AIX man Search Path Subversion Local Privilege Escalation
8097| [41630] IBM DB2 Universal Database db2pd DB2INSTANCE Environment Variable Search Path Subversion Local Privilege Escalation
8098| [41493] Adobe Reader / Acrobat Search Path Subversion Security Provider Library Local Privilege Escalation
8099| [41036] Microsoft IE DLL Search Path Subversion Local Privilege Escalation
8100| [40983] IBM DB2 Universal Database db2pd Search Path Subversion Local Privilege Escalation
8101| [40982] IBM DB2 Universal Database db2licm Search Path Subversion Local Privilege Escalation
8102| [40981] IBM DB2 Universal Database on AIX Unspecified Search Path Subversion Local Privilege Escalation
8103| [40980] IBM DB2 Universal Database on Unix FMP Startup Search Path Subversion Local Privilege Escalation
8104| [40119] Subversion on Windows Filename Repository Filename Traversal Arbitrary File Overwrite
8105| [40091] VMware Multiple Products Windows Search Path Subversion Local Privilege Escalation
8106| [39580] SuSE Linux banshee LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
8107| [39579] Liferea LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
8108| [39578] SuSE Linux tomboy LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
8109| [39577] SuSE Linux blam LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
8110| [38192] Subversion (SVN) pre-commit-hook Template Unspecified Insecure Script
8111| [38191] Subversion (SVN) AIX Client Unspecified Overflow
8112| [36070] Subversion (SVN) partial access Privilege Remote Information Disclosure
8113| [35668] ELinks add_filename_to_string() Path Subversion Format String Local Privilege Escalation
8114| [35457] LDAP Account Manager (LAM) lamdaemon.pl PATH Subversion Local Privilege Escalation
8115| [35456] Fedora Core Linux libtool-ltdl library (libltdl.so) Path Subversion Local Privilege Escalation
8116| [35407] chetcpasswd PATH Variable Subversion Local Privilege Escalation
8117| [35275] krb5 on Mandriva Linux Module Loading Subversion Local Privilege Escalation
8118| [34903] PostgreSQL SECURITY DEFINER Functions Search Path Subversion Local Privilege Escalation
8119| [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion
8120| [33356] Kerio Personal Firewall (SKPF) iphlpapi.dll Subversion Local Privilege Escalation
8121| [32749] OpenBase SQL Path Subversion Local Privilege Escalation
8122| [32690] Rumpus Path Subversion Privilege Escalation
8123| [32654] HP PML Driver HPZ12 Path Subversion Local Privilege Escalation
8124| [31605] Apple Mac OS X /sbin/service Path Subversion Privilege Escalation
8125| [31295] McAfee VirusScan for Linux DT_RPATH Variable Path Subversion Privilege Escalation
8126| [30745] SSH Tectia Multiple Products Search Path Subversion Local Privledge Escalation
8127| [30450] 4D WebSTAR libucache.dylib Path Subversion Privilege Escalation
8128| [30356] Linux libtunepimp-perl Search Path Subversion Local Privilege Escalation
8129| [30355] Linux libgpib-perl Path Subversion Local Privilege Escalation
8130| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8131| [30235] OpenBase SQL openexec PATH Variable Subversion Local Privilege Escalation
8132| [29793] OpenBase SQL gnutar Path Subversion Local Privilege Escalation
8133| [29457] IBM AIX acctctl Path Subversion Local Privilege Escalation
8134| [29188] IBM AIX bos.rte.lvm mkvg Path Subversion Local Privilege Escalation
8135| [29185] IBM AIX bos.net.uucp uucp Path Subversion Privilege Escalation
8136| [29132] Diebold AccuVote External Flash Drive Boot Subversion
8137| [29084] BlackICE PC Protection pamversion.dll Path Subversion Local Privilege Escalation
8138| [28226] IBM AIX mkvg Path Subversion Local Privilege Escalation
8139| [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation
8140| [27785] CA eTrust Antivirus WebScan ActiveX Control Crafted File Update Subversion
8141| [27738] Apple Mac OS X dyld Search Path Subversion Arbitrary Code Execution
8142| [27039] WebEx Downloader Plug-in ActiveX/Java Source Subversion Arbitrary Program Execution
8143| [26145] XAMPP Installation Path Subversion Local Privilege Escalation
8144| [25818] AWStats AWSTATS_ENABLE_CONFIG_DIR Path Subversion Privilege Escalation
8145| [25161] EMC Retrospect Retrospect.exe Path Subversion Local Privilege Escalation
8146| [25131] TrueCrypt External Command Path Subversion Local Privilege Escalation
8147| [24701] Symantec LiveUpdate for Macintosh Path Subversion Local Privilege Escalation
8148| [23942] Beagle beagle-status Path Subversion Arbitrary Command Execution
8149| [23829] ZoneAlarm Security Suite VSMON.exe Path Subversion Local Privilege Escalation
8150| [23583] NCP Secure Entry Client ncprwsnt Path Subversion Local Privilege Escalation
8151| [23504] Safe'nSec snsmcon.exe Path Subversion Local Privilege Escalation
8152| [23111] SUSE Linux ld RPATH Variable Subversion Privilege Escalation
8153| [22970] OProfile opcontrol Path Subversion Privilege Escalation
8154| [22967] QNX Neutrino RTOS crttrap LD_LIBRARY_PATH Subversion Privilege Escalation
8155| [22963] QNX Neutrino RTOS phfont Path Subversion Privilege Escalation
8156| [22916] Macromedia Multiple Products Licensing Service Path Subversion Local Privilege Escalation
8157| [22757] WehnTrust Path Subversion Local Privilege Escalation
8158| [22703] Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Local Privilege Escalation
8159| [22702] SunJavaUpdateSched jusched.exe Path Subversion Local Privilege Escalation
8160| [22094] XnView RPATH Subversion Local Privilege Escalation
8161| [22093] NView RPATH Subversion Local Privilege Escalation
8162| [21011] VMware Workstation Search Path Subversion Local Privilege Escalation
8163| [21010] RealPlayer Path Subversion Local Privilege Escalation
8164| [21009] Kaspersky Anti-Virus Search Path Subversion Local Privilege Escalation
8165| [20988] Apple iTunes iTunesHelper.exe Path Subversion Local Privilege Escalation
8166| [20115] Symantec Norton Anti-Virus DiskMountNotify Path Subversion Privilege Escalation
8167| [19982] SuSE Linux beagle LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
8168| [19486] Enigmail Crafted Key Import Encryption Subversion
8169| [19289] Gentoo net-snmp Perl Modules DT_RPATH Subversion Local Privilege Escalation
8170| [17963] IBM AIX sysback Path Subversion Privilege Escalation
8171| [17088] Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation
8172| [15890] Opera Gentoo Linux Plugin Path Subversion Privilege Escalation
8173| [15825] dBpowerAMP Music Converter Path Subversion Privilege Escalation
8174| [15818] BitDefender Path Subversion Security Bypass
8175| [15624] Musicmatch MMFWLaunch.exe Path Subversion Privilege Escalation
8176| [15355] ifinfo Path Subversion Arbitrary Program Execution
8177| [15164] ACPI BIOS MBR Bootable Partition Subversion DoS
8178| [14554] SAP DB lserver Path Subversion Privilege Escalation
8179| [14316] Qt Library Path Subversion Arbitrary Code Execution
8180| [13823] VMware Workstation gdk-pixbuf Path Subversion Privilege Escalation
8181| [13798] xitetris PATH Environment Variable Subversion Privilege Escalation
8182| [13797] itetris PATH Environment Variable Subversion Privilege Escalation
8183| [13796] GTK+ Library gtk_program GTK_MODULES Variable Subversion Privilege Escalation
8184| [13758] Red Hat Linux restore RSH Environment Variable Subversion Local Privilege Escalation
8185| [13747] Red Hat Linux dump RSH Environment Variable Subversion Privilege Escalation
8186| [13539] Red Hat Linux abuse.console PATH Subversion Privilege Escalation
8187| [13513] Slackware Linux Default PATH Subversion Privilege Escalation
8188| [13364] GNU Common C++ keydata Config File Path Subversion
8189| [12616] IBM AIX lsmcode Path Subversion Privilege Escalation
8190| [12615] IBM AIX diag_exec Path Subversion Privilege Escalation
8191| [12614] IBM AIX invscoutd Path Subversion Privilege Escalation
8192| [12531] IBM AIX invscout Path Subversion Privilege Escalation
8193| [12530] IBM AIX chcod Path Subversion Privilege Escalation
8194| [12529] IBM AIX Dctrl Environment Variable Path Subversion Privilege Escalation
8195| [12435] ChangePassword changepassword.cgi PATH Subversion Local Privilege Escalation
8196| [12315] Slackware Linux rc.M quotacheck -M Filesystem Security Subversion
8197| [12298] Adobe Version Cue startserver.sh PATH Subversion Local Privilege Escalation
8198| [12297] Adobe Version Cue stopserver.sh PATH Subversion Local Privilege Escalation
8199| [12214] QNX Neutrino RTOS PATH Environment Variable Subversion Local Privilege Escalation
8200| [12012] PHPNetToolpack PATH Subversion Local Privilege Escalation
8201| [11870] LuxMan Maped PATH Subversion Privilege Escalation
8202| [11716] sudo Bash Script Subversion Arbitrary Command Execution
8203| [11354] HP-UX CDE PATH Variable Subversion Privilege Escalation
8204| [11293] KDE KDEDIR Path Subversion Privilege Escalation
8205| [11189] FreeBSD bmon Port Relative Path Subversion Privilege Escalation
8206| [11028] HP-UX stmkfont Path Subversion Local Privilege Escalation
8207| [10217] Subversion (SVN) mod_authz_svn Unreadable Path Metadata Information Disclosure
8208| [9956] QNX RTP crrtrap Path Subversion Race Condition
8209| [9673] IBM U2 UniVerse uvadmsh uv.install PATH Subversion Privilege Escalation
8210| [9611] HP-UX 1999 aserver Path Subversion Local Privilege Escalation
8211| [9610] HP-UX 1998 aserver Path Subversion Local Privilege Escalation
8212| [9602] HP-UX subnetconfig Path Subversion Local Privilege Escalation
8213| [9564] scponly SSH Path Environment Subversion Privilege Escalation
8214| [9456] Oracle dbsnmp PATH Variable Subversion Privilege Escalation
8215| [9455] Oracle dbsnmp ORACLE_HOME Path Subversion Privilege Escalation
8216| [8239] Subversion (SVN) mod_authz_svn Restricted File Access Bypass
8217| [6935] Subversion (SVN) svnserver svn:// Protocol Handler Remote Overflow
8218| [6301] Subversion (SVN) apr_time_t data Conversion Remote Overflow
8219| [6022] Joe's Own Editor (joe) .joerc Path Subversion Arbitrary Command Execution
8220| [5996] FreeBSD seyon PATH Variable Subversion Local Privilege Escalation
8221| [5800] GNU groff Path Environment Subversion Local Privilege Escalation
8222| [2157] Progress Database libjutil.so PATH Subversion Privilege Escalation
8223| [1501] Raptor GFX pgxconfig Path Subversion Local Privilege Escalation
8224| [1420] Secure Locate (slocate) on Red Hat Linux LOCATE_PATH Variable Path Subversion Privilege Escalation
8225| [1259] Linux kreatecd Path Subversion Privilege Escalation
8226| [1196] get_it on Corel Linux Path Subversion Privilege Escalation
8227| [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation
8228| [993] IRIX netprint PATH Subversion Privilege Escalation
8229| [955] INN inndstart INNCONF Path Subversion Privilege Escalation
8230| [614] Unix news uux Path Subversion Arbitrary Command Execution
8231|_
82328443/tcp open ssl/https-alt?
82339080/tcp closed glrpc
82341 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
8235SF-Port53-TCP:V=7.80%I=7%D=11/10%Time=5DC7ABED%P=x86_64-pc-linux-gnu%r(DNS
8236SF:VersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\
8237SF:x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c
8238SF:\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
8239Service Info: Hosts: localhost.localdomain, gamma.centralprocessingunit.com; OS: Unix
8240
8241Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
8242Nmap done: 1 IP address (1 host up) scanned in 78.71 seconds
8243#######################################################################################################################################
8244Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 00:51 EST
8245Stats: 0:04:16 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
8246NSE Timing: About 71.23% done; ETC: 00:57 (0:01:37 remaining)
8247NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
8248NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
8249NSE: [ftp-brute] passwords: Time limit 10m00s exceeded.
8250Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
8251Host is up (0.53s latency).
8252
8253PORT STATE SERVICE VERSION
825421/tcp open ftp ProFTPD 1.3.5b
8255| ftp-brute:
8256| Accounts: No valid accounts found
8257|_ Statistics: Performed 3907 guesses in 603 seconds, average tps: 6.3
8258| vulscan: VulDB - https://vuldb.com:
8259| [138380] ProFTPD 1.3.5b mod_copy Code Execution
8260| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
8261|
8262| MITRE CVE - https://cve.mitre.org:
8263| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
8264| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
8265| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
8266| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
8267| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
8268| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
8269| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
8270| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
8271| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
8272| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
8273| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
8274| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
8275| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
8276| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
8277| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
8278| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
8279| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
8280| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8281|
8282| SecurityFocus - https://www.securityfocus.com/bid/:
8283| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
8284|
8285| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8286| [80980] ProFTPD FTP commands symlink
8287| [71226] ProFTPD pool code execution
8288| [65207] ProFTPD mod_sftp module denial of service
8289| [64495] ProFTPD sql_prepare_where() buffer overflow
8290| [63658] ProFTPD FTP server backdoor
8291| [63407] mod_sql module for ProFTPD buffer overflow
8292| [63155] ProFTPD pr_data_xfer denial of service
8293| [62909] ProFTPD mod_site_misc directory traversal
8294| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
8295| [53936] ProFTPD mod_tls SSL certificate security bypass
8296| [48951] ProFTPD mod_sql username percent SQL injection
8297| [48558] ProFTPD NLS support SQL injection protection bypass
8298| [45274] ProFTPD URL cross-site request forgery
8299| [33733] ProFTPD Auth API security bypass
8300| [31461] ProFTPD mod_radius buffer overflow
8301| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
8302| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
8303| [30147] ProFTPD sreplace() buffer overflow
8304| [21530] ProFTPD mod_sql format string attack
8305| [21528] ProFTPD shutdown message format string attack
8306| [19410] GProFTPD file name format string attack
8307| [18453] ProFTPD SITE CHGRP command allows group ownership modification
8308| [17724] ProFTPD could allow an attacker to obtain valid accounts
8309| [16038] ProFTPD CIDR entry ACL bypass
8310| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
8311| [12369] ProFTPD mod_sql SQL injection
8312| [12200] ProFTPD ASCII file newline buffer overflow
8313| [10932] ProFTPD long PASS command buffer overflow
8314| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
8315| [7818] ProFTPD ls "
8316| [7816] ProFTPD file globbing denial of service
8317| [7126] ProFTPD fails to resolve hostnames
8318| [6433] ProFTPD format string
8319| [6209] proFTPD /var symlink
8320| [6208] ProFTPD contains configuration error in postinst script when running as root
8321| [5801] proftpd memory leak when using SIZE or USER commands
8322| [5737] ProFTPD system using mod_sqlpw unauthorized access
8323|
8324| Exploit-DB - https://www.exploit-db.com:
8325| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
8326| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
8327| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
8328| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
8329| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
8330| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
8331| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
8332| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
8333| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
8334| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
8335| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
8336|
8337| OpenVAS (Nessus) - http://www.openvas.org:
8338| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
8339| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
8340|
8341| SecurityTracker - https://www.securitytracker.com:
8342| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
8343| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
8344| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
8345| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
8346| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
8347| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
8348| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
8349| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
8350| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
8351| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
8352| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
8353| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
8354| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
8355| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
8356|
8357| OSVDB - http://www.osvdb.org:
8358| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
8359| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
8360| [70868] ProFTPD mod_sftp Component SSH Payload DoS
8361| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
8362| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
8363| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
8364| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
8365| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
8366| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
8367| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
8368| [57310] ProFTPD Multiple Unspecified Overflows
8369| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
8370| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
8371| [57307] ProFTPD Multiple Modules Unspecified Overflows
8372| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
8373| [57305] ProFTPD src/main.c Unspecified Overflow
8374| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
8375| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
8376| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
8377| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
8378| [51849] ProFTPD Character Encoding SQL Injection
8379| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
8380| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
8381| [48411] ProFTPD FTP Command Truncation CSRF
8382| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
8383| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
8384| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
8385| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
8386| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
8387| [23063] ProFTPD mod_radius Password Overflow DoS
8388| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
8389| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
8390| [18270] ProFTPD ftpshut Shutdown Message Format String
8391| [14012] GProftpd gprostats Utility Log Parser Remote Format String
8392| [10769] ProFTPD File Transfer Newline Character Overflow
8393| [10768] ProFTPD STAT Command Remote DoS
8394| [10758] ProFTPD Login Timing Account Name Enumeration
8395| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
8396| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
8397| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
8398| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
8399| [7165] ProFTPD USER Command Memory Leak DoS
8400| [5744] ProFTPD CIDR IP Subnet ACL Bypass
8401| [5705] ProFTPD Malformed cwd Command Format String
8402| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
8403| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
8404| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
8405|_
8406Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8407Device type: general purpose|storage-misc|firewall|VoIP phone
8408Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Synology DiskStation Manager 5.X (90%), WatchGuard Fireware 11.X (89%), Grandstream embedded (85%)
8409OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/h:grandstream:gxv3275
8410Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), Linux 3.4 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 3.10 (89%), WatchGuard Fireware 11.8 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
8411No exact OS matches for host (test conditions non-ideal).
8412Network Distance: 11 hops
8413Service Info: OS: Unix
8414
8415TRACEROUTE (using port 21/tcp)
8416HOP RTT ADDRESS
84171 318.40 ms 10.247.204.1
84182 477.17 ms 213.184.122.97
84193 477.13 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
84204 477.17 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
84215 477.26 ms bzq-219-189-50.dsl.bezeqint.net (62.219.189.50)
84226 477.26 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153)
84237 477.30 ms bzq-179-124-42.cust.bezeqint.net (212.179.124.42)
84248 678.25 ms xe-11-3-1.cr6-lax2.ip4.gtt.net (141.136.107.41)
84259 678.23 ms ip4.gtt.net (69.174.20.70)
842610 477.29 ms ip4.gtt.net (69.174.20.70)
842711 354.18 ms tss.centralprocessingunit.com (107.152.98.18)
8428######################################################################################################################################
8429http://' + (location.hostname.indexOf(':')>=0?'['+location.hostname+']':location.hostname) + ':8880/javascript/promo-flags.js.php
8430http://www.parallels.com/en/virtuozzo/
8431http://www.parallels.com/intro
8432http://www.parallels.com/products/automation/intro
8433http://www.parallels.com/products/containers/intro
8434http://www.parallels.com/products/desktop/intro
8435http://www.parallels.com/products/desktop/pd4wl/intro
8436http://www.parallels.com/products/panel/intro
8437http://www.parallels.com/products/server/intro
8438######################################################################################################################################
8439http://107.152.98.18 [200 OK] Apache, Country[UNITED STATES][US], HTML5, HTTPServer[Apache], IP[107.152.98.18], Plesk[Lin], Script, Title[Default Parallels Plesk Panel Page], X-Powered-By[PleskLin], X-UA-Compatible[IE=edge]
8440######################################################################################################################################
8441
8442wig - WebApp Information Gatherer
8443
8444
8445Scanning http://107.152.98.18...
8446___________________________________________ SITE INFO ___________________________________________
8447IP Title
8448107.152.98.18 Default Parallels Plesk Panel Page
8449
8450____________________________________________ VERSION ____________________________________________
8451Name Versions Type
8452Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
8453 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
8454 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
8455 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
8456 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
8457 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
8458
8459_________________________________________________________________________________________________
8460Time: 98.2 sec Urls: 818 Fingerprints: 40401
8461#######################################################################################################################################
8462Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 01:05 EST
8463NSE: Loaded 163 scripts for scanning.
8464NSE: Script Pre-scanning.
8465Initiating NSE at 01:05
8466Completed NSE at 01:05, 0.00s elapsed
8467Initiating NSE at 01:05
8468Completed NSE at 01:05, 0.00s elapsed
8469Initiating Parallel DNS resolution of 1 host. at 01:05
8470Completed Parallel DNS resolution of 1 host. at 01:05, 0.02s elapsed
8471Initiating SYN Stealth Scan at 01:05
8472Scanning tss.centralprocessingunit.com (107.152.98.18) [1 port]
8473Discovered open port 80/tcp on 107.152.98.18
8474Completed SYN Stealth Scan at 01:05, 0.57s elapsed (1 total ports)
8475Initiating Service scan at 01:05
8476Scanning 1 service on tss.centralprocessingunit.com (107.152.98.18)
8477Completed Service scan at 01:05, 6.77s elapsed (1 service on 1 host)
8478Initiating OS detection (try #1) against tss.centralprocessingunit.com (107.152.98.18)
8479Retrying OS detection (try #2) against tss.centralprocessingunit.com (107.152.98.18)
8480Initiating Traceroute at 01:05
8481Completed Traceroute at 01:06, 1.00s elapsed
8482Initiating Parallel DNS resolution of 11 hosts. at 01:06
8483Completed Parallel DNS resolution of 11 hosts. at 01:06, 0.73s elapsed
8484NSE: Script scanning 107.152.98.18.
8485Initiating NSE at 01:06
8486Completed NSE at 01:07, 114.48s elapsed
8487Initiating NSE at 01:07
8488Completed NSE at 01:07, 2.07s elapsed
8489Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
8490Host is up (0.53s latency).
8491
8492PORT STATE SERVICE VERSION
849380/tcp open http Apache httpd (PleskLin)
8494| http-brute:
8495|_ Path "/" does not require authentication
8496|_http-chrono: ERROR: Script execution failed (use -d to debug)
8497|_http-csrf: Couldn't find any CSRF vulnerabilities.
8498|_http-date: Sun, 10 Nov 2019 06:06:11 GMT; -1s from local time.
8499|_http-dombased-xss: Couldn't find any DOM based XSS.
8500|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
8501|_http-errors: Couldn't find any error pages.
8502|_http-feed: Couldn't find any feeds.
8503|_http-fetch: Please enter the complete path of the directory to save data in.
8504| http-headers:
8505| Date: Sun, 10 Nov 2019 06:06:07 GMT
8506| Server: Apache
8507| Last-Modified: Wed, 22 Jan 2014 11:56:25 GMT
8508| ETag: "1f2148f-2816-4f08dd0738770"
8509| Accept-Ranges: bytes
8510| Content-Length: 10262
8511| X-Powered-By: PleskLin
8512| Connection: close
8513| Content-Type: text/html
8514|
8515|_ (Request type: HEAD)
8516|_http-jsonp-detection: Couldn't find any JSONP endpoints.
8517| http-methods:
8518|_ Supported Methods: GET HEAD POST OPTIONS
8519|_http-mobileversion-checker: No mobile version detected.
8520| http-php-version: Logo query returned unknown hash 78133a00c319ac2a4a758a1163260e10
8521|_Credits query returned unknown hash 78133a00c319ac2a4a758a1163260e10
8522|_http-security-headers:
8523|_http-server-header: Apache
8524| http-sitemap-generator:
8525| Directory structure:
8526| Longest directory structure:
8527| Depth: 0
8528| Dir: /
8529| Total files found (by extension):
8530|_
8531|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
8532|_http-title: Default Parallels Plesk Panel Page
8533| http-vhosts:
8534|_127 names had status 200
8535|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
8536|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
8537|_http-xssed: No previously reported XSS vuln.
8538| vulscan: VulDB - https://vuldb.com:
8539| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8540| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8541| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8542| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8543| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8544| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8545| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8546| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8547| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8548| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8549| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8550| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8551| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8552| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8553| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8554| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8555| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8556| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8557| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8558| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8559| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8560| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8561| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8562| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8563| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8564| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8565| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8566| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8567| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8568| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8569| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8570| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8571| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8572| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8573| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
8574| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8575| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
8576| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
8577| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
8578| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
8579| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8580| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8581| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
8582| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
8583| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
8584| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8585| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8586| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
8587| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
8588| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8589| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8590| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
8591| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
8592| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
8593| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
8594| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
8595| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
8596| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
8597| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
8598| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
8599| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
8600| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8601| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8602| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
8603| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
8604| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8605| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
8606| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
8607| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
8608| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
8609| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
8610| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
8611| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
8612| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
8613| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
8614| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
8615| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
8616| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
8617| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
8618| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
8619| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
8620| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
8621| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
8622| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
8623| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
8624| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
8625| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
8626| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
8627| [136370] Apache Fineract up to 1.2.x sql injection
8628| [136369] Apache Fineract up to 1.2.x sql injection
8629| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
8630| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
8631| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
8632| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
8633| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
8634| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8635| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8636| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8637| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8638| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8639| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8640| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8641| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8642| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8643| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8644| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8645| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8646| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8647| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8648| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8649| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8650| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8651| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8652| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8653| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8654| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8655| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8656| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8657| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8658| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8659| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8660| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8661| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8662| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8663| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8664| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8665| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8666| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8667| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8668| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8669| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8670| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8671| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8672| [130629] Apache Guacamole Cookie Flag weak encryption
8673| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8674| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8675| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8676| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8677| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8678| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8679| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8680| [130123] Apache Airflow up to 1.8.2 information disclosure
8681| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8682| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8683| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8684| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8685| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8686| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8687| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8688| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8689| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8690| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8691| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8692| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8693| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8694| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8695| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8696| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8697| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8698| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8699| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8700| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8701| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8702| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8703| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8704| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8705| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8706| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8707| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8708| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8709| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8710| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8711| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8712| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8713| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8714| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8715| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8716| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8717| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8718| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8719| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8720| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8721| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8722| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8723| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8724| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8725| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8726| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8727| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8728| [127007] Apache Spark Request Code Execution
8729| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8730| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8731| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8732| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8733| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8734| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8735| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8736| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8737| [126346] Apache Tomcat Path privilege escalation
8738| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8739| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8740| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8741| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8742| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8743| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8744| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8745| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8746| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8747| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8748| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8749| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8750| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8751| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8752| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8753| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8754| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8755| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8756| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8757| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8758| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8759| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8760| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8761| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8762| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8763| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8764| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8765| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8766| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8767| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8768| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8769| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8770| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8771| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8772| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8773| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8774| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8775| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8776| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8777| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8778| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8779| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8780| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8781| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8782| [123197] Apache Sentry up to 2.0.0 privilege escalation
8783| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8784| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8785| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8786| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8787| [122800] Apache Spark 1.3.0 REST API weak authentication
8788| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8789| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8790| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8791| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8792| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8793| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8794| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8795| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8796| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8797| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8798| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8799| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8800| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8801| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8802| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8803| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8804| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8805| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8806| [121354] Apache CouchDB HTTP API Code Execution
8807| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8808| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8809| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8810| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8811| [120168] Apache CXF weak authentication
8812| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8813| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8814| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8815| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8816| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8817| [119306] Apache MXNet Network Interface privilege escalation
8818| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8819| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8820| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8821| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8822| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8823| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8824| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8825| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8826| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8827| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8828| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8829| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8830| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8831| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8832| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8833| [117115] Apache Tika up to 1.17 tika-server command injection
8834| [116929] Apache Fineract getReportType Parameter privilege escalation
8835| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8836| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8837| [116926] Apache Fineract REST Parameter privilege escalation
8838| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8839| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8840| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8841| [115883] Apache Hive up to 2.3.2 privilege escalation
8842| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8843| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8844| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8845| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8846| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8847| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8848| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8849| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8850| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8851| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8852| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8853| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8854| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8855| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8856| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8857| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8858| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8859| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8860| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8861| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8862| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8863| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8864| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8865| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8866| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8867| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8868| [113895] Apache Geode up to 1.3.x Code Execution
8869| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8870| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8871| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8872| [113747] Apache Tomcat Servlets privilege escalation
8873| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8874| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8875| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8876| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8877| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8878| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8879| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8880| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8881| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8882| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8883| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8884| [112885] Apache Allura up to 1.8.0 File information disclosure
8885| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8886| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8887| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8888| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8889| [112625] Apache POI up to 3.16 Loop denial of service
8890| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8891| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8892| [112339] Apache NiFi 1.5.0 Header privilege escalation
8893| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8894| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8895| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8896| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8897| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8898| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8899| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8900| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8901| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8902| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8903| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8904| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8905| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8906| [112114] Oracle 9.1 Apache Log4j privilege escalation
8907| [112113] Oracle 9.1 Apache Log4j privilege escalation
8908| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8909| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8910| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8911| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8912| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8913| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8914| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8915| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8916| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8917| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8918| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8919| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8920| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8921| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8922| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8923| [110701] Apache Fineract Query Parameter sql injection
8924| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8925| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8926| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8927| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8928| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8929| [110106] Apache CXF Fediz Spring cross site request forgery
8930| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8931| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8932| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8933| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8934| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8935| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8936| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8937| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8938| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8939| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8940| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8941| [108938] Apple macOS up to 10.13.1 apache denial of service
8942| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8943| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8944| [108935] Apple macOS up to 10.13.1 apache denial of service
8945| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8946| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8947| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8948| [108931] Apple macOS up to 10.13.1 apache denial of service
8949| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8950| [108929] Apple macOS up to 10.13.1 apache denial of service
8951| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8952| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8953| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8954| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8955| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8956| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8957| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8958| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8959| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8960| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8961| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8962| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8963| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8964| [108782] Apache Xerces2 XML Service denial of service
8965| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8966| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8967| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8968| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8969| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8970| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8971| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8972| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8973| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8974| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8975| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8976| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8977| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8978| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8979| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8980| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8981| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8982| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8983| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8984| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8985| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8986| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8987| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8988| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8989| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8990| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8991| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8992| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8993| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8994| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8995| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8996| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8997| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8998| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8999| [107639] Apache NiFi 1.4.0 XML External Entity
9000| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9001| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9002| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9003| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9004| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9005| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9006| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9007| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9008| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9009| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9010| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9011| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9012| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9013| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9014| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9015| [107084] Apache Struts up to 2.3.19 cross site scripting
9016| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9017| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9018| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9019| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9020| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9021| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9022| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9023| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9024| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9025| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9026| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9027| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9028| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9029| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9030| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9031| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9032| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9033| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9034| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9035| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9036| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9037| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9038| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9039| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9040| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9041| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9042| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9043| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9044| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9045| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9046| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9047| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9048| [105643] Apache Pony Mail up to 0.8b weak authentication
9049| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9050| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9051| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9052| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9053| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9054| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9055| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9056| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9057| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9058| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9059| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9060| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9061| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9062| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9063| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9064| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9065| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9066| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9067| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9068| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9069| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9070| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9071| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9072| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9073| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9074| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9075| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9076| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9077| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9078| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9079| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9080| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9081| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9082| [103690] Apache OpenMeetings 1.0.0 sql injection
9083| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9084| [103688] Apache OpenMeetings 1.0.0 weak encryption
9085| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9086| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9087| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9088| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9089| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9090| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9091| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9092| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9093| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9094| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9095| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9096| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9097| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9098| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9099| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9100| [103352] Apache Solr Node weak authentication
9101| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9102| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9103| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9104| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
9105| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9106| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9107| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9108| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9109| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9110| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9111| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9112| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9113| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9114| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9115| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9116| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9117| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9118| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9119| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9120| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
9121| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9122| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9123| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9124| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9125| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9126| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9127| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9128| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9129| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9130| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9131| [99937] Apache Batik up to 1.8 privilege escalation
9132| [99936] Apache FOP up to 2.1 privilege escalation
9133| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9134| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9135| [99930] Apache Traffic Server up to 6.2.0 denial of service
9136| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9137| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9138| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9139| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9140| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9141| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9142| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9143| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9144| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9145| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9146| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9147| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9148| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9149| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9150| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9151| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9152| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9153| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9154| [98605] Apple macOS up to 10.12.3 Apache denial of service
9155| [98604] Apple macOS up to 10.12.3 Apache denial of service
9156| [98603] Apple macOS up to 10.12.3 Apache denial of service
9157| [98602] Apple macOS up to 10.12.3 Apache denial of service
9158| [98601] Apple macOS up to 10.12.3 Apache denial of service
9159| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9160| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9161| [98199] Apache Camel Validation XML External Entity
9162| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9163| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9164| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9165| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9166| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9167| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9168| [97081] Apache Tomcat HTTPS Request denial of service
9169| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9170| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9171| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9172| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9173| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9174| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9175| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9176| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9177| [95311] Apache Storm UI Daemon privilege escalation
9178| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9179| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9180| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9181| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9182| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9183| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9184| [94540] Apache Tika 1.9 tika-server File information disclosure
9185| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9186| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9187| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9188| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9189| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9190| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9191| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9192| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9193| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9194| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9195| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9196| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9197| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9198| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9199| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9200| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9201| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9202| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9203| [93532] Apache Commons Collections Library Java privilege escalation
9204| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9205| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9206| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9207| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9208| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9209| [93098] Apache Commons FileUpload privilege escalation
9210| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9211| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9212| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9213| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9214| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9215| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9216| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9217| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9218| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9219| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9220| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9221| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9222| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9223| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9224| [92549] Apache Tomcat on Red Hat privilege escalation
9225| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9226| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9227| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9228| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9229| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9230| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9231| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9232| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9233| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9234| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9235| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9236| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9237| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9238| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9239| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9240| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9241| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9242| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9243| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9244| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9245| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9246| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9247| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9248| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9249| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9250| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9251| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9252| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9253| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9254| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9255| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9256| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9257| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9258| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9259| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9260| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9261| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9262| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9263| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9264| [90263] Apache Archiva Header denial of service
9265| [90262] Apache Archiva Deserialize privilege escalation
9266| [90261] Apache Archiva XML DTD Connection privilege escalation
9267| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9268| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9269| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9270| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9271| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9272| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9273| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9274| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9275| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9276| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9277| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9278| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9279| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9280| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9281| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9282| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9283| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9284| [87765] Apache James Server 2.3.2 Command privilege escalation
9285| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9286| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9287| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9288| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9289| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9290| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9291| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9292| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9293| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9294| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9295| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9296| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9297| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9298| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9299| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9300| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9301| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9302| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
9303| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9304| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9305| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9306| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9307| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9308| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9309| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9310| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9311| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9312| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9313| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9314| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9315| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9316| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9317| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9318| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9319| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9320| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9321| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9322| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9323| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9324| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9325| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9326| [82076] Apache Ranger up to 0.5.1 privilege escalation
9327| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9328| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9329| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9330| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9331| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9332| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9333| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9334| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9335| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9336| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9337| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9338| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9339| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9340| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9341| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9342| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9343| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9344| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9345| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9346| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9347| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9348| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9349| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9350| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9351| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9352| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9353| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9354| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9355| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9356| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9357| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9358| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9359| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9360| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9361| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9362| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9363| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9364| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9365| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9366| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9367| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9368| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9369| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9370| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9371| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9372| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9373| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9374| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9375| [78989] Apache Ambari up to 2.1.1 Open Redirect
9376| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9377| [78987] Apache Ambari up to 2.0.x cross site scripting
9378| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9379| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9380| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9381| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9382| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9383| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9384| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9385| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9386| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9387| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9388| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9389| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9390| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9391| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9392| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9393| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9394| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9395| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9396| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9397| [76567] Apache Struts 2.3.20 unknown vulnerability
9398| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9399| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9400| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9401| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9402| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9403| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9404| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9405| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9406| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9407| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9408| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9409| [74793] Apache Tomcat File Upload denial of service
9410| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9411| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9412| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9413| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9414| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9415| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9416| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9417| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9418| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9419| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9420| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9421| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9422| [74468] Apache Batik up to 1.6 denial of service
9423| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9424| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9425| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9426| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9427| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9428| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9429| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9430| [73731] Apache XML Security unknown vulnerability
9431| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9432| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9433| [73593] Apache Traffic Server up to 5.1.0 denial of service
9434| [73511] Apache POI up to 3.10 Deadlock denial of service
9435| [73510] Apache Solr up to 4.3.0 cross site scripting
9436| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9437| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9438| [73173] Apache CloudStack Stack-Based unknown vulnerability
9439| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9440| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9441| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9442| [72890] Apache Qpid 0.30 unknown vulnerability
9443| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9444| [72878] Apache Cordova 3.5.0 cross site request forgery
9445| [72877] Apache Cordova 3.5.0 cross site request forgery
9446| [72876] Apache Cordova 3.5.0 cross site request forgery
9447| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9448| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9449| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9450| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9451| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9452| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9453| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9454| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9455| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9456| [71629] Apache Axis2/C spoofing
9457| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9458| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9459| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9460| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9461| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9462| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9463| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9464| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9465| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9466| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9467| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9468| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9469| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9470| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9471| [70809] Apache POI up to 3.11 Crash denial of service
9472| [70808] Apache POI up to 3.10 unknown vulnerability
9473| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9474| [70749] Apache Axis up to 1.4 getCN spoofing
9475| [70701] Apache Traffic Server up to 3.3.5 denial of service
9476| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9477| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9478| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9479| [70661] Apache Subversion up to 1.6.17 denial of service
9480| [70660] Apache Subversion up to 1.6.17 spoofing
9481| [70659] Apache Subversion up to 1.6.17 spoofing
9482| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9483| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9484| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9485| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9486| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9487| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9488| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9489| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9490| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9491| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9492| [69846] Apache HBase up to 0.94.8 information disclosure
9493| [69783] Apache CouchDB up to 1.2.0 memory corruption
9494| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9495| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9496| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9497| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9498| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9499| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9500| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9501| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9502| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9503| [69431] Apache Archiva up to 1.3.6 cross site scripting
9504| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9505| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9506| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9507| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9508| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9509| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9510| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9511| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9512| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9513| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9514| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9515| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9516| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9517| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9518| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9519| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9520| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9521| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9522| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9523| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9524| [66356] Apache Wicket up to 6.8.0 information disclosure
9525| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9526| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9527| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9528| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9529| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9530| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9531| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9532| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9533| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9534| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9535| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9536| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9537| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9538| [65668] Apache Solr 4.0.0 Updater denial of service
9539| [65665] Apache Solr up to 4.3.0 denial of service
9540| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9541| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9542| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9543| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9544| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9545| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9546| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9547| [65410] Apache Struts 2.3.15.3 cross site scripting
9548| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9549| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9550| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9551| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9552| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9553| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9554| [65340] Apache Shindig 2.5.0 information disclosure
9555| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9556| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9557| [10826] Apache Struts 2 File privilege escalation
9558| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9559| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9560| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9561| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9562| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9563| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9564| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9565| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9566| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9567| [64722] Apache XML Security for C++ Heap-based memory corruption
9568| [64719] Apache XML Security for C++ Heap-based memory corruption
9569| [64718] Apache XML Security for C++ verify denial of service
9570| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9571| [64716] Apache XML Security for C++ spoofing
9572| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9573| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9574| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9575| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9576| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9577| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9578| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9579| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9580| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9581| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9582| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9583| [64467] Apache Geronimo 3.0 memory corruption
9584| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9585| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9586| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9587| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9588| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9589| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9590| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9591| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9592| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9593| [8873] Apache Struts 2.3.14 privilege escalation
9594| [8872] Apache Struts 2.3.14 privilege escalation
9595| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9596| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9597| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9598| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9599| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9600| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9601| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9602| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9603| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9604| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9605| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9606| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9607| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9608| [8427] Apache Tomcat Session Transaction weak authentication
9609| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9610| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9611| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9612| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9613| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9614| [63747] Apache Rave up to 0.20 User Account information disclosure
9615| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9616| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9617| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9618| [7687] Apache CXF up to 2.7.2 Token weak authentication
9619| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9620| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9621| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9622| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9623| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9624| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9625| [63090] Apache Tomcat up to 4.1.24 denial of service
9626| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9627| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9628| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9629| [62833] Apache CXF -/2.6.0 spoofing
9630| [62832] Apache Axis2 up to 1.6.2 spoofing
9631| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9632| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9633| [62826] Apache Libcloud up to 0.11.0 spoofing
9634| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9635| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9636| [62661] Apache Axis2 unknown vulnerability
9637| [62658] Apache Axis2 unknown vulnerability
9638| [62467] Apache Qpid up to 0.17 denial of service
9639| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9640| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9641| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9642| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9643| [62035] Apache Struts up to 2.3.4 denial of service
9644| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
9645| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9646| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9647| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9648| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9649| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9650| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9651| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9652| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9653| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9654| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9655| [61229] Apache Sling up to 2.1.1 denial of service
9656| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9657| [61094] Apache Roller up to 5.0 cross site scripting
9658| [61093] Apache Roller up to 5.0 cross site request forgery
9659| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9660| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9661| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9662| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9663| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9664| [60708] Apache Qpid 0.12 unknown vulnerability
9665| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9666| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9667| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9668| [4882] Apache Wicket up to 1.5.4 directory traversal
9669| [4881] Apache Wicket up to 1.4.19 cross site scripting
9670| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9671| [60352] Apache Struts up to 2.2.3 memory corruption
9672| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9673| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9674| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9675| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9676| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9677| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9678| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9679| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9680| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9681| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9682| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9683| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9684| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9685| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9686| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9687| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9688| [59888] Apache Tomcat up to 6.0.6 denial of service
9689| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9690| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9691| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9692| [59850] Apache Geronimo up to 2.2.1 denial of service
9693| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9694| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9695| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9696| [58413] Apache Tomcat up to 6.0.10 spoofing
9697| [58381] Apache Wicket up to 1.4.17 cross site scripting
9698| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9699| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9700| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9701| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9702| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9703| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9704| [57568] Apache Archiva up to 1.3.4 cross site scripting
9705| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9706| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9707| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9708| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9709| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9710| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9711| [57025] Apache Tomcat up to 7.0.11 information disclosure
9712| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9713| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9714| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9715| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9716| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9717| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9718| [56512] Apache Continuum up to 1.4.0 cross site scripting
9719| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9720| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9721| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9722| [56441] Apache Tomcat up to 7.0.6 denial of service
9723| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9724| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9725| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9726| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9727| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9728| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9729| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9730| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9731| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9732| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9733| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9734| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9735| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9736| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9737| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9738| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9739| [54012] Apache Tomcat up to 6.0.10 denial of service
9740| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9741| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9742| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9743| [52894] Apache Tomcat up to 6.0.7 information disclosure
9744| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9745| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9746| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9747| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9748| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9749| [52584] Apache CouchDB up to 0.10.1 information disclosure
9750| [51757] Apache HTTP Server 2.0.44 cross site scripting
9751| [51756] Apache HTTP Server 2.0.44 spoofing
9752| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9753| [51690] Apache Tomcat up to 6.0 directory traversal
9754| [51689] Apache Tomcat up to 6.0 information disclosure
9755| [51688] Apache Tomcat up to 6.0 directory traversal
9756| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9757| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9758| [50626] Apache Solr 1.0.0 cross site scripting
9759| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9760| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9761| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9762| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9763| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9764| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9765| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9766| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9767| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9768| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9769| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9770| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9771| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9772| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9773| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9774| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9775| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9776| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9777| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9778| [47214] Apachefriends xampp 1.6.8 spoofing
9779| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9780| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9781| [47065] Apache Tomcat 4.1.23 cross site scripting
9782| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9783| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9784| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9785| [86625] Apache Struts directory traversal
9786| [44461] Apache Tomcat up to 5.5.0 information disclosure
9787| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9788| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9789| [43663] Apache Tomcat up to 6.0.16 directory traversal
9790| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9791| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9792| [43516] Apache Tomcat up to 4.1.20 directory traversal
9793| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9794| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9795| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9796| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9797| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9798| [40924] Apache Tomcat up to 6.0.15 information disclosure
9799| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9800| [40922] Apache Tomcat up to 6.0 information disclosure
9801| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9802| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9803| [40656] Apache Tomcat 5.5.20 information disclosure
9804| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9805| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9806| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9807| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9808| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9809| [40234] Apache Tomcat up to 6.0.15 directory traversal
9810| [40221] Apache HTTP Server 2.2.6 information disclosure
9811| [40027] David Castro Apache Authcas 0.4 sql injection
9812| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9813| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9814| [3414] Apache Tomcat WebDAV Stored privilege escalation
9815| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9816| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9817| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9818| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9819| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9820| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9821| [38524] Apache Geronimo 2.0 unknown vulnerability
9822| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9823| [38331] Apache Tomcat 4.1.24 information disclosure
9824| [38330] Apache Tomcat 4.1.24 information disclosure
9825| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9826| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9827| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9828| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9829| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9830| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9831| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9832| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9833| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9834| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9835| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9836| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9837| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9838| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9839| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9840| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9841| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9842| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9843| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9844| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9845| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9846| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9847| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9848| [34252] Apache HTTP Server denial of service
9849| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9850| [33877] Apache Opentaps 0.9.3 cross site scripting
9851| [33876] Apache Open For Business Project unknown vulnerability
9852| [33875] Apache Open For Business Project cross site scripting
9853| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9854| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9855|
9856| MITRE CVE - https://cve.mitre.org:
9857| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9858| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9859| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9860| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9861| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9862| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9863| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9864| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9865| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9866| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9867| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9868| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9869| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9870| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9871| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9872| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9873| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9874| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9875| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9876| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9877| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9878| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9879| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9880| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9881| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9882| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9883| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9884| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9885| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9886| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9887| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9888| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9889| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9890| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9891| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9892| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9893| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9894| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9895| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9896| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9897| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9898| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9899| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9900| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9901| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9902| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9903| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9904| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9905| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9906| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9907| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9908| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9909| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9910| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9911| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9912| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9913| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9914| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9915| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9916| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9917| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9918| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9919| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9920| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9921| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9922| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9923| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9924| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9925| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9926| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9927| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9928| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9929| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9930| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9931| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9932| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9933| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9934| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9935| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9936| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9937| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9938| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9939| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9940| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9941| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9942| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9943| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9944| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9945| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9946| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9947| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9948| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9949| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9950| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9951| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9952| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9953| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9954| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9955| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9956| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9957| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9958| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9959| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9960| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9961| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9962| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9963| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9964| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9965| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9966| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9967| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9968| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9969| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9970| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9971| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9972| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9973| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9974| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9975| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9976| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9977| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9978| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9979| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9980| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9981| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9982| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9983| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9984| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9985| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9986| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9987| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9988| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9989| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9990| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9991| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9992| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9993| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9994| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9995| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9996| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9997| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9998| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9999| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10000| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10001| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10002| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10003| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10004| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10005| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10006| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10007| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10008| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10009| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10010| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10011| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10012| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10013| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10014| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10015| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10016| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10017| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10018| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10019| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10020| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10021| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10022| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10023| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10024| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10025| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10026| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10027| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10028| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10029| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10030| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10031| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10032| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10033| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10034| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10035| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10036| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10037| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10038| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10039| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10040| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10041| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10042| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10043| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10044| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10045| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10046| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10047| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10048| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10049| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10050| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10051| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10052| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10053| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10054| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10055| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10056| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10057| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10058| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10059| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10060| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10061| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10062| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10063| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10064| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10065| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10066| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10067| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10068| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10069| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10070| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10071| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10072| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10073| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10074| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10075| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10076| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10077| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10078| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10079| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10080| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10081| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10082| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10083| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10084| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10085| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10086| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10087| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10088| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10089| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10090| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10091| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10092| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10093| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10094| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10095| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10096| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10097| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10098| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10099| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10100| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10101| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10102| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10103| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10104| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10105| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10106| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10107| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10108| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10109| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10110| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10111| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10112| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10113| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10114| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10115| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10116| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10117| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10118| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10119| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10120| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10121| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10122| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10123| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10124| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10125| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10126| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10127| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10128| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10129| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10130| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10131| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10132| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10133| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10134| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10135| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10136| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10137| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10138| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10139| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10140| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10141| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10142| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10143| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10144| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10145| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10146| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10147| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10148| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10149| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10150| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10151| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10152| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10153| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10154| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10155| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10156| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10157| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10158| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10159| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10160| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10161| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10162| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10163| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10164| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10165| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10166| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10167| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10168| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10169| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10170| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10171| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10172| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10173| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10174| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10175| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10176| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10177| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10178| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10179| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10180| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10181| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10182| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10183| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10184| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10185| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10186| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10187| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10188| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10189| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10190| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10191| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10192| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10193| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10194| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10195| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10196| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10197| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10198| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10199| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10200| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10201| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10202| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10203| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10204| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10205| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10206| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10207| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10208| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10209| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10210| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10211| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10212| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10213| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10214| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10215| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10216| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10217| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10218| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10219| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10220| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10221| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10222| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10223| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10224| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10225| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10226| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10227| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10228| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10229| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10230| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10231| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10232| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10233| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10234| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10235| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10236| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10237| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10238| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10239| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10240| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10241| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10242| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10243| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10244| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10245| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10246| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10247| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10248| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10249| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10250| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10251| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10252| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10253| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10254| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10255| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10256| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10257| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10258| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10259| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10260| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10261| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10262| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10263| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10264| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10265| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10266| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10267| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10268| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10269| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10270| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10271| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10272| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10273| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10274| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10275| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10276| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10277| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10278| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10279| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10280| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10281| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10282| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10283| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10284| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10285| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10286| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10287| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10288| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10289| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10290| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10291| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10292| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10293| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10294| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10295| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10296| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10297| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10298| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10299| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10300| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10301| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10302| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10303| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10304| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10305| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10306| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10307| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10308| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10309| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10310| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10311| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10312| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10313| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10314| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10315| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10316| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10317| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10318| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10319| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10320| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10321| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10322| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10323| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10324| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10325| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10326| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10327| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10328| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10329| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10330| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10331| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10332| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10333| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10334| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10335| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10336| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10337| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10338| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10339| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10340| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10341| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10342| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10343| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10344| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10345| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10346| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10347| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10348| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10349| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10350| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10351| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10352| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10353| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10354| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10355| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10356| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10357| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10358| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10359| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10360| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10361| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10362| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10363| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10364| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10365| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10366| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10367| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10368| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10369| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10370| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10371| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10372| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10373| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10374| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10375| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10376| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10377| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10378| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10379| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10380| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10381| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10382| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10383| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10384| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10385| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10386| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10387| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10388| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10389| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10390| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10391| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10392| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10393| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10394| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10395| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10396| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10397| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10398| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10399| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10400| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10401| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10402| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10403| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10404| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10405| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10406| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10407| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10408| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10409| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10410| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10411| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10412| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10413| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10414| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10415| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10416| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10417| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10418| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10419| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10420| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10421| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10422| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10423| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10424| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10425| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10426| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10427| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10428| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10429| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10430| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10431| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10432| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10433| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10434| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10435| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10436| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10437| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10438| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10439| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10440| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10441| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10442| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10443| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10444| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10445| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10446| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10447| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10448| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10449| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10450| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10451| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10452| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10453| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10454| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10455| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10456| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10457| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10458| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10459| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10460| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10461| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10462| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10463| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10464| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10465| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10466|
10467| SecurityFocus - https://www.securityfocus.com/bid/:
10468| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10469| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10470| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10471| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10472| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10473| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10474| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10475| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10476| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10477| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10478| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10479| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10480| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10481| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10482| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10483| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10484| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10485| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10486| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10487| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10488| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10489| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10490| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10491| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10492| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10493| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10494| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10495| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10496| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10497| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10498| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10499| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10500| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10501| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10502| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10503| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10504| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10505| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10506| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10507| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10508| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10509| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10510| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10511| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10512| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10513| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10514| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10515| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10516| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10517| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10518| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10519| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10520| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10521| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10522| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10523| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10524| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10525| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10526| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10527| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10528| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10529| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10530| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10531| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10532| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10533| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10534| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10535| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10536| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10537| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10538| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10539| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10540| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10541| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10542| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10543| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10544| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10545| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10546| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10547| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10548| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10549| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10550| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10551| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10552| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10553| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10554| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10555| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10556| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10557| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10558| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10559| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10560| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10561| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10562| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10563| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10564| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10565| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10566| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10567| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10568| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10569| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10570| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10571| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10572| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10573| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10574| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10575| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10576| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10577| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10578| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10579| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10580| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10581| [100447] Apache2Triad Multiple Security Vulnerabilities
10582| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10583| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10584| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10585| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10586| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10587| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10588| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10589| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10590| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10591| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10592| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10593| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10594| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10595| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10596| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10597| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10598| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10599| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10600| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10601| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10602| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10603| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10604| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10605| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10606| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10607| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10608| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10609| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10610| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10611| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10612| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10613| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10614| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10615| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10616| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10617| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10618| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10619| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10620| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10621| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10622| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10623| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10624| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10625| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10626| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10627| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10628| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10629| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10630| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10631| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10632| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10633| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10634| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10635| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10636| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10637| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10638| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10639| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10640| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10641| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10642| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10643| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10644| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10645| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10646| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10647| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10648| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10649| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10650| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10651| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10652| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10653| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10654| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10655| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10656| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10657| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10658| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10659| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10660| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10661| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10662| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10663| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10664| [95675] Apache Struts Remote Code Execution Vulnerability
10665| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10666| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10667| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10668| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10669| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10670| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10671| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10672| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10673| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10674| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10675| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10676| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10677| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10678| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10679| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10680| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10681| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10682| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10683| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10684| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10685| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10686| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10687| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10688| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10689| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10690| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10691| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10692| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10693| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10694| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10695| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10696| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10697| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10698| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10699| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10700| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10701| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10702| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10703| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10704| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10705| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10706| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10707| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10708| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10709| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10710| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10711| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10712| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10713| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10714| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10715| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10716| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10717| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10718| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10719| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10720| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10721| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10722| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10723| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10724| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10725| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10726| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10727| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10728| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10729| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10730| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10731| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10732| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10733| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10734| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10735| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10736| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10737| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10738| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10739| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10740| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10741| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10742| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10743| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10744| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10745| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10746| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10747| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10748| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10749| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10750| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10751| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10752| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10753| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10754| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10755| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10756| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10757| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10758| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10759| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10760| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10761| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10762| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10763| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10764| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10765| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10766| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10767| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10768| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10769| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10770| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10771| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10772| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10773| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10774| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10775| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10776| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10777| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10778| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10779| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10780| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10781| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10782| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10783| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10784| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10785| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10786| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10787| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10788| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10789| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10790| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10791| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10792| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10793| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10794| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10795| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10796| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10797| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10798| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10799| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10800| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10801| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10802| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10803| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10804| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10805| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10806| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10807| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10808| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10809| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10810| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10811| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10812| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10813| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10814| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10815| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10816| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10817| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10818| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10819| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10820| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10821| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10822| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10823| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10824| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10825| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10826| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10827| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10828| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10829| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10830| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10831| [76933] Apache James Server Unspecified Command Execution Vulnerability
10832| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10833| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10834| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10835| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10836| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10837| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10838| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10839| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10840| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10841| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10842| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10843| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10844| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10845| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10846| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10847| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10848| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10849| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10850| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10851| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10852| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10853| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10854| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10855| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10856| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10857| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10858| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10859| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10860| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10861| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10862| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10863| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10864| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10865| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10866| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10867| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10868| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10869| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10870| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10871| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10872| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10873| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10874| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10875| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10876| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10877| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10878| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10879| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10880| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10881| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10882| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10883| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10884| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10885| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10886| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10887| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10888| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10889| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10890| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10891| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10892| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10893| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10894| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10895| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10896| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10897| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10898| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10899| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10900| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10901| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10902| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10903| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10904| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10905| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10906| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10907| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10908| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10909| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10910| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10911| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10912| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10913| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10914| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10915| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10916| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10917| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10918| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10919| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10920| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10921| [68229] Apache Harmony PRNG Entropy Weakness
10922| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10923| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10924| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10925| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10926| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10927| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10928| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10929| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10930| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10931| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10932| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10933| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10934| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10935| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10936| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10937| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10938| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10939| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10940| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10941| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10942| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10943| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10944| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10945| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10946| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10947| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10948| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10949| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10950| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10951| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10952| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10953| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10954| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10955| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10956| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10957| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10958| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10959| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10960| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10961| [64780] Apache CloudStack Unauthorized Access Vulnerability
10962| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10963| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10964| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10965| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10966| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10967| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10968| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10969| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10970| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10971| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10972| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10973| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10974| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10975| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10976| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10977| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10978| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10979| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10980| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10981| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10982| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10983| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10984| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10985| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10986| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10987| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10988| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10989| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10990| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10991| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10992| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10993| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10994| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10995| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10996| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10997| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10998| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10999| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11000| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11001| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11002| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11003| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11004| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11005| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11006| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11007| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11008| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11009| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11010| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11011| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11012| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11013| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11014| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11015| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11016| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11017| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11018| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11019| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11020| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11021| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11022| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11023| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11024| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11025| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11026| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11027| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11028| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11029| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11030| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11031| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11032| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11033| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11034| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11035| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11036| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11037| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11038| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11039| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11040| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11041| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11042| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11043| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11044| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11045| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11046| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11047| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11048| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11049| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11050| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11051| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11052| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11053| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11054| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11055| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11056| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11057| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11058| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11059| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11060| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11061| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11062| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11063| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11064| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11065| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11066| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11067| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11068| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11069| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11070| [54798] Apache Libcloud Man In The Middle Vulnerability
11071| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11072| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11073| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11074| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11075| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11076| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11077| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11078| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11079| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11080| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11081| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11082| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11083| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11084| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11085| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11086| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11087| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11088| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11089| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11090| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11091| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11092| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11093| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11094| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11095| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11096| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11097| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11098| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11099| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11100| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11101| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11102| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11103| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11104| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11105| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11106| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11107| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11108| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11109| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11110| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11111| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11112| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11113| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11114| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11115| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11116| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11117| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11118| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11119| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11120| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11121| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11122| [49290] Apache Wicket Cross Site Scripting Vulnerability
11123| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11124| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11125| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11126| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11127| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11128| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11129| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11130| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11131| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11132| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11133| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11134| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11135| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11136| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11137| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11138| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11139| [46953] Apache MPM-ITK Module Security Weakness
11140| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11141| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11142| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11143| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11144| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11145| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11146| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11147| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11148| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11149| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11150| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11151| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11152| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11153| [44616] Apache Shiro Directory Traversal Vulnerability
11154| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11155| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11156| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11157| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11158| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11159| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11160| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11161| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11162| [42492] Apache CXF XML DTD Processing Security Vulnerability
11163| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11164| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11165| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11166| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11167| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11168| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11169| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11170| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11171| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11172| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11173| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11174| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11175| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11176| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11177| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11178| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11179| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11180| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11181| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11182| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11183| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11184| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11185| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11186| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11187| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11188| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11189| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11190| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11191| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11192| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11193| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11194| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11195| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11196| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11197| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11198| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11199| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11200| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11201| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11202| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11203| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11204| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11205| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11206| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11207| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11208| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11209| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11210| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11211| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11212| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11213| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11214| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11215| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11216| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11217| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11218| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11219| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11220| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11221| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11222| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11223| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11224| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11225| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11226| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11227| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11228| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11229| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11230| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11231| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11232| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11233| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11234| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11235| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11236| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11237| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11238| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11239| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11240| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11241| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11242| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11243| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11244| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11245| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11246| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11247| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11248| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11249| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11250| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11251| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11252| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11253| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11254| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11255| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11256| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11257| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11258| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11259| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11260| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11261| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11262| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11263| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11264| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11265| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11266| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11267| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11268| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11269| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11270| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11271| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11272| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11273| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11274| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11275| [20527] Apache Mod_TCL Remote Format String Vulnerability
11276| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11277| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11278| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11279| [19106] Apache Tomcat Information Disclosure Vulnerability
11280| [18138] Apache James SMTP Denial Of Service Vulnerability
11281| [17342] Apache Struts Multiple Remote Vulnerabilities
11282| [17095] Apache Log4Net Denial Of Service Vulnerability
11283| [16916] Apache mod_python FileSession Code Execution Vulnerability
11284| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11285| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11286| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11287| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11288| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11289| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11290| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11291| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11292| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11293| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11294| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11295| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11296| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11297| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11298| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11299| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11300| [14106] Apache HTTP Request Smuggling Vulnerability
11301| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11302| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11303| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11304| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11305| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11306| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11307| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11308| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11309| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11310| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11311| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11312| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11313| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11314| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11315| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11316| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11317| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11318| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11319| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11320| [11094] Apache mod_ssl Denial Of Service Vulnerability
11321| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11322| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11323| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11324| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11325| [10478] ClueCentral Apache Suexec Patch Security Weakness
11326| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11327| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11328| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11329| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11330| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11331| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11332| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11333| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11334| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11335| [9733] Apache Cygwin Directory Traversal Vulnerability
11336| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11337| [9590] Apache-SSL Client Certificate Forging Vulnerability
11338| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11339| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11340| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11341| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11342| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11343| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11344| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11345| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11346| [8898] Red Hat Apache Directory Index Default Configuration Error
11347| [8883] Apache Cocoon Directory Traversal Vulnerability
11348| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11349| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11350| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11351| [8707] Apache htpasswd Password Entropy Weakness
11352| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11353| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11354| [8226] Apache HTTP Server Multiple Vulnerabilities
11355| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11356| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11357| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11358| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11359| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11360| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11361| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11362| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11363| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11364| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11365| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11366| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11367| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11368| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11369| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11370| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11371| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11372| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11373| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11374| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11375| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11376| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11377| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11378| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11379| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11380| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11381| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11382| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11383| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11384| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11385| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11386| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11387| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11388| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11389| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11390| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11391| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11392| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11393| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11394| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11395| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11396| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11397| [5485] Apache 2.0 Path Disclosure Vulnerability
11398| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11399| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11400| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11401| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11402| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11403| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11404| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11405| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11406| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11407| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11408| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11409| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11410| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11411| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11412| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11413| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11414| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11415| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11416| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11417| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11418| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11419| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11420| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11421| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11422| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11423| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11424| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11425| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11426| [3596] Apache Split-Logfile File Append Vulnerability
11427| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11428| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11429| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11430| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11431| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11432| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11433| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11434| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11435| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11436| [3169] Apache Server Address Disclosure Vulnerability
11437| [3009] Apache Possible Directory Index Disclosure Vulnerability
11438| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11439| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11440| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11441| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11442| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11443| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11444| [2216] Apache Web Server DoS Vulnerability
11445| [2182] Apache /tmp File Race Vulnerability
11446| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11447| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11448| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11449| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11450| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11451| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11452| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11453| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11454| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11455| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11456| [1457] Apache::ASP source.asp Example Script Vulnerability
11457| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11458| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11459|
11460| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11461| [86258] Apache CloudStack text fields cross-site scripting
11462| [85983] Apache Subversion mod_dav_svn module denial of service
11463| [85875] Apache OFBiz UEL code execution
11464| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11465| [85871] Apache HTTP Server mod_session_dbd unspecified
11466| [85756] Apache Struts OGNL expression command execution
11467| [85755] Apache Struts DefaultActionMapper class open redirect
11468| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11469| [85574] Apache HTTP Server mod_dav denial of service
11470| [85573] Apache Struts Showcase App OGNL code execution
11471| [85496] Apache CXF denial of service
11472| [85423] Apache Geronimo RMI classloader code execution
11473| [85326] Apache Santuario XML Security for C++ buffer overflow
11474| [85323] Apache Santuario XML Security for Java spoofing
11475| [85319] Apache Qpid Python client SSL spoofing
11476| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11477| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11478| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11479| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11480| [84952] Apache Tomcat CVE-2012-3544 denial of service
11481| [84763] Apache Struts CVE-2013-2135 security bypass
11482| [84762] Apache Struts CVE-2013-2134 security bypass
11483| [84719] Apache Subversion CVE-2013-2088 command execution
11484| [84718] Apache Subversion CVE-2013-2112 denial of service
11485| [84717] Apache Subversion CVE-2013-1968 denial of service
11486| [84577] Apache Tomcat security bypass
11487| [84576] Apache Tomcat symlink
11488| [84543] Apache Struts CVE-2013-2115 security bypass
11489| [84542] Apache Struts CVE-2013-1966 security bypass
11490| [84154] Apache Tomcat session hijacking
11491| [84144] Apache Tomcat denial of service
11492| [84143] Apache Tomcat information disclosure
11493| [84111] Apache HTTP Server command execution
11494| [84043] Apache Virtual Computing Lab cross-site scripting
11495| [84042] Apache Virtual Computing Lab cross-site scripting
11496| [83782] Apache CloudStack information disclosure
11497| [83781] Apache CloudStack security bypass
11498| [83720] Apache ActiveMQ cross-site scripting
11499| [83719] Apache ActiveMQ denial of service
11500| [83718] Apache ActiveMQ denial of service
11501| [83263] Apache Subversion denial of service
11502| [83262] Apache Subversion denial of service
11503| [83261] Apache Subversion denial of service
11504| [83259] Apache Subversion denial of service
11505| [83035] Apache mod_ruid2 security bypass
11506| [82852] Apache Qpid federation_tag security bypass
11507| [82851] Apache Qpid qpid::framing::Buffer denial of service
11508| [82758] Apache Rave User RPC API information disclosure
11509| [82663] Apache Subversion svn_fs_file_length() denial of service
11510| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11511| [82641] Apache Qpid AMQP denial of service
11512| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11513| [82618] Apache Commons FileUpload symlink
11514| [82360] Apache HTTP Server manager interface cross-site scripting
11515| [82359] Apache HTTP Server hostnames cross-site scripting
11516| [82338] Apache Tomcat log/logdir information disclosure
11517| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11518| [82268] Apache OpenJPA deserialization command execution
11519| [81981] Apache CXF UsernameTokens security bypass
11520| [81980] Apache CXF WS-Security security bypass
11521| [81398] Apache OFBiz cross-site scripting
11522| [81240] Apache CouchDB directory traversal
11523| [81226] Apache CouchDB JSONP code execution
11524| [81225] Apache CouchDB Futon user interface cross-site scripting
11525| [81211] Apache Axis2/C SSL spoofing
11526| [81167] Apache CloudStack DeployVM information disclosure
11527| [81166] Apache CloudStack AddHost API information disclosure
11528| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11529| [80518] Apache Tomcat cross-site request forgery security bypass
11530| [80517] Apache Tomcat FormAuthenticator security bypass
11531| [80516] Apache Tomcat NIO denial of service
11532| [80408] Apache Tomcat replay-countermeasure security bypass
11533| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11534| [80317] Apache Tomcat slowloris denial of service
11535| [79984] Apache Commons HttpClient SSL spoofing
11536| [79983] Apache CXF SSL spoofing
11537| [79830] Apache Axis2/Java SSL spoofing
11538| [79829] Apache Axis SSL spoofing
11539| [79809] Apache Tomcat DIGEST security bypass
11540| [79806] Apache Tomcat parseHeaders() denial of service
11541| [79540] Apache OFBiz unspecified
11542| [79487] Apache Axis2 SAML security bypass
11543| [79212] Apache Cloudstack code execution
11544| [78734] Apache CXF SOAP Action security bypass
11545| [78730] Apache Qpid broker denial of service
11546| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11547| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11548| [78562] Apache mod_pagespeed module security bypass
11549| [78454] Apache Axis2 security bypass
11550| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11551| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11552| [78321] Apache Wicket unspecified cross-site scripting
11553| [78183] Apache Struts parameters denial of service
11554| [78182] Apache Struts cross-site request forgery
11555| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11556| [77987] mod_rpaf module for Apache denial of service
11557| [77958] Apache Struts skill name code execution
11558| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11559| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11560| [77568] Apache Qpid broker security bypass
11561| [77421] Apache Libcloud spoofing
11562| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11563| [77046] Oracle Solaris Apache HTTP Server information disclosure
11564| [76837] Apache Hadoop information disclosure
11565| [76802] Apache Sling CopyFrom denial of service
11566| [76692] Apache Hadoop symlink
11567| [76535] Apache Roller console cross-site request forgery
11568| [76534] Apache Roller weblog cross-site scripting
11569| [76152] Apache CXF elements security bypass
11570| [76151] Apache CXF child policies security bypass
11571| [75983] MapServer for Windows Apache file include
11572| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11573| [75558] Apache POI denial of service
11574| [75545] PHP apache_request_headers() buffer overflow
11575| [75302] Apache Qpid SASL security bypass
11576| [75211] Debian GNU/Linux apache 2 cross-site scripting
11577| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11578| [74871] Apache OFBiz FlexibleStringExpander code execution
11579| [74870] Apache OFBiz multiple cross-site scripting
11580| [74750] Apache Hadoop unspecified spoofing
11581| [74319] Apache Struts XSLTResult.java file upload
11582| [74313] Apache Traffic Server header buffer overflow
11583| [74276] Apache Wicket directory traversal
11584| [74273] Apache Wicket unspecified cross-site scripting
11585| [74181] Apache HTTP Server mod_fcgid module denial of service
11586| [73690] Apache Struts OGNL code execution
11587| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11588| [73100] Apache MyFaces in directory traversal
11589| [73096] Apache APR hash denial of service
11590| [73052] Apache Struts name cross-site scripting
11591| [73030] Apache CXF UsernameToken security bypass
11592| [72888] Apache Struts lastName cross-site scripting
11593| [72758] Apache HTTP Server httpOnly information disclosure
11594| [72757] Apache HTTP Server MPM denial of service
11595| [72585] Apache Struts ParameterInterceptor security bypass
11596| [72438] Apache Tomcat Digest security bypass
11597| [72437] Apache Tomcat Digest security bypass
11598| [72436] Apache Tomcat DIGEST security bypass
11599| [72425] Apache Tomcat parameter denial of service
11600| [72422] Apache Tomcat request object information disclosure
11601| [72377] Apache HTTP Server scoreboard security bypass
11602| [72345] Apache HTTP Server HTTP request denial of service
11603| [72229] Apache Struts ExceptionDelegator command execution
11604| [72089] Apache Struts ParameterInterceptor directory traversal
11605| [72088] Apache Struts CookieInterceptor command execution
11606| [72047] Apache Geronimo hash denial of service
11607| [72016] Apache Tomcat hash denial of service
11608| [71711] Apache Struts OGNL expression code execution
11609| [71654] Apache Struts interfaces security bypass
11610| [71620] Apache ActiveMQ failover denial of service
11611| [71617] Apache HTTP Server mod_proxy module information disclosure
11612| [71508] Apache MyFaces EL security bypass
11613| [71445] Apache HTTP Server mod_proxy security bypass
11614| [71203] Apache Tomcat servlets privilege escalation
11615| [71181] Apache HTTP Server ap_pregsub() denial of service
11616| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11617| [70336] Apache HTTP Server mod_proxy information disclosure
11618| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11619| [69472] Apache Tomcat AJP security bypass
11620| [69396] Apache HTTP Server ByteRange filter denial of service
11621| [69394] Apache Wicket multi window support cross-site scripting
11622| [69176] Apache Tomcat XML information disclosure
11623| [69161] Apache Tomcat jsvc information disclosure
11624| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11625| [68541] Apache Tomcat sendfile information disclosure
11626| [68420] Apache XML Security denial of service
11627| [68238] Apache Tomcat JMX information disclosure
11628| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11629| [67804] Apache Subversion control rules information disclosure
11630| [67803] Apache Subversion control rules denial of service
11631| [67802] Apache Subversion baselined denial of service
11632| [67672] Apache Archiva multiple cross-site scripting
11633| [67671] Apache Archiva multiple cross-site request forgery
11634| [67564] Apache APR apr_fnmatch() denial of service
11635| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11636| [67515] Apache Tomcat annotations security bypass
11637| [67480] Apache Struts s:submit information disclosure
11638| [67414] Apache APR apr_fnmatch() denial of service
11639| [67356] Apache Struts javatemplates cross-site scripting
11640| [67354] Apache Struts Xwork cross-site scripting
11641| [66676] Apache Tomcat HTTP BIO information disclosure
11642| [66675] Apache Tomcat web.xml security bypass
11643| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11644| [66241] Apache HttpComponents information disclosure
11645| [66154] Apache Tomcat ServletSecurity security bypass
11646| [65971] Apache Tomcat ServletSecurity security bypass
11647| [65876] Apache Subversion mod_dav_svn denial of service
11648| [65343] Apache Continuum unspecified cross-site scripting
11649| [65162] Apache Tomcat NIO connector denial of service
11650| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11651| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11652| [65159] Apache Tomcat ServletContect security bypass
11653| [65050] Apache CouchDB web-based administration UI cross-site scripting
11654| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11655| [64473] Apache Subversion blame -g denial of service
11656| [64472] Apache Subversion walk() denial of service
11657| [64407] Apache Axis2 CVE-2010-0219 code execution
11658| [63926] Apache Archiva password privilege escalation
11659| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11660| [63493] Apache Archiva credentials cross-site request forgery
11661| [63477] Apache Tomcat HttpOnly session hijacking
11662| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11663| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11664| [62959] Apache Shiro filters security bypass
11665| [62790] Apache Perl cgi module denial of service
11666| [62576] Apache Qpid exchange denial of service
11667| [62575] Apache Qpid AMQP denial of service
11668| [62354] Apache Qpid SSL denial of service
11669| [62235] Apache APR-util apr_brigade_split_line() denial of service
11670| [62181] Apache XML-RPC SAX Parser information disclosure
11671| [61721] Apache Traffic Server cache poisoning
11672| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11673| [61186] Apache CouchDB Futon cross-site request forgery
11674| [61169] Apache CXF DTD denial of service
11675| [61070] Apache Jackrabbit search.jsp SQL injection
11676| [61006] Apache SLMS Quoting cross-site request forgery
11677| [60962] Apache Tomcat time cross-site scripting
11678| [60883] Apache mod_proxy_http information disclosure
11679| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11680| [60264] Apache Tomcat Transfer-Encoding denial of service
11681| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11682| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11683| [59413] Apache mod_proxy_http timeout information disclosure
11684| [59058] Apache MyFaces unencrypted view state cross-site scripting
11685| [58827] Apache Axis2 xsd file include
11686| [58790] Apache Axis2 modules cross-site scripting
11687| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11688| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11689| [58056] Apache ActiveMQ .jsp source code disclosure
11690| [58055] Apache Tomcat realm name information disclosure
11691| [58046] Apache HTTP Server mod_auth_shadow security bypass
11692| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11693| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11694| [57429] Apache CouchDB algorithms information disclosure
11695| [57398] Apache ActiveMQ Web console cross-site request forgery
11696| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11697| [56653] Apache HTTP Server DNS spoofing
11698| [56652] Apache HTTP Server DNS cross-site scripting
11699| [56625] Apache HTTP Server request header information disclosure
11700| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11701| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11702| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11703| [55857] Apache Tomcat WAR files directory traversal
11704| [55856] Apache Tomcat autoDeploy attribute security bypass
11705| [55855] Apache Tomcat WAR directory traversal
11706| [55210] Intuit component for Joomla! Apache information disclosure
11707| [54533] Apache Tomcat 404 error page cross-site scripting
11708| [54182] Apache Tomcat admin default password
11709| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11710| [53666] Apache HTTP Server Solaris pollset support denial of service
11711| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11712| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11713| [53041] mod_proxy_ftp module for Apache denial of service
11714| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11715| [51953] Apache Tomcat Path Disclosure
11716| [51952] Apache Tomcat Path Traversal
11717| [51951] Apache stronghold-status Information Disclosure
11718| [51950] Apache stronghold-info Information Disclosure
11719| [51949] Apache PHP Source Code Disclosure
11720| [51948] Apache Multiviews Attack
11721| [51946] Apache JServ Environment Status Information Disclosure
11722| [51945] Apache error_log Information Disclosure
11723| [51944] Apache Default Installation Page Pattern Found
11724| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11725| [51942] Apache AXIS XML External Entity File Retrieval
11726| [51941] Apache AXIS Sample Servlet Information Leak
11727| [51940] Apache access_log Information Disclosure
11728| [51626] Apache mod_deflate denial of service
11729| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11730| [51365] Apache Tomcat RequestDispatcher security bypass
11731| [51273] Apache HTTP Server Incomplete Request denial of service
11732| [51195] Apache Tomcat XML information disclosure
11733| [50994] Apache APR-util xml/apr_xml.c denial of service
11734| [50993] Apache APR-util apr_brigade_vprintf denial of service
11735| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11736| [50930] Apache Tomcat j_security_check information disclosure
11737| [50928] Apache Tomcat AJP denial of service
11738| [50884] Apache HTTP Server XML ENTITY denial of service
11739| [50808] Apache HTTP Server AllowOverride privilege escalation
11740| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11741| [50059] Apache mod_proxy_ajp information disclosure
11742| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11743| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11744| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11745| [49921] Apache ActiveMQ Web interface cross-site scripting
11746| [49898] Apache Geronimo Services/Repository directory traversal
11747| [49725] Apache Tomcat mod_jk module information disclosure
11748| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11749| [49712] Apache Struts unspecified cross-site scripting
11750| [49213] Apache Tomcat cal2.jsp cross-site scripting
11751| [48934] Apache Tomcat POST doRead method information disclosure
11752| [48211] Apache Tomcat header HTTP request smuggling
11753| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11754| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11755| [47709] Apache Roller "
11756| [47104] Novell Netware ApacheAdmin console security bypass
11757| [47086] Apache HTTP Server OS fingerprinting unspecified
11758| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11759| [45791] Apache Tomcat RemoteFilterValve security bypass
11760| [44435] Oracle WebLogic Apache Connector buffer overflow
11761| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11762| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11763| [44156] Apache Tomcat RequestDispatcher directory traversal
11764| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11765| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11766| [42987] Apache HTTP Server mod_proxy module denial of service
11767| [42915] Apache Tomcat JSP files path disclosure
11768| [42914] Apache Tomcat MS-DOS path disclosure
11769| [42892] Apache Tomcat unspecified unauthorized access
11770| [42816] Apache Tomcat Host Manager cross-site scripting
11771| [42303] Apache 403 error cross-site scripting
11772| [41618] Apache-SSL ExpandCert() authentication bypass
11773| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11774| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11775| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11776| [40562] Apache Geronimo init information disclosure
11777| [40478] Novell Web Manager webadmin-apache.conf security bypass
11778| [40411] Apache Tomcat exception handling information disclosure
11779| [40409] Apache Tomcat native (APR based) connector weak security
11780| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11781| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11782| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11783| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11784| [39804] Apache Tomcat SingleSignOn information disclosure
11785| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11786| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11787| [39608] Apache HTTP Server balancer manager cross-site request forgery
11788| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11789| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11790| [39472] Apache HTTP Server mod_status cross-site scripting
11791| [39201] Apache Tomcat JULI logging weak security
11792| [39158] Apache HTTP Server Windows SMB shares information disclosure
11793| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11794| [38951] Apache::AuthCAS Perl module cookie SQL injection
11795| [38800] Apache HTTP Server 413 error page cross-site scripting
11796| [38211] Apache Geronimo SQLLoginModule authentication bypass
11797| [37243] Apache Tomcat WebDAV directory traversal
11798| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11799| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11800| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11801| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11802| [36782] Apache Geronimo MEJB unauthorized access
11803| [36586] Apache HTTP Server UTF-7 cross-site scripting
11804| [36468] Apache Geronimo LoginModule security bypass
11805| [36467] Apache Tomcat functions.jsp cross-site scripting
11806| [36402] Apache Tomcat calendar cross-site request forgery
11807| [36354] Apache HTTP Server mod_proxy module denial of service
11808| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11809| [36336] Apache Derby lock table privilege escalation
11810| [36335] Apache Derby schema privilege escalation
11811| [36006] Apache Tomcat "
11812| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11813| [35999] Apache Tomcat \"
11814| [35795] Apache Tomcat CookieExample cross-site scripting
11815| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11816| [35384] Apache HTTP Server mod_cache module denial of service
11817| [35097] Apache HTTP Server mod_status module cross-site scripting
11818| [35095] Apache HTTP Server Prefork MPM module denial of service
11819| [34984] Apache HTTP Server recall_headers information disclosure
11820| [34966] Apache HTTP Server MPM content spoofing
11821| [34965] Apache HTTP Server MPM information disclosure
11822| [34963] Apache HTTP Server MPM multiple denial of service
11823| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11824| [34869] Apache Tomcat JSP example Web application cross-site scripting
11825| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11826| [34496] Apache Tomcat JK Connector security bypass
11827| [34377] Apache Tomcat hello.jsp cross-site scripting
11828| [34212] Apache Tomcat SSL configuration security bypass
11829| [34210] Apache Tomcat Accept-Language cross-site scripting
11830| [34209] Apache Tomcat calendar application cross-site scripting
11831| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11832| [34167] Apache Axis WSDL file path disclosure
11833| [34068] Apache Tomcat AJP connector information disclosure
11834| [33584] Apache HTTP Server suEXEC privilege escalation
11835| [32988] Apache Tomcat proxy module directory traversal
11836| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11837| [32708] Debian Apache tty privilege escalation
11838| [32441] ApacheStats extract() PHP call unspecified
11839| [32128] Apache Tomcat default account
11840| [31680] Apache Tomcat RequestParamExample cross-site scripting
11841| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11842| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11843| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11844| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11845| [29550] Apache mod_tcl set_var() format string
11846| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11847| [28357] Apache HTTP Server mod_alias script source information disclosure
11848| [28063] Apache mod_rewrite off-by-one buffer overflow
11849| [27902] Apache Tomcat URL information disclosure
11850| [26786] Apache James SMTP server denial of service
11851| [25680] libapache2 /tmp/svn file upload
11852| [25614] Apache Struts lookupMap cross-site scripting
11853| [25613] Apache Struts ActionForm denial of service
11854| [25612] Apache Struts isCancelled() security bypass
11855| [24965] Apache mod_python FileSession command execution
11856| [24716] Apache James spooler memory leak denial of service
11857| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11858| [24158] Apache Geronimo jsp-examples cross-site scripting
11859| [24030] Apache auth_ldap module multiple format strings
11860| [24008] Apache mod_ssl custom error message denial of service
11861| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11862| [23612] Apache mod_imap referer field cross-site scripting
11863| [23173] Apache Struts error message cross-site scripting
11864| [22942] Apache Tomcat directory listing denial of service
11865| [22858] Apache Multi-Processing Module code allows denial of service
11866| [22602] RHSA-2005:582 updates for Apache httpd not installed
11867| [22520] Apache mod-auth-shadow "
11868| [22466] ApacheTop symlink
11869| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11870| [22006] Apache HTTP Server byte-range filter denial of service
11871| [21567] Apache mod_ssl off-by-one buffer overflow
11872| [21195] Apache HTTP Server header HTTP request smuggling
11873| [20383] Apache HTTP Server htdigest buffer overflow
11874| [19681] Apache Tomcat AJP12 request denial of service
11875| [18993] Apache HTTP server check_forensic symlink attack
11876| [18790] Apache Tomcat Manager cross-site scripting
11877| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11878| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11879| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11880| [17961] Apache Web server ServerTokens has not been set
11881| [17930] Apache HTTP Server HTTP GET request denial of service
11882| [17785] Apache mod_include module buffer overflow
11883| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11884| [17473] Apache HTTP Server Satisfy directive allows access to resources
11885| [17413] Apache htpasswd buffer overflow
11886| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11887| [17382] Apache HTTP Server IPv6 apr_util denial of service
11888| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11889| [17273] Apache HTTP Server speculative mode denial of service
11890| [17200] Apache HTTP Server mod_ssl denial of service
11891| [16890] Apache HTTP Server server-info request has been detected
11892| [16889] Apache HTTP Server server-status request has been detected
11893| [16705] Apache mod_ssl format string attack
11894| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11895| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11896| [16230] Apache HTTP Server PHP denial of service
11897| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11898| [15958] Apache HTTP Server authentication modules memory corruption
11899| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11900| [15540] Apache HTTP Server socket starvation denial of service
11901| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11902| [15422] Apache HTTP Server mod_access information disclosure
11903| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11904| [15293] Apache for Cygwin "
11905| [15065] Apache-SSL has a default password
11906| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11907| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11908| [14751] Apache Mod_python output filter information disclosure
11909| [14125] Apache HTTP Server mod_userdir module information disclosure
11910| [14075] Apache HTTP Server mod_php file descriptor leak
11911| [13703] Apache HTTP Server account
11912| [13689] Apache HTTP Server configuration allows symlinks
11913| [13688] Apache HTTP Server configuration allows SSI
11914| [13687] Apache HTTP Server Server: header value
11915| [13685] Apache HTTP Server ServerTokens value
11916| [13684] Apache HTTP Server ServerSignature value
11917| [13672] Apache HTTP Server config allows directory autoindexing
11918| [13671] Apache HTTP Server default content
11919| [13670] Apache HTTP Server config file directive references outside content root
11920| [13668] Apache HTTP Server httpd not running in chroot environment
11921| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11922| [13664] Apache HTTP Server config file contains ScriptAlias entry
11923| [13663] Apache HTTP Server CGI support modules loaded
11924| [13661] Apache HTTP Server config file contains AddHandler entry
11925| [13660] Apache HTTP Server 500 error page not CGI script
11926| [13659] Apache HTTP Server 413 error page not CGI script
11927| [13658] Apache HTTP Server 403 error page not CGI script
11928| [13657] Apache HTTP Server 401 error page not CGI script
11929| [13552] Apache HTTP Server mod_cgid module information disclosure
11930| [13550] Apache GET request directory traversal
11931| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11932| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11933| [13429] Apache Tomcat non-HTTP request denial of service
11934| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11935| [13295] Apache weak password encryption
11936| [13254] Apache Tomcat .jsp cross-site scripting
11937| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11938| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11939| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11940| [12662] Apache HTTP Server rotatelogs denial of service
11941| [12554] Apache Tomcat stores password in plain text
11942| [12553] Apache HTTP Server redirects and subrequests denial of service
11943| [12552] Apache HTTP Server FTP proxy server denial of service
11944| [12551] Apache HTTP Server prefork MPM denial of service
11945| [12550] Apache HTTP Server weaker than expected encryption
11946| [12549] Apache HTTP Server type-map file denial of service
11947| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11948| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11949| [12091] Apache HTTP Server apr_password_validate denial of service
11950| [12090] Apache HTTP Server apr_psprintf code execution
11951| [11804] Apache HTTP Server mod_access_referer denial of service
11952| [11750] Apache HTTP Server could leak sensitive file descriptors
11953| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11954| [11703] Apache long slash path allows directory listing
11955| [11695] Apache HTTP Server LF (Line Feed) denial of service
11956| [11694] Apache HTTP Server filestat.c denial of service
11957| [11438] Apache HTTP Server MIME message boundaries information disclosure
11958| [11412] Apache HTTP Server error log terminal escape sequence injection
11959| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11960| [11195] Apache Tomcat web.xml could be used to read files
11961| [11194] Apache Tomcat URL appended with a null character could list directories
11962| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11963| [11126] Apache HTTP Server illegal character file disclosure
11964| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11965| [11124] Apache HTTP Server DOS device name denial of service
11966| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11967| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11968| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11969| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11970| [10499] Apache HTTP Server WebDAV HTTP POST view source
11971| [10457] Apache HTTP Server mod_ssl "
11972| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11973| [10414] Apache HTTP Server htdigest multiple buffer overflows
11974| [10413] Apache HTTP Server htdigest temporary file race condition
11975| [10412] Apache HTTP Server htpasswd temporary file race condition
11976| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11977| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11978| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11979| [10280] Apache HTTP Server shared memory scorecard overwrite
11980| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11981| [10241] Apache HTTP Server Host: header cross-site scripting
11982| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11983| [10208] Apache HTTP Server mod_dav denial of service
11984| [10206] HP VVOS Apache mod_ssl denial of service
11985| [10200] Apache HTTP Server stderr denial of service
11986| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11987| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11988| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11989| [10098] Slapper worm targets OpenSSL/Apache systems
11990| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11991| [9875] Apache HTTP Server .var file request could disclose installation path
11992| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11993| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11994| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11995| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11996| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11997| [9396] Apache Tomcat null character to threads denial of service
11998| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11999| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12000| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12001| [8932] Apache Tomcat example class information disclosure
12002| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12003| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12004| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12005| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12006| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12007| [8400] Apache HTTP Server mod_frontpage buffer overflows
12008| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12009| [8308] Apache "
12010| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12011| [8119] Apache and PHP OPTIONS request reveals "
12012| [8054] Apache is running on the system
12013| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12014| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12015| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12016| [7836] Apache HTTP Server log directory denial of service
12017| [7815] Apache for Windows "
12018| [7810] Apache HTTP request could result in unexpected behavior
12019| [7599] Apache Tomcat reveals installation path
12020| [7494] Apache "
12021| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12022| [7363] Apache Web Server hidden HTTP requests
12023| [7249] Apache mod_proxy denial of service
12024| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12025| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12026| [7059] Apache "
12027| [7057] Apache "
12028| [7056] Apache "
12029| [7055] Apache "
12030| [7054] Apache "
12031| [6997] Apache Jakarta Tomcat error message may reveal information
12032| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12033| [6970] Apache crafted HTTP request could reveal the internal IP address
12034| [6921] Apache long slash path allows directory listing
12035| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12036| [6527] Apache Web Server for Windows and OS2 denial of service
12037| [6316] Apache Jakarta Tomcat may reveal JSP source code
12038| [6305] Apache Jakarta Tomcat directory traversal
12039| [5926] Linux Apache symbolic link
12040| [5659] Apache Web server discloses files when used with php script
12041| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12042| [5204] Apache WebDAV directory listings
12043| [5197] Apache Web server reveals CGI script source code
12044| [5160] Apache Jakarta Tomcat default installation
12045| [5099] Trustix Secure Linux installs Apache with world writable access
12046| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12047| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12048| [4931] Apache source.asp example file allows users to write to files
12049| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12050| [4205] Apache Jakarta Tomcat delivers file contents
12051| [2084] Apache on Debian by default serves the /usr/doc directory
12052| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12053| [697] Apache HTTP server beck exploit
12054| [331] Apache cookies buffer overflow
12055|
12056| Exploit-DB - https://www.exploit-db.com:
12057| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12058| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12059| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12060| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12061| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12062| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12063| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12064| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12065| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12066| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12067| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12068| [29859] Apache Roller OGNL Injection
12069| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12070| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12071| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12072| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12073| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12074| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12075| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12076| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12077| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12078| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12079| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12080| [27096] Apache Geronimo 1.0 Error Page XSS
12081| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12082| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12083| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12084| [25986] Plesk Apache Zeroday Remote Exploit
12085| [25980] Apache Struts includeParams Remote Code Execution
12086| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12087| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12088| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12089| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12090| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12091| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12092| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12093| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12094| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12095| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12096| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12097| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12098| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12099| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12100| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12101| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12102| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12103| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12104| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12105| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12106| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12107| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12108| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12109| [21719] Apache 2.0 Path Disclosure Vulnerability
12110| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12111| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12112| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12113| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12114| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12115| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12116| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12117| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12118| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12119| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12120| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12121| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12122| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12123| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12124| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12125| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12126| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12127| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12128| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12129| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12130| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12131| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12132| [20558] Apache 1.2 Web Server DoS Vulnerability
12133| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12134| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12135| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12136| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12137| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12138| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12139| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12140| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12141| [19231] PHP apache_request_headers Function Buffer Overflow
12142| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12143| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12144| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12145| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12146| [18442] Apache httpOnly Cookie Disclosure
12147| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12148| [18221] Apache HTTP Server Denial of Service
12149| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12150| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12151| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12152| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12153| [16782] Apache Win32 Chunked Encoding
12154| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12155| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12156| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12157| [15319] Apache 2.2 (Windows) Local Denial of Service
12158| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12159| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12160| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12161| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12162| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12163| [12330] Apache OFBiz - Multiple XSS
12164| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12165| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12166| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12167| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12168| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12169| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12170| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12171| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12172| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12173| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12174| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12175| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12176| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12177| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12178| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12179| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12180| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12181| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12182| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12183| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12184| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12185| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12186| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12187| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12188| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12189| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12190| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12191| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12192| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12193| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12194| [466] htpasswd Apache 1.3.31 - Local Exploit
12195| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12196| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12197| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12198| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12199| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12200| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12201| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12202| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12203| [9] Apache HTTP Server 2.x Memory Leak Exploit
12204|
12205| OpenVAS (Nessus) - http://www.openvas.org:
12206| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12207| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12208| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12209| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12210| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12211| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12212| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12213| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12214| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12215| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12216| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12217| [900571] Apache APR-Utils Version Detection
12218| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12219| [900496] Apache Tiles Multiple XSS Vulnerability
12220| [900493] Apache Tiles Version Detection
12221| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12222| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12223| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12224| [870175] RedHat Update for apache RHSA-2008:0004-01
12225| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12226| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12227| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12228| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12229| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12230| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12231| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12232| [855821] Solaris Update for Apache 1.3 122912-19
12233| [855812] Solaris Update for Apache 1.3 122911-19
12234| [855737] Solaris Update for Apache 1.3 122911-17
12235| [855731] Solaris Update for Apache 1.3 122912-17
12236| [855695] Solaris Update for Apache 1.3 122911-16
12237| [855645] Solaris Update for Apache 1.3 122912-16
12238| [855587] Solaris Update for kernel update and Apache 108529-29
12239| [855566] Solaris Update for Apache 116973-07
12240| [855531] Solaris Update for Apache 116974-07
12241| [855524] Solaris Update for Apache 2 120544-14
12242| [855494] Solaris Update for Apache 1.3 122911-15
12243| [855478] Solaris Update for Apache Security 114145-11
12244| [855472] Solaris Update for Apache Security 113146-12
12245| [855179] Solaris Update for Apache 1.3 122912-15
12246| [855147] Solaris Update for kernel update and Apache 108528-29
12247| [855077] Solaris Update for Apache 2 120543-14
12248| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12249| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12250| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12251| [841209] Ubuntu Update for apache2 USN-1627-1
12252| [840900] Ubuntu Update for apache2 USN-1368-1
12253| [840798] Ubuntu Update for apache2 USN-1259-1
12254| [840734] Ubuntu Update for apache2 USN-1199-1
12255| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12256| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12257| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12258| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12259| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12260| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12261| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12262| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12263| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12264| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12265| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12266| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12267| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12268| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12269| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12270| [835188] HP-UX Update for Apache HPSBUX02308
12271| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12272| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12273| [835172] HP-UX Update for Apache HPSBUX02365
12274| [835168] HP-UX Update for Apache HPSBUX02313
12275| [835148] HP-UX Update for Apache HPSBUX01064
12276| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12277| [835131] HP-UX Update for Apache HPSBUX00256
12278| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12279| [835104] HP-UX Update for Apache HPSBUX00224
12280| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12281| [835101] HP-UX Update for Apache HPSBUX01232
12282| [835080] HP-UX Update for Apache HPSBUX02273
12283| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12284| [835044] HP-UX Update for Apache HPSBUX01019
12285| [835040] HP-UX Update for Apache PHP HPSBUX00207
12286| [835025] HP-UX Update for Apache HPSBUX00197
12287| [835023] HP-UX Update for Apache HPSBUX01022
12288| [835022] HP-UX Update for Apache HPSBUX02292
12289| [835005] HP-UX Update for Apache HPSBUX02262
12290| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12291| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12292| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12293| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12294| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12295| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12296| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12297| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12298| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12299| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12300| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12301| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12302| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12303| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12304| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12305| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12306| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12307| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12308| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12309| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12310| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12311| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12312| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12313| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12314| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12315| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12316| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12317| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12318| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12319| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12320| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12321| [801942] Apache Archiva Multiple Vulnerabilities
12322| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12323| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12324| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12325| [801284] Apache Derby Information Disclosure Vulnerability
12326| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12327| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12328| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12329| [800680] Apache APR Version Detection
12330| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12331| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12332| [800677] Apache Roller Version Detection
12333| [800279] Apache mod_jk Module Version Detection
12334| [800278] Apache Struts Cross Site Scripting Vulnerability
12335| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12336| [800276] Apache Struts Version Detection
12337| [800271] Apache Struts Directory Traversal Vulnerability
12338| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12339| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12340| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12341| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12342| [103074] Apache Continuum Cross Site Scripting Vulnerability
12343| [103073] Apache Continuum Detection
12344| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12345| [101023] Apache Open For Business Weak Password security check
12346| [101020] Apache Open For Business HTML injection vulnerability
12347| [101019] Apache Open For Business service detection
12348| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12349| [100923] Apache Archiva Detection
12350| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12351| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12352| [100813] Apache Axis2 Detection
12353| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12354| [100795] Apache Derby Detection
12355| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12356| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12357| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12358| [100514] Apache Multiple Security Vulnerabilities
12359| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12360| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12361| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12362| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12363| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12364| [72612] FreeBSD Ports: apache22
12365| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12366| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12367| [71512] FreeBSD Ports: apache
12368| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12369| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12370| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12371| [70737] FreeBSD Ports: apache
12372| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12373| [70600] FreeBSD Ports: apache
12374| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12375| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12376| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12377| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12378| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12379| [67868] FreeBSD Ports: apache
12380| [66816] FreeBSD Ports: apache
12381| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12382| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12383| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12384| [66081] SLES11: Security update for Apache 2
12385| [66074] SLES10: Security update for Apache 2
12386| [66070] SLES9: Security update for Apache 2
12387| [65998] SLES10: Security update for apache2-mod_python
12388| [65893] SLES10: Security update for Apache 2
12389| [65888] SLES10: Security update for Apache 2
12390| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12391| [65510] SLES9: Security update for Apache 2
12392| [65472] SLES9: Security update for Apache
12393| [65467] SLES9: Security update for Apache
12394| [65450] SLES9: Security update for apache2
12395| [65390] SLES9: Security update for Apache2
12396| [65363] SLES9: Security update for Apache2
12397| [65309] SLES9: Security update for Apache and mod_ssl
12398| [65296] SLES9: Security update for webdav apache module
12399| [65283] SLES9: Security update for Apache2
12400| [65249] SLES9: Security update for Apache 2
12401| [65230] SLES9: Security update for Apache 2
12402| [65228] SLES9: Security update for Apache 2
12403| [65212] SLES9: Security update for apache2-mod_python
12404| [65209] SLES9: Security update for apache2-worker
12405| [65207] SLES9: Security update for Apache 2
12406| [65168] SLES9: Security update for apache2-mod_python
12407| [65142] SLES9: Security update for Apache2
12408| [65136] SLES9: Security update for Apache 2
12409| [65132] SLES9: Security update for apache
12410| [65131] SLES9: Security update for Apache 2 oes/CORE
12411| [65113] SLES9: Security update for apache2
12412| [65072] SLES9: Security update for apache and mod_ssl
12413| [65017] SLES9: Security update for Apache 2
12414| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12415| [64783] FreeBSD Ports: apache
12416| [64774] Ubuntu USN-802-2 (apache2)
12417| [64653] Ubuntu USN-813-2 (apache2)
12418| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12419| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12420| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12421| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12422| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12423| [64443] Ubuntu USN-802-1 (apache2)
12424| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12425| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12426| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12427| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12428| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12429| [64201] Ubuntu USN-787-1 (apache2)
12430| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12431| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12432| [63565] FreeBSD Ports: apache
12433| [63562] Ubuntu USN-731-1 (apache2)
12434| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12435| [61185] FreeBSD Ports: apache
12436| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12437| [60387] Slackware Advisory SSA:2008-045-02 apache
12438| [58826] FreeBSD Ports: apache-tomcat
12439| [58825] FreeBSD Ports: apache-tomcat
12440| [58804] FreeBSD Ports: apache
12441| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12442| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12443| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12444| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12445| [57335] Debian Security Advisory DSA 1167-1 (apache)
12446| [57201] Debian Security Advisory DSA 1131-1 (apache)
12447| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12448| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12449| [57145] FreeBSD Ports: apache
12450| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12451| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12452| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12453| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12454| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12455| [56067] FreeBSD Ports: apache
12456| [55803] Slackware Advisory SSA:2005-310-04 apache
12457| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12458| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12459| [55355] FreeBSD Ports: apache
12460| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12461| [55261] Debian Security Advisory DSA 805-1 (apache2)
12462| [55259] Debian Security Advisory DSA 803-1 (apache)
12463| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12464| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12465| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12466| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12467| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12468| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12469| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12470| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12471| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12472| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12473| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12474| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12475| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12476| [54439] FreeBSD Ports: apache
12477| [53931] Slackware Advisory SSA:2004-133-01 apache
12478| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12479| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12480| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12481| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12482| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12483| [53848] Debian Security Advisory DSA 131-1 (apache)
12484| [53784] Debian Security Advisory DSA 021-1 (apache)
12485| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12486| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12487| [53735] Debian Security Advisory DSA 187-1 (apache)
12488| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12489| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12490| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12491| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12492| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12493| [53282] Debian Security Advisory DSA 594-1 (apache)
12494| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12495| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12496| [53215] Debian Security Advisory DSA 525-1 (apache)
12497| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12498| [52529] FreeBSD Ports: apache+ssl
12499| [52501] FreeBSD Ports: apache
12500| [52461] FreeBSD Ports: apache
12501| [52390] FreeBSD Ports: apache
12502| [52389] FreeBSD Ports: apache
12503| [52388] FreeBSD Ports: apache
12504| [52383] FreeBSD Ports: apache
12505| [52339] FreeBSD Ports: apache+mod_ssl
12506| [52331] FreeBSD Ports: apache
12507| [52329] FreeBSD Ports: ru-apache+mod_ssl
12508| [52314] FreeBSD Ports: apache
12509| [52310] FreeBSD Ports: apache
12510| [15588] Detect Apache HTTPS
12511| [15555] Apache mod_proxy content-length buffer overflow
12512| [15554] Apache mod_include priviledge escalation
12513| [14771] Apache <= 1.3.33 htpasswd local overflow
12514| [14177] Apache mod_access rule bypass
12515| [13644] Apache mod_rootme Backdoor
12516| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12517| [12280] Apache Connection Blocking Denial of Service
12518| [12239] Apache Error Log Escape Sequence Injection
12519| [12123] Apache Tomcat source.jsp malformed request information disclosure
12520| [12085] Apache Tomcat servlet/JSP container default files
12521| [11438] Apache Tomcat Directory Listing and File disclosure
12522| [11204] Apache Tomcat Default Accounts
12523| [11092] Apache 2.0.39 Win32 directory traversal
12524| [11046] Apache Tomcat TroubleShooter Servlet Installed
12525| [11042] Apache Tomcat DOS Device Name XSS
12526| [11041] Apache Tomcat /servlet Cross Site Scripting
12527| [10938] Apache Remote Command Execution via .bat files
12528| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12529| [10773] MacOS X Finder reveals contents of Apache Web files
12530| [10766] Apache UserDir Sensitive Information Disclosure
12531| [10756] MacOS X Finder reveals contents of Apache Web directories
12532| [10752] Apache Auth Module SQL Insertion Attack
12533| [10704] Apache Directory Listing
12534| [10678] Apache /server-info accessible
12535| [10677] Apache /server-status accessible
12536| [10440] Check for Apache Multiple / vulnerability
12537|
12538| SecurityTracker - https://www.securitytracker.com:
12539| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12540| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12541| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12542| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12543| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12544| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12545| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12546| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12547| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12548| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12549| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12550| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12551| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12552| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12553| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12554| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12555| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12556| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12557| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12558| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12559| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12560| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12561| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12562| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12563| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12564| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12565| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12566| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12567| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12568| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12569| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12570| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12571| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12572| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12573| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12574| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12575| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12576| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12577| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12578| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12579| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12580| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12581| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12582| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12583| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12584| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12585| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12586| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12587| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12588| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12589| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12590| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12591| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12592| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12593| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12594| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12595| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12596| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12597| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12598| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12599| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12600| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12601| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12602| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12603| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12604| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12605| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12606| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12607| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12608| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12609| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12610| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12611| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12612| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12613| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12614| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12615| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12616| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12617| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12618| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12619| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12620| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12621| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12622| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12623| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12624| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12625| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12626| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12627| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12628| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12629| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12630| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12631| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12632| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12633| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12634| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12635| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12636| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12637| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12638| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12639| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12640| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12641| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12642| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12643| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12644| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12645| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12646| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12647| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12648| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12649| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12650| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12651| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12652| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12653| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12654| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12655| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12656| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12657| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12658| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12659| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12660| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12661| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12662| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12663| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12664| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12665| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12666| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12667| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12668| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12669| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12670| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12671| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12672| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12673| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12674| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12675| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12676| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12677| [1008920] Apache mod_digest May Validate Replayed Client Responses
12678| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12679| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12680| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12681| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12682| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12683| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12684| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12685| [1008029] Apache mod_alias Contains a Buffer Overflow
12686| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12687| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12688| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12689| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12690| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12691| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12692| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12693| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12694| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12695| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12696| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12697| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12698| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12699| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12700| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12701| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12702| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12703| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12704| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12705| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12706| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12707| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12708| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12709| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12710| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12711| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12712| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12713| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12714| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12715| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12716| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12717| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12718| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12719| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12720| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12721| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12722| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12723| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12724| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12725| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12726| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12727| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12728| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12729| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12730| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12731| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12732| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12733| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12734| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12735| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12736| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12737| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12738| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12739| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12740| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12741| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12742|
12743| OSVDB - http://www.osvdb.org:
12744| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12745| [96077] Apache CloudStack Global Settings Multiple Field XSS
12746| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12747| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12748| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12749| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12750| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12751| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12752| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12753| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12754| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12755| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12756| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12757| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12758| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12759| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12760| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12761| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12762| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12763| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12764| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12765| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12766| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12767| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12768| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12769| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12770| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12771| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12772| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12773| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12774| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12775| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12776| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12777| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12778| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12779| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12780| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12781| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12782| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12783| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12784| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12785| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12786| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12787| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12788| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12789| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12790| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12791| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12792| [94279] Apache Qpid CA Certificate Validation Bypass
12793| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12794| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12795| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12796| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12797| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12798| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12799| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12800| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12801| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12802| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12803| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12804| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12805| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12806| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12807| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12808| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12809| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12810| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12811| [93541] Apache Solr json.wrf Callback XSS
12812| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12813| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12814| [93520] Apache CloudStack Default SSL Key Weakness
12815| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12816| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12817| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12818| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12819| [93515] Apache HBase table.jsp name Parameter XSS
12820| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12821| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12822| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12823| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12824| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12825| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12826| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12827| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12828| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12829| [93252] Apache Tomcat FORM Authenticator Session Fixation
12830| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12831| [93171] Apache Sling HtmlResponse Error Message XSS
12832| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12833| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12834| [93168] Apache Click ErrorReport.java id Parameter XSS
12835| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12836| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12837| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12838| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12839| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12840| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12841| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12842| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12843| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12844| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12845| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12846| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12847| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12848| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12849| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12850| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12851| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12852| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12853| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12854| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12855| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12856| [93144] Apache Solr Admin Command Execution CSRF
12857| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12858| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12859| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12860| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12861| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12862| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12863| [92748] Apache CloudStack VM Console Access Restriction Bypass
12864| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12865| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12866| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12867| [92706] Apache ActiveMQ Debug Log Rendering XSS
12868| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12869| [92270] Apache Tomcat Unspecified CSRF
12870| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12871| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12872| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12873| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12874| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12875| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12876| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12877| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12878| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12879| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12880| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12881| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12882| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12883| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12884| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12885| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12886| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12887| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12888| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12889| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12890| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12891| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12892| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12893| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12894| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12895| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12896| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12897| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12898| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12899| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12900| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12901| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12902| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12903| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12904| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12905| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12906| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12907| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12908| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12909| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12910| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12911| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12912| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12913| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12914| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12915| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12916| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12917| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12918| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12919| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12920| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12921| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12922| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12923| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12924| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12925| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12926| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12927| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12928| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12929| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12930| [86901] Apache Tomcat Error Message Path Disclosure
12931| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12932| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12933| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12934| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12935| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12936| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12937| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12938| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12939| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12940| [85430] Apache mod_pagespeed Module Unspecified XSS
12941| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12942| [85249] Apache Wicket Unspecified XSS
12943| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12944| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12945| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12946| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12947| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12948| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12949| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12950| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12951| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12952| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12953| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12954| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12955| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12956| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12957| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12958| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12959| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12960| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12961| [83339] Apache Roller Blogger Roll Unspecified XSS
12962| [83270] Apache Roller Unspecified Admin Action CSRF
12963| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12964| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12965| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12966| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12967| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12968| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12969| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12970| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12971| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12972| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12973| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12974| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12975| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12976| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12977| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12978| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12979| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12980| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12981| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12982| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12983| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12984| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12985| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12986| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12987| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12988| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12989| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12990| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12991| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12992| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12993| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12994| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12995| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12996| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12997| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12998| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12999| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13000| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13001| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13002| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13003| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13004| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13005| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13006| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13007| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13008| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13009| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13010| [77593] Apache Struts Conversion Error OGNL Expression Injection
13011| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13012| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13013| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13014| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13015| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13016| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13017| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13018| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13019| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13020| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13021| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13022| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13023| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13024| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13025| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13026| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13027| [74725] Apache Wicket Multi Window Support Unspecified XSS
13028| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13029| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13030| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13031| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13032| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13033| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13034| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13035| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13036| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13037| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13038| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13039| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13040| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13041| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13042| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13043| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13044| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13045| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13046| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13047| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13048| [73154] Apache Archiva Multiple Unspecified CSRF
13049| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13050| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13051| [72238] Apache Struts Action / Method Names <
13052| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13053| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13054| [71557] Apache Tomcat HTML Manager Multiple XSS
13055| [71075] Apache Archiva User Management Page XSS
13056| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13057| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13058| [70924] Apache Continuum Multiple Admin Function CSRF
13059| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13060| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13061| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13062| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13063| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13064| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13065| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13066| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13067| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13068| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13069| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13070| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13071| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13072| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13073| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13074| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13075| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13076| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13077| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13078| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13079| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13080| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13081| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13082| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13083| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13084| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13085| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13086| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13087| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13088| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13089| [65054] Apache ActiveMQ Jetty Error Handler XSS
13090| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13091| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13092| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13093| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13094| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13095| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13096| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13097| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13098| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13099| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13100| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13101| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13102| [63895] Apache HTTP Server mod_headers Unspecified Issue
13103| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13104| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13105| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13106| [63140] Apache Thrift Service Malformed Data Remote DoS
13107| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13108| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13109| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13110| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13111| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13112| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13113| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13114| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13115| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13116| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13117| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13118| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13119| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13120| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13121| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13122| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13123| [60678] Apache Roller Comment Email Notification Manipulation DoS
13124| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13125| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13126| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13127| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13128| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13129| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13130| [60232] PHP on Apache php.exe Direct Request Remote DoS
13131| [60176] Apache Tomcat Windows Installer Admin Default Password
13132| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13133| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13134| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13135| [59944] Apache Hadoop jobhistory.jsp XSS
13136| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13137| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13138| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13139| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13140| [59019] Apache mod_python Cookie Salting Weakness
13141| [59018] Apache Harmony Error Message Handling Overflow
13142| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13143| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13144| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13145| [59010] Apache Solr get-file.jsp XSS
13146| [59009] Apache Solr action.jsp XSS
13147| [59008] Apache Solr analysis.jsp XSS
13148| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13149| [59006] Apache Beehive select / checkbox Tag XSS
13150| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13151| [59004] Apache Beehive Error Message XSS
13152| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13153| [59002] Apache Jetspeed default-page.psml URI XSS
13154| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13155| [59000] Apache CXF Unsigned Message Policy Bypass
13156| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13157| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13158| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13159| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13160| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13161| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13162| [58993] Apache Hadoop browseBlock.jsp XSS
13163| [58991] Apache Hadoop browseDirectory.jsp XSS
13164| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13165| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13166| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13167| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13168| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13169| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13170| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13171| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13172| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13173| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13174| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13175| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13176| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13177| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13178| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13179| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13180| [58974] Apache Sling /apps Script User Session Management Access Weakness
13181| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13182| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13183| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13184| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13185| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13186| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13187| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13188| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13189| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13190| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13191| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13192| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13193| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13194| [58805] Apache Derby Unauthenticated Database / Admin Access
13195| [58804] Apache Wicket Header Contribution Unspecified Issue
13196| [58803] Apache Wicket Session Fixation
13197| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13198| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13199| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13200| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13201| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13202| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13203| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13204| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13205| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13206| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13207| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13208| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13209| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13210| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13211| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13212| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13213| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13214| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13215| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13216| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13217| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13218| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13219| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13220| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13221| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13222| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13223| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13224| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13225| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13226| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13227| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13228| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13229| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13230| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13231| [58755] Apache Harmony DRLVM Non-public Class Member Access
13232| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13233| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13234| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13235| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13236| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13237| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13238| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13239| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13240| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13241| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13242| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13243| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13244| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13245| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13246| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13247| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13248| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13249| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13250| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13251| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13252| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13253| [58724] Apache Roller Logout Functionality Failure Session Persistence
13254| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13255| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13256| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13257| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13258| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13259| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13260| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13261| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13262| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13263| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13264| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13265| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13266| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13267| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13268| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13269| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13270| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13271| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13272| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13273| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13274| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13275| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13276| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13277| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13278| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13279| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13280| [58687] Apache Axis Invalid wsdl Request XSS
13281| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13282| [58685] Apache Velocity Template Designer Privileged Code Execution
13283| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13284| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13285| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13286| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13287| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13288| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13289| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13290| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13291| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13292| [58667] Apache Roller Database Cleartext Passwords Disclosure
13293| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13294| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13295| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13296| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13297| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13298| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13299| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13300| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13301| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13302| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13303| [56984] Apache Xerces2 Java Malformed XML Input DoS
13304| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13305| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13306| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13307| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13308| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13309| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13310| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13311| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13312| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13313| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13314| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13315| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13316| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13317| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13318| [55056] Apache Tomcat Cross-application TLD File Manipulation
13319| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13320| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13321| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13322| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13323| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13324| [54589] Apache Jserv Nonexistent JSP Request XSS
13325| [54122] Apache Struts s:a / s:url Tag href Element XSS
13326| [54093] Apache ActiveMQ Web Console JMS Message XSS
13327| [53932] Apache Geronimo Multiple Admin Function CSRF
13328| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13329| [53930] Apache Geronimo /console/portal/ URI XSS
13330| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13331| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13332| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13333| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13334| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13335| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13336| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13337| [53380] Apache Struts Unspecified XSS
13338| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13339| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13340| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13341| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13342| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13343| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13344| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13345| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13346| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13347| [51151] Apache Roller Search Function q Parameter XSS
13348| [50482] PHP with Apache php_value Order Unspecified Issue
13349| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13350| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13351| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13352| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13353| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13354| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13355| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13356| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13357| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13358| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13359| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13360| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13361| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13362| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13363| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13364| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13365| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13366| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13367| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13368| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13369| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13370| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13371| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13372| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13373| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13374| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13375| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13376| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13377| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13378| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13379| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13380| [43452] Apache Tomcat HTTP Request Smuggling
13381| [43309] Apache Geronimo LoginModule Login Method Bypass
13382| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13383| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13384| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13385| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13386| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13387| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13388| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13389| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13390| [42091] Apache Maven Site Plugin Installation Permission Weakness
13391| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13392| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13393| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13394| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13395| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13396| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13397| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13398| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13399| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13400| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13401| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13402| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13403| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13404| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13405| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13406| [40262] Apache HTTP Server mod_status refresh XSS
13407| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13408| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13409| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13410| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13411| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13412| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13413| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13414| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13415| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13416| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13417| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13418| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13419| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13420| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13421| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13422| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13423| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13424| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13425| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13426| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13427| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13428| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13429| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13430| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13431| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13432| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13433| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13434| [36079] Apache Tomcat Manager Uploaded Filename XSS
13435| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13436| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13437| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13438| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13439| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13440| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13441| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13442| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13443| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13444| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13445| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13446| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13447| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13448| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13449| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13450| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13451| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13452| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13453| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13454| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13455| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13456| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13457| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13458| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13459| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13460| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13461| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13462| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13463| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13464| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13465| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13466| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13467| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13468| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13469| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13470| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13471| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13472| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13473| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13474| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13475| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13476| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13477| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13478| [24365] Apache Struts Multiple Function Error Message XSS
13479| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13480| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13481| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13482| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13483| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13484| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13485| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13486| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13487| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13488| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13489| [22459] Apache Geronimo Error Page XSS
13490| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13491| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13492| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13493| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13494| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13495| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13496| [21021] Apache Struts Error Message XSS
13497| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13498| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13499| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13500| [20439] Apache Tomcat Directory Listing Saturation DoS
13501| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13502| [20285] Apache HTTP Server Log File Control Character Injection
13503| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13504| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13505| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13506| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13507| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13508| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13509| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13510| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13511| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13512| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13513| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13514| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13515| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13516| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13517| [18233] Apache HTTP Server htdigest user Variable Overfow
13518| [17738] Apache HTTP Server HTTP Request Smuggling
13519| [16586] Apache HTTP Server Win32 GET Overflow DoS
13520| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13521| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13522| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13523| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13524| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13525| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13526| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13527| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13528| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13529| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13530| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13531| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13532| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13533| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13534| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13535| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13536| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13537| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13538| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13539| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13540| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13541| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13542| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13543| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13544| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13545| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13546| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13547| [13304] Apache Tomcat realPath.jsp Path Disclosure
13548| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13549| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13550| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13551| [12848] Apache HTTP Server htdigest realm Variable Overflow
13552| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13553| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13554| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13555| [12557] Apache HTTP Server prefork MPM accept Error DoS
13556| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13557| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13558| [12231] Apache Tomcat web.xml Arbitrary File Access
13559| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13560| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13561| [12178] Apache Jakarta Lucene results.jsp XSS
13562| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13563| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13564| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13565| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13566| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13567| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13568| [10471] Apache Xerces-C++ XML Parser DoS
13569| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13570| [10068] Apache HTTP Server htpasswd Local Overflow
13571| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13572| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13573| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13574| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13575| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13576| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13577| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13578| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13579| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13580| [9714] Apache Authentication Module Threaded MPM DoS
13581| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13582| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13583| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13584| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13585| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13586| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13587| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13588| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13589| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13590| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13591| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13592| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13593| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13594| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13595| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13596| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13597| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13598| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13599| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13600| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13601| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13602| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13603| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13604| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13605| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13606| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13607| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13608| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13609| [9208] Apache Tomcat .jsp Encoded Newline XSS
13610| [9204] Apache Tomcat ROOT Application XSS
13611| [9203] Apache Tomcat examples Application XSS
13612| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13613| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13614| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13615| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13616| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13617| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13618| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13619| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13620| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13621| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13622| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13623| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13624| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13625| [7611] Apache HTTP Server mod_alias Local Overflow
13626| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13627| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13628| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13629| [6882] Apache mod_python Malformed Query String Variant DoS
13630| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13631| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13632| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13633| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13634| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13635| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13636| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13637| [5278] Apache Tomcat web.xml Restriction Bypass
13638| [5051] Apache Tomcat Null Character DoS
13639| [4973] Apache Tomcat servlet Mapping XSS
13640| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13641| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13642| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13643| [4568] mod_survey For Apache ENV Tags SQL Injection
13644| [4553] Apache HTTP Server ApacheBench Overflow DoS
13645| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13646| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13647| [4383] Apache HTTP Server Socket Race Condition DoS
13648| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13649| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13650| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13651| [4231] Apache Cocoon Error Page Server Path Disclosure
13652| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13653| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13654| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13655| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13656| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13657| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13658| [3322] mod_php for Apache HTTP Server Process Hijack
13659| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13660| [2885] Apache mod_python Malformed Query String DoS
13661| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13662| [2733] Apache HTTP Server mod_rewrite Local Overflow
13663| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13664| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13665| [2149] Apache::Gallery Privilege Escalation
13666| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13667| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13668| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13669| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13670| [872] Apache Tomcat Multiple Default Accounts
13671| [862] Apache HTTP Server SSI Error Page XSS
13672| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13673| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13674| [845] Apache Tomcat MSDOS Device XSS
13675| [844] Apache Tomcat Java Servlet Error Page XSS
13676| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13677| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13678| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13679| [775] Apache mod_python Module Importing Privilege Function Execution
13680| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13681| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13682| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13683| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13684| [637] Apache HTTP Server UserDir Directive Username Enumeration
13685| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13686| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13687| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13688| [561] Apache Web Servers mod_status /server-status Information Disclosure
13689| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13690| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13691| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13692| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13693| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13694| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13695| [376] Apache Tomcat contextAdmin Arbitrary File Access
13696| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13697| [222] Apache HTTP Server test-cgi Arbitrary File Access
13698| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13699| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13700|_
13701Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
13702Device type: general purpose|firewall|storage-misc|VoIP phone
13703Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
13704OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
13705Aggressive OS guesses: Linux 2.6.32 (91%), Linux 3.10 (91%), Linux 3.4 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.32 or 3.10 (89%), Linux 2.6.39 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
13706No exact OS matches for host (test conditions non-ideal).
13707Uptime guess: 25.995 days (since Tue Oct 15 02:15:13 2019)
13708Network Distance: 12 hops
13709TCP Sequence Prediction: Difficulty=262 (Good luck!)
13710IP ID Sequence Generation: All zeros
13711
13712TRACEROUTE (using port 80/tcp)
13713HOP RTT ADDRESS
137141 315.82 ms 10.247.204.1
137152 473.44 ms 213.184.122.97
137163 473.42 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
137174 473.49 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
137185 473.46 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
137196 473.49 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
137207 473.51 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
137218 676.40 ms xe-0-0-3.cr6-lax2.ip4.gtt.net (89.149.180.253)
137229 676.45 ms ip4.gtt.net (69.174.20.70)
1372310 473.59 ms vl65.dr07.lax03.as46562.net (172.83.43.51)
1372411 352.89 ms vl65.dr07.lax03.as46562.net (172.83.43.51)
1372512 516.89 ms tss.centralprocessingunit.com (107.152.98.18)
13726
13727NSE: Script Post-scanning.
13728Initiating NSE at 01:07
13729Completed NSE at 01:07, 0.00s elapsed
13730Initiating NSE at 01:07
13731Completed NSE at 01:07, 0.00s elapsed
13732Read data files from: /usr/bin/../share/nmap
13733OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
13734Nmap done: 1 IP address (1 host up) scanned in 138.40 seconds
13735 Raw packets sent: 96 (7.932KB) | Rcvd: 40 (4.029KB)
13736====================================================================================•x[2019-11-10](01:07)x•
13737 SAVING SCREENSHOTS
13738====================================================================================•x[2019-11-10](01:07)x•
13739webscreenshot.py version 2.2.1
13740
13741[+] 1 URLs to be screenshot
13742[+] 1 actual URLs screenshot
13743[+] 0 error(s)
13744 + -- --=[Port 110 opened... running tests...
13745====================================================================================•x[2019-11-10](01:08)x•
13746 RUNNING NMAP SCRIPTS
13747====================================================================================•x[2019-11-10](01:08)x•
13748Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 01:08 EST
13749NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
13750NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
13751NSE: [pop3-brute] passwords: Time limit 10m00s exceeded.
13752Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
13753Host is up (0.51s latency).
13754
13755PORT STATE SERVICE VERSION
13756110/tcp open pop3 Courier pop3d
13757| pop3-brute:
13758| Accounts: No valid accounts found
13759|_ Statistics: Performed 5153 guesses in 601 seconds, average tps: 8.3
13760|_pop3-capabilities: APOP USER TOP UIDL PIPELINING SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) IMPLEMENTATION(Courier Mail Server) LOGIN-DELAY(10) STLS
13761| vulscan: VulDB - https://vuldb.com:
13762| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
13763| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
13764| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
13765| [50725] e-Courier CMS cross site scripting
13766| [46287] Pre Courier and Cargo Business unknown vulnerability
13767| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
13768| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
13769|
13770| MITRE CVE - https://cve.mitre.org:
13771| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
13772| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
13773| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
13774| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
13775| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
13776| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
13777| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
13778| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
13779| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
13780| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
13781| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
13782| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
13783| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
13784| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
13785| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
13786| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
13787| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
13788| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
13789| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
13790| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
13791| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
13792| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
13793| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
13794| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
13795| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
13796| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
13797| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
13798|
13799| SecurityFocus - https://www.securityfocus.com/bid/:
13800| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
13801| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
13802| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
13803| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
13804| [39838] tpop3d Remote Denial of Service Vulnerability
13805| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
13806| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
13807| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
13808| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
13809| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
13810| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
13811| [15771] Courier Mail Server Unauthorized Access Vulnerability
13812| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
13813| [10976] Courier-IMAP Remote Format String Vulnerability
13814| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
13815| [8495] akpop3d User Name SQL Injection Vulnerability
13816| [8473] Vpop3d Remote Denial Of Service Vulnerability
13817| [6738] Courier-IMAP Username SQL Injection Vulnerability
13818| [6189] Courier SqWebMail File Disclosure Vulnerability
13819| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
13820| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
13821| [3990] ZPop3D Bad Login Logging Failure Vulnerability
13822| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
13823|
13824| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13825| [54180] e-Courier CMS multiple scripts cross-site scripting
13826| [54143] e-Courier CMS index.asp cross-site scripting
13827| [47494] Courier Authentication Library Postgres SQL injection
13828| [47436] PRE COURIER &
13829| [43628] Novell OpenSUSE courier-authlib SQL injection
13830| [42950] Courier authentication library username SQL injection
13831| [33805] Gentoo Courier-IMAP command execution
13832| [26998] Courier Mail Server libs/comverp.c usernames denial of service
13833| [26578] Cyrus IMAP pop3d buffer overflow
13834| [23532] Courier Mail Server authentication daemon allows deactivated account access
13835| [21565] Courier Mail Server rfc1035/spf.c denial of service
13836| [17034] Courier-IMAP auth_debug format string attack
13837| [15434] Courier Japanese codeset converter buffer overflow
13838| [13018] akpop3d authentication code SQL injection
13839| [11213] Courier-IMAP authpgsqllib username SQL injection
13840| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
13841| [9228] Courier MTA long year denial of service
13842| [7345] Slackware Linux imapd and ipop3d core dump
13843| [6269] imap, ipop2d and ipop3d buffer overflows
13844| [5923] Linuxconf vpop3d symbolic link
13845| [4918] IPOP3D, Buffer overflow attack
13846| [1560] IPOP3D, user login successful
13847| [1559] IPOP3D user login to remote host successful
13848| [1525] IPOP3D, user logout
13849| [1524] IPOP3D, user auto-logout
13850| [1523] IPOP3D, user login failure
13851| [1522] IPOP3D, brute force attack
13852| [1521] IPOP3D, user kiss of death logout
13853| [418] pop3d mktemp creates insecure temporary files
13854|
13855| Exploit-DB - https://www.exploit-db.com:
13856| [23053] Vpop3d Remote Denial of Service Vulnerability
13857| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
13858| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
13859| [11893] tPop3d 1.5.3 DoS
13860| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
13861| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
13862| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
13863| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
13864|
13865| OpenVAS (Nessus) - http://www.openvas.org:
13866| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
13867| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
13868| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
13869| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
13870| [61192] FreeBSD Ports: courier-authlib
13871| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
13872| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
13873| [57001] Debian Security Advisory DSA 1101-1 (courier)
13874| [55972] Debian Security Advisory DSA 917-1 (courier)
13875| [55421] Debian Security Advisory DSA 820-1 (courier)
13876| [55204] Debian Security Advisory DSA 793-1 (courier)
13877| [55165] Debian Security Advisory DSA 784-1 (courier)
13878| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
13879| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
13880| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
13881| [53589] Debian Security Advisory DSA 247-1 (courier)
13882| [53441] Debian Security Advisory DSA 197-1 (courier)
13883| [53222] Debian Security Advisory DSA 533-1 (courier)
13884| [52431] FreeBSD Ports: courier
13885| [52418] FreeBSD Ports: courier-imap
13886|
13887| SecurityTracker - https://www.securitytracker.com:
13888| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
13889| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
13890| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
13891| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
13892| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
13893| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
13894| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
13895|
13896| OSVDB - http://www.osvdb.org:
13897| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
13898| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
13899| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
13900| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
13901| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
13902| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
13903| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
13904| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
13905| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
13906| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
13907| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
13908| [47516] openSUSE courier-authlib Unspecified SQL Injection
13909| [46049] Courier Authentication Library Username SQL Injection
13910| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
13911| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
13912| [26232] Courier Mail Server Crafted Username Encoding DoS
13913| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
13914| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
13915| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
13916| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
13917| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
13918| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
13919| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
13920| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
13921| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
13922| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
13923| [5857] Linux pop3d Arbitrary Mail File Access
13924| [5052] Double Precision Courier MTA Invalid Year DoS
13925| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
13926| [2471] akpop3d username SQL Injection
13927|_
13928Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
13929Device type: general purpose|firewall|storage-misc|VoIP phone
13930Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
13931OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
13932Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.10 (91%), Linux 3.4 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.39 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
13933No exact OS matches for host (test conditions non-ideal).
13934Network Distance: 10 hops
13935Service Info: Host: localhost.localdomain
13936
13937TRACEROUTE (using port 443/tcp)
13938HOP RTT ADDRESS
139391 316.67 ms 10.247.204.1
139402 474.47 ms 213.184.122.97
139413 474.42 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
139424 474.46 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
139435 474.47 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
139446 474.53 ms bzq-219-189-50.cablep.bezeqint.net (62.219.189.50)
139457 474.56 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
139468 474.58 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
139479 632.45 ms ip4.gtt.net (69.174.20.70)
1394810 474.54 ms tss.centralprocessingunit.com (107.152.98.18)
13949
13950OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
13951Nmap done: 1 IP address (1 host up) scanned in 615.83 seconds
13952 + -- --=[Port 111 closed... skipping.
13953 + -- --=[Port 123 closed... skipping.
13954 + -- --=[Port 135 closed... skipping.
13955 + -- --=[Port 137 closed... skipping.
13956 + -- --=[Port 139 closed... skipping.
13957 + -- --=[Port 161 closed... skipping.
13958 + -- --=[Port 162 closed... skipping.
13959 + -- --=[Port 389 closed... skipping.
13960 + -- --=[Port 443 opened... running tests...
13961====================================================================================•x[2019-11-10](01:18)x•
13962 CHECKING HTTP HEADERS AND METHODS
13963====================================================================================•x[2019-11-10](01:18)x•
13964====================================================================================•x[2019-11-10](01:18)x•
13965 DISPLAYING META GENERATOR TAGS
13966====================================================================================•x[2019-11-10](01:18)x•
13967====================================================================================•x[2019-11-10](01:18)x•
13968 DISPLAYING COMMENTS
13969====================================================================================•x[2019-11-10](01:18)x•
13970====================================================================================•x[2019-11-10](01:18)x•
13971 DISPLAYING SITE LINKS
13972====================================================================================•x[2019-11-10](01:18)x•
13973====================================================================================•x[2019-11-10](01:18)x•
13974 CHECKING FOR WAF
13975====================================================================================•x[2019-11-10](01:18)x•
13976
13977 ______
13978 / \
13979 ( Woof! )
13980 \______/ )
13981 ,, ) (_
13982 .-. - _______ ( |__|
13983 ()``; |==|_______) .)|__|
13984 / (' /|\ ( |__|
13985 ( / ) / | \ . |__|
13986 \(_)_)) / | \ |__|
13987
13988 WAFW00F - Web Application Firewall Detection Tool
13989
13990
13991Checking https://107.152.98.18
13992Generic Detection results:
13993No WAF detected by the generic detection
13994Number of requests: 7
13995
13996====================================================================================•x[2019-11-10](01:18)x•
13997 GATHERING HTTP INFO
13998====================================================================================•x[2019-11-10](01:18)x•
13999https://107.152.98.18 [200 OK] Apache, Country[UNITED STATES][US], HTML5, HTTPServer[Apache], IP[107.152.98.18], Plesk[Lin], Script, Title[Default Parallels Plesk Panel Page], X-Powered-By[PleskLin], X-UA-Compatible[IE=edge]
14000====================================================================================•x[2019-11-10](01:18)x•
14001 GATHERING SERVER INFO
14002====================================================================================•x[2019-11-10](01:18)x•
14003
14004wig - WebApp Information Gatherer
14005
14006
14007====================================================================================•x[2019-11-10](01:18)x•
14008 GATHERING WEB FINGERPRINT
14009====================================================================================•x[2019-11-10](01:18)x•
14010 Apache
14011 Plesk
14012====================================================================================•x[2019-11-10](01:19)x•
14013 RUNNING NMAP HTTP SCRIPTS
14014====================================================================================•x[2019-11-10](01:19)x•
14015Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 01:19 EST
14016NSE: Loaded 163 scripts for scanning.
14017NSE: Script Pre-scanning.
14018Initiating NSE at 01:19
14019Completed NSE at 01:19, 0.00s elapsed
14020Initiating NSE at 01:19
14021Completed NSE at 01:19, 0.00s elapsed
14022Initiating Parallel DNS resolution of 1 host. at 01:19
14023Completed Parallel DNS resolution of 1 host. at 01:19, 0.02s elapsed
14024Initiating SYN Stealth Scan at 01:19
14025Scanning tss.centralprocessingunit.com (107.152.98.18) [1 port]
14026Discovered open port 443/tcp on 107.152.98.18
14027Completed SYN Stealth Scan at 01:19, 0.67s elapsed (1 total ports)
14028Initiating Service scan at 01:19
14029Scanning 1 service on tss.centralprocessingunit.com (107.152.98.18)
14030Completed Service scan at 01:19, 15.49s elapsed (1 service on 1 host)
14031Initiating OS detection (try #1) against tss.centralprocessingunit.com (107.152.98.18)
14032Retrying OS detection (try #2) against tss.centralprocessingunit.com (107.152.98.18)
14033WARNING: OS didn't match until try #2
14034Initiating Traceroute at 01:19
14035Completed Traceroute at 01:19, 6.70s elapsed
14036Initiating Parallel DNS resolution of 8 hosts. at 01:19
14037Completed Parallel DNS resolution of 8 hosts. at 01:19, 0.38s elapsed
14038NSE: Script scanning 107.152.98.18.
14039Initiating NSE at 01:19
14040NSE Timing: About 45.26% done; ETC: 01:20 (0:00:37 remaining)
14041NSE Timing: About 85.03% done; ETC: 01:23 (0:00:31 remaining)
14042NSE Timing: About 84.62% done; ETC: 01:23 (0:00:38 remaining)
14043NSE Timing: About 85.05% done; ETC: 01:24 (0:00:43 remaining)
14044NSE Timing: About 86.71% done; ETC: 01:25 (0:00:45 remaining)
14045NSE Timing: About 87.71% done; ETC: 01:26 (0:00:47 remaining)
14046NSE Timing: About 89.37% done; ETC: 01:26 (0:00:46 remaining)
14047NSE: [http-wordpress-enum 107.152.98.18:443] got no answers from pipelined queries
14048NSE Timing: About 91.06% done; ETC: 01:27 (0:00:43 remaining)
14049NSE Timing: About 91.72% done; ETC: 01:28 (0:00:43 remaining)
14050NSE Timing: About 94.04% done; ETC: 01:28 (0:00:33 remaining)
14051NSE Timing: About 94.70% done; ETC: 01:29 (0:00:31 remaining)
14052Stats: 0:13:13 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
14053NSE: Active NSE Script Threads: 1 (1 waiting)
14054NSE Timing: About 99.67% done; ETC: 01:32 (0:00:03 remaining)
14055Completed NSE at 01:33, 810.01s elapsed
14056Initiating NSE at 01:33
14057Completed NSE at 01:33, 4.84s elapsed
14058Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
14059Host is up (0.56s latency).
14060
14061PORT STATE SERVICE VERSION
14062443/tcp open ssl/http Apache httpd (PleskLin)
14063|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
14064| http-brute:
14065|_ Path "/" does not require authentication
14066|_http-chrono: Request times for /; avg: 16566.18ms; min: 16482.60ms; max: 16640.75ms
14067|_http-csrf: Couldn't find any CSRF vulnerabilities.
14068|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
14069|_http-dombased-xss: Couldn't find any DOM based XSS.
14070|_http-errors: ERROR: Script execution failed (use -d to debug)
14071|_http-feed: Couldn't find any feeds.
14072|_http-fetch: Please enter the complete path of the directory to save data in.
14073|_http-jsonp-detection: Couldn't find any JSONP endpoints.
14074|_http-mobileversion-checker: No mobile version detected.
14075| http-security-headers:
14076| Strict_Transport_Security:
14077|_ HSTS not configured in HTTPS Server
14078| http-sitemap-generator:
14079| Directory structure:
14080| Longest directory structure:
14081| Depth: 0
14082| Dir: /
14083| Total files found (by extension):
14084|_
14085|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
14086|_http-traceroute: ERROR: Script execution failed (use -d to debug)
14087| http-vhosts:
14088|_127 names had status ERROR
14089|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
14090|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
14091|_http-xssed: No previously reported XSS vuln.
14092| vulscan: VulDB - https://vuldb.com:
14093| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
14094| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
14095| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
14096| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
14097| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
14098| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
14099| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
14100| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
14101| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
14102| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
14103| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
14104| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
14105| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
14106| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
14107| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
14108| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
14109| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
14110| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
14111| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
14112| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
14113| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
14114| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
14115| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
14116| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
14117| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
14118| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
14119| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
14120| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
14121| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
14122| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
14123| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
14124| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
14125| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
14126| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
14127| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
14128| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
14129| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
14130| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
14131| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
14132| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
14133| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
14134| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
14135| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
14136| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
14137| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
14138| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
14139| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
14140| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
14141| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
14142| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
14143| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
14144| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
14145| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
14146| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
14147| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
14148| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
14149| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
14150| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
14151| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
14152| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
14153| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
14154| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
14155| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
14156| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
14157| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
14158| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14159| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
14160| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
14161| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
14162| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
14163| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
14164| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
14165| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
14166| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
14167| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
14168| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
14169| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
14170| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
14171| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
14172| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
14173| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
14174| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
14175| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
14176| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
14177| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
14178| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
14179| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
14180| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
14181| [136370] Apache Fineract up to 1.2.x sql injection
14182| [136369] Apache Fineract up to 1.2.x sql injection
14183| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
14184| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
14185| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
14186| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
14187| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
14188| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
14189| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
14190| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
14191| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
14192| [134416] Apache Sanselan 0.97-incubator Loop denial of service
14193| [134415] Apache Sanselan 0.97-incubator Hang denial of service
14194| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
14195| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
14196| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
14197| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
14198| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
14199| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
14200| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
14201| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
14202| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
14203| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
14204| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
14205| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
14206| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
14207| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
14208| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
14209| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
14210| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
14211| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
14212| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
14213| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
14214| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
14215| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
14216| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
14217| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
14218| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
14219| [131859] Apache Hadoop up to 2.9.1 privilege escalation
14220| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
14221| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
14222| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
14223| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
14224| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
14225| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
14226| [130629] Apache Guacamole Cookie Flag weak encryption
14227| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
14228| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
14229| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
14230| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
14231| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
14232| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
14233| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
14234| [130123] Apache Airflow up to 1.8.2 information disclosure
14235| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
14236| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
14237| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
14238| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
14239| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14240| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14241| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14242| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
14243| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
14244| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
14245| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
14246| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
14247| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
14248| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
14249| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
14250| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
14251| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
14252| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
14253| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14254| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
14255| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14256| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
14257| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
14258| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
14259| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
14260| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
14261| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
14262| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
14263| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
14264| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
14265| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
14266| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
14267| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
14268| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
14269| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
14270| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
14271| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
14272| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
14273| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
14274| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
14275| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
14276| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
14277| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
14278| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
14279| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
14280| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
14281| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
14282| [127007] Apache Spark Request Code Execution
14283| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
14284| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
14285| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
14286| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
14287| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
14288| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
14289| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
14290| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
14291| [126346] Apache Tomcat Path privilege escalation
14292| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
14293| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
14294| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
14295| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
14296| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
14297| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
14298| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
14299| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
14300| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
14301| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
14302| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
14303| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
14304| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
14305| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
14306| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
14307| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
14308| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
14309| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
14310| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
14311| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
14312| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
14313| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
14314| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
14315| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
14316| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
14317| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
14318| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
14319| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
14320| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
14321| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
14322| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
14323| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
14324| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
14325| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
14326| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
14327| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
14328| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
14329| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
14330| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
14331| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
14332| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
14333| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
14334| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
14335| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
14336| [123197] Apache Sentry up to 2.0.0 privilege escalation
14337| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
14338| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
14339| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
14340| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
14341| [122800] Apache Spark 1.3.0 REST API weak authentication
14342| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
14343| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
14344| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
14345| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
14346| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
14347| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
14348| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
14349| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
14350| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
14351| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
14352| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
14353| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
14354| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
14355| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
14356| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
14357| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
14358| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
14359| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
14360| [121354] Apache CouchDB HTTP API Code Execution
14361| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
14362| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
14363| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
14364| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
14365| [120168] Apache CXF weak authentication
14366| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
14367| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
14368| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
14369| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
14370| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
14371| [119306] Apache MXNet Network Interface privilege escalation
14372| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
14373| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
14374| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
14375| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
14376| [118143] Apache NiFi activemq-client Library Deserialization denial of service
14377| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
14378| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
14379| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
14380| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
14381| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
14382| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
14383| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
14384| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
14385| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
14386| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
14387| [117115] Apache Tika up to 1.17 tika-server command injection
14388| [116929] Apache Fineract getReportType Parameter privilege escalation
14389| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
14390| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
14391| [116926] Apache Fineract REST Parameter privilege escalation
14392| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
14393| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
14394| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
14395| [115883] Apache Hive up to 2.3.2 privilege escalation
14396| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
14397| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
14398| [115518] Apache Ignite 2.3 Deserialization privilege escalation
14399| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
14400| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
14401| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
14402| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
14403| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
14404| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
14405| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
14406| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
14407| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
14408| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
14409| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
14410| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
14411| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
14412| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
14413| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
14414| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
14415| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
14416| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
14417| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
14418| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
14419| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
14420| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
14421| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
14422| [113895] Apache Geode up to 1.3.x Code Execution
14423| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
14424| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
14425| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
14426| [113747] Apache Tomcat Servlets privilege escalation
14427| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
14428| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
14429| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
14430| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
14431| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
14432| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
14433| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
14434| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
14435| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
14436| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
14437| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
14438| [112885] Apache Allura up to 1.8.0 File information disclosure
14439| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
14440| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
14441| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
14442| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
14443| [112625] Apache POI up to 3.16 Loop denial of service
14444| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
14445| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
14446| [112339] Apache NiFi 1.5.0 Header privilege escalation
14447| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
14448| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
14449| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
14450| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
14451| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
14452| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
14453| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
14454| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
14455| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
14456| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
14457| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
14458| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
14459| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
14460| [112114] Oracle 9.1 Apache Log4j privilege escalation
14461| [112113] Oracle 9.1 Apache Log4j privilege escalation
14462| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
14463| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
14464| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
14465| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
14466| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
14467| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
14468| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
14469| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
14470| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
14471| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
14472| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
14473| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
14474| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
14475| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
14476| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
14477| [110701] Apache Fineract Query Parameter sql injection
14478| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
14479| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
14480| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
14481| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
14482| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
14483| [110106] Apache CXF Fediz Spring cross site request forgery
14484| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
14485| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
14486| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
14487| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
14488| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
14489| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
14490| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
14491| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
14492| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
14493| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
14494| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
14495| [108938] Apple macOS up to 10.13.1 apache denial of service
14496| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
14497| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
14498| [108935] Apple macOS up to 10.13.1 apache denial of service
14499| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
14500| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
14501| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
14502| [108931] Apple macOS up to 10.13.1 apache denial of service
14503| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
14504| [108929] Apple macOS up to 10.13.1 apache denial of service
14505| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
14506| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
14507| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
14508| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
14509| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
14510| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
14511| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
14512| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
14513| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
14514| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
14515| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
14516| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
14517| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
14518| [108782] Apache Xerces2 XML Service denial of service
14519| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
14520| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
14521| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
14522| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
14523| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
14524| [108629] Apache OFBiz up to 10.04.01 privilege escalation
14525| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
14526| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
14527| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
14528| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
14529| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
14530| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
14531| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
14532| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
14533| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
14534| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
14535| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
14536| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
14537| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
14538| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
14539| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
14540| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
14541| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
14542| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
14543| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
14544| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
14545| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
14546| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
14547| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
14548| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
14549| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
14550| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
14551| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
14552| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
14553| [107639] Apache NiFi 1.4.0 XML External Entity
14554| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
14555| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
14556| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
14557| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
14558| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
14559| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
14560| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
14561| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
14562| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
14563| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
14564| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
14565| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
14566| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
14567| [107197] Apache Xerces Jelly Parser XML File XML External Entity
14568| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
14569| [107084] Apache Struts up to 2.3.19 cross site scripting
14570| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
14571| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
14572| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
14573| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
14574| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
14575| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
14576| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
14577| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
14578| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
14579| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
14580| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
14581| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
14582| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
14583| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
14584| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
14585| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
14586| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
14587| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
14588| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
14589| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
14590| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
14591| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
14592| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
14593| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
14594| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
14595| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
14596| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
14597| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
14598| [105878] Apache Struts up to 2.3.24.0 privilege escalation
14599| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
14600| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
14601| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
14602| [105643] Apache Pony Mail up to 0.8b weak authentication
14603| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
14604| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
14605| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
14606| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
14607| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
14608| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
14609| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
14610| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
14611| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
14612| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
14613| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
14614| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
14615| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
14616| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
14617| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
14618| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
14619| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
14620| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
14621| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
14622| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
14623| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
14624| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
14625| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
14626| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
14627| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
14628| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
14629| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
14630| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
14631| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
14632| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
14633| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
14634| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
14635| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
14636| [103690] Apache OpenMeetings 1.0.0 sql injection
14637| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
14638| [103688] Apache OpenMeetings 1.0.0 weak encryption
14639| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
14640| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
14641| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
14642| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
14643| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
14644| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
14645| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
14646| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
14647| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
14648| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
14649| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
14650| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
14651| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
14652| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
14653| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
14654| [103352] Apache Solr Node weak authentication
14655| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
14656| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
14657| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
14658| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
14659| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
14660| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
14661| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
14662| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
14663| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
14664| [102536] Apache Ranger up to 0.6 Stored cross site scripting
14665| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
14666| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
14667| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
14668| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
14669| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
14670| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
14671| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
14672| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
14673| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
14674| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
14675| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
14676| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
14677| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
14678| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
14679| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
14680| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
14681| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
14682| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
14683| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
14684| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
14685| [99937] Apache Batik up to 1.8 privilege escalation
14686| [99936] Apache FOP up to 2.1 privilege escalation
14687| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
14688| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
14689| [99930] Apache Traffic Server up to 6.2.0 denial of service
14690| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
14691| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
14692| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
14693| [117569] Apache Hadoop up to 2.7.3 privilege escalation
14694| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
14695| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
14696| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
14697| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
14698| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
14699| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
14700| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
14701| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
14702| [99014] Apache Camel Jackson/JacksonXML privilege escalation
14703| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14704| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
14705| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14706| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
14707| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
14708| [98605] Apple macOS up to 10.12.3 Apache denial of service
14709| [98604] Apple macOS up to 10.12.3 Apache denial of service
14710| [98603] Apple macOS up to 10.12.3 Apache denial of service
14711| [98602] Apple macOS up to 10.12.3 Apache denial of service
14712| [98601] Apple macOS up to 10.12.3 Apache denial of service
14713| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
14714| [98405] Apache Hadoop up to 0.23.10 privilege escalation
14715| [98199] Apache Camel Validation XML External Entity
14716| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
14717| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
14718| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
14719| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
14720| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
14721| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
14722| [97081] Apache Tomcat HTTPS Request denial of service
14723| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
14724| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
14725| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
14726| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
14727| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
14728| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
14729| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
14730| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
14731| [95311] Apache Storm UI Daemon privilege escalation
14732| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
14733| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
14734| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
14735| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
14736| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
14737| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
14738| [94540] Apache Tika 1.9 tika-server File information disclosure
14739| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
14740| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
14741| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
14742| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
14743| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
14744| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
14745| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14746| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14747| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
14748| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
14749| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
14750| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
14751| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
14752| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
14753| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14754| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14755| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
14756| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
14757| [93532] Apache Commons Collections Library Java privilege escalation
14758| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
14759| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
14760| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
14761| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
14762| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
14763| [93098] Apache Commons FileUpload privilege escalation
14764| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
14765| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
14766| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
14767| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
14768| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
14769| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
14770| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
14771| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
14772| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
14773| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
14774| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
14775| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
14776| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
14777| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
14778| [92549] Apache Tomcat on Red Hat privilege escalation
14779| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
14780| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
14781| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
14782| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
14783| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
14784| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
14785| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
14786| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
14787| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
14788| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
14789| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
14790| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
14791| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
14792| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
14793| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
14794| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
14795| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
14796| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
14797| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
14798| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
14799| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
14800| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
14801| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
14802| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
14803| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
14804| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
14805| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
14806| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
14807| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
14808| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
14809| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
14810| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
14811| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
14812| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
14813| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
14814| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
14815| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
14816| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
14817| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
14818| [90263] Apache Archiva Header denial of service
14819| [90262] Apache Archiva Deserialize privilege escalation
14820| [90261] Apache Archiva XML DTD Connection privilege escalation
14821| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
14822| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
14823| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
14824| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
14825| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14826| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14827| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
14828| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
14829| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
14830| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
14831| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
14832| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
14833| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
14834| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
14835| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
14836| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
14837| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
14838| [87765] Apache James Server 2.3.2 Command privilege escalation
14839| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
14840| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
14841| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
14842| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
14843| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
14844| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
14845| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
14846| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
14847| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
14848| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14849| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14850| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
14851| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
14852| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
14853| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14854| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14855| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
14856| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
14857| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
14858| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
14859| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
14860| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
14861| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
14862| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
14863| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
14864| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
14865| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
14866| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
14867| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
14868| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
14869| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
14870| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
14871| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
14872| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
14873| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
14874| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
14875| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
14876| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
14877| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
14878| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
14879| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
14880| [82076] Apache Ranger up to 0.5.1 privilege escalation
14881| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
14882| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
14883| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
14884| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
14885| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
14886| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
14887| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
14888| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
14889| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
14890| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
14891| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
14892| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
14893| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14894| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14895| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
14896| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
14897| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
14898| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
14899| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
14900| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
14901| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
14902| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
14903| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
14904| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
14905| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
14906| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
14907| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
14908| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
14909| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
14910| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
14911| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
14912| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
14913| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
14914| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
14915| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
14916| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
14917| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
14918| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
14919| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
14920| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
14921| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
14922| [79791] Cisco Products Apache Commons Collections Library privilege escalation
14923| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14924| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14925| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
14926| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
14927| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
14928| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
14929| [78989] Apache Ambari up to 2.1.1 Open Redirect
14930| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
14931| [78987] Apache Ambari up to 2.0.x cross site scripting
14932| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
14933| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14934| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14935| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14936| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14937| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14938| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14939| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14940| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
14941| [77406] Apache Flex BlazeDS AMF Message XML External Entity
14942| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
14943| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
14944| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
14945| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
14946| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
14947| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
14948| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
14949| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
14950| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
14951| [76567] Apache Struts 2.3.20 unknown vulnerability
14952| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
14953| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
14954| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
14955| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
14956| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
14957| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
14958| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
14959| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
14960| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
14961| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
14962| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
14963| [74793] Apache Tomcat File Upload denial of service
14964| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
14965| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
14966| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
14967| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
14968| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
14969| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
14970| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
14971| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
14972| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
14973| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
14974| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
14975| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
14976| [74468] Apache Batik up to 1.6 denial of service
14977| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
14978| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
14979| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
14980| [74174] Apache WSS4J up to 2.0.0 privilege escalation
14981| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
14982| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
14983| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
14984| [73731] Apache XML Security unknown vulnerability
14985| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
14986| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
14987| [73593] Apache Traffic Server up to 5.1.0 denial of service
14988| [73511] Apache POI up to 3.10 Deadlock denial of service
14989| [73510] Apache Solr up to 4.3.0 cross site scripting
14990| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
14991| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
14992| [73173] Apache CloudStack Stack-Based unknown vulnerability
14993| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
14994| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
14995| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
14996| [72890] Apache Qpid 0.30 unknown vulnerability
14997| [72887] Apache Hive 0.13.0 File Permission privilege escalation
14998| [72878] Apache Cordova 3.5.0 cross site request forgery
14999| [72877] Apache Cordova 3.5.0 cross site request forgery
15000| [72876] Apache Cordova 3.5.0 cross site request forgery
15001| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
15002| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
15003| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
15004| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
15005| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
15006| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
15007| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
15008| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
15009| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
15010| [71629] Apache Axis2/C spoofing
15011| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
15012| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
15013| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
15014| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
15015| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
15016| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
15017| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
15018| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
15019| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
15020| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
15021| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
15022| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
15023| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
15024| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
15025| [70809] Apache POI up to 3.11 Crash denial of service
15026| [70808] Apache POI up to 3.10 unknown vulnerability
15027| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
15028| [70749] Apache Axis up to 1.4 getCN spoofing
15029| [70701] Apache Traffic Server up to 3.3.5 denial of service
15030| [70700] Apache OFBiz up to 12.04.03 cross site scripting
15031| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
15032| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
15033| [70661] Apache Subversion up to 1.6.17 denial of service
15034| [70660] Apache Subversion up to 1.6.17 spoofing
15035| [70659] Apache Subversion up to 1.6.17 spoofing
15036| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
15037| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
15038| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
15039| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
15040| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
15041| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
15042| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
15043| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
15044| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
15045| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
15046| [69846] Apache HBase up to 0.94.8 information disclosure
15047| [69783] Apache CouchDB up to 1.2.0 memory corruption
15048| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
15049| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
15050| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
15051| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
15052| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
15053| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
15054| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
15055| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
15056| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
15057| [69431] Apache Archiva up to 1.3.6 cross site scripting
15058| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
15059| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
15060| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
15061| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
15062| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
15063| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
15064| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
15065| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
15066| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
15067| [66739] Apache Camel up to 2.12.2 unknown vulnerability
15068| [66738] Apache Camel up to 2.12.2 unknown vulnerability
15069| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
15070| [66695] Apache CouchDB up to 1.2.0 cross site scripting
15071| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
15072| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
15073| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
15074| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
15075| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
15076| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
15077| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
15078| [66356] Apache Wicket up to 6.8.0 information disclosure
15079| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
15080| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
15081| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
15082| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
15083| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
15084| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
15085| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
15086| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
15087| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
15088| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
15089| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
15090| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
15091| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
15092| [65668] Apache Solr 4.0.0 Updater denial of service
15093| [65665] Apache Solr up to 4.3.0 denial of service
15094| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
15095| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
15096| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
15097| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
15098| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
15099| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
15100| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
15101| [65410] Apache Struts 2.3.15.3 cross site scripting
15102| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
15103| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
15104| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
15105| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
15106| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
15107| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
15108| [65340] Apache Shindig 2.5.0 information disclosure
15109| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
15110| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
15111| [10826] Apache Struts 2 File privilege escalation
15112| [65204] Apache Camel up to 2.10.1 unknown vulnerability
15113| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
15114| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
15115| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
15116| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
15117| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
15118| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
15119| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
15120| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
15121| [64722] Apache XML Security for C++ Heap-based memory corruption
15122| [64719] Apache XML Security for C++ Heap-based memory corruption
15123| [64718] Apache XML Security for C++ verify denial of service
15124| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
15125| [64716] Apache XML Security for C++ spoofing
15126| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
15127| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
15128| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
15129| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
15130| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
15131| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
15132| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
15133| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
15134| [64485] Apache Struts up to 2.2.3.0 privilege escalation
15135| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
15136| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
15137| [64467] Apache Geronimo 3.0 memory corruption
15138| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
15139| [64457] Apache Struts up to 2.2.3.0 cross site scripting
15140| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
15141| [9184] Apache Qpid up to 0.20 SSL misconfiguration
15142| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
15143| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
15144| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
15145| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
15146| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
15147| [8873] Apache Struts 2.3.14 privilege escalation
15148| [8872] Apache Struts 2.3.14 privilege escalation
15149| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
15150| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
15151| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
15152| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
15153| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
15154| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
15155| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
15156| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
15157| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
15158| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
15159| [64006] Apache ActiveMQ up to 5.7.0 denial of service
15160| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
15161| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
15162| [8427] Apache Tomcat Session Transaction weak authentication
15163| [63960] Apache Maven 3.0.4 Default Configuration spoofing
15164| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
15165| [63750] Apache qpid up to 0.20 checkAvailable denial of service
15166| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
15167| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
15168| [63747] Apache Rave up to 0.20 User Account information disclosure
15169| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
15170| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
15171| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
15172| [7687] Apache CXF up to 2.7.2 Token weak authentication
15173| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
15174| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
15175| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
15176| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
15177| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
15178| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
15179| [63090] Apache Tomcat up to 4.1.24 denial of service
15180| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
15181| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
15182| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
15183| [62833] Apache CXF -/2.6.0 spoofing
15184| [62832] Apache Axis2 up to 1.6.2 spoofing
15185| [62831] Apache Axis up to 1.4 Java Message Service spoofing
15186| [62830] Apache Commons-httpclient 3.0 Payments spoofing
15187| [62826] Apache Libcloud up to 0.11.0 spoofing
15188| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
15189| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
15190| [62661] Apache Axis2 unknown vulnerability
15191| [62658] Apache Axis2 unknown vulnerability
15192| [62467] Apache Qpid up to 0.17 denial of service
15193| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
15194| [6301] Apache HTTP Server mod_pagespeed cross site scripting
15195| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
15196| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
15197| [62035] Apache Struts up to 2.3.4 denial of service
15198| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
15199| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
15200| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
15201| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
15202| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
15203| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
15204| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
15205| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
15206| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
15207| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
15208| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
15209| [61229] Apache Sling up to 2.1.1 denial of service
15210| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
15211| [61094] Apache Roller up to 5.0 cross site scripting
15212| [61093] Apache Roller up to 5.0 cross site request forgery
15213| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
15214| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
15215| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
15216| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
15217| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
15218| [60708] Apache Qpid 0.12 unknown vulnerability
15219| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
15220| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
15221| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
15222| [4882] Apache Wicket up to 1.5.4 directory traversal
15223| [4881] Apache Wicket up to 1.4.19 cross site scripting
15224| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
15225| [60352] Apache Struts up to 2.2.3 memory corruption
15226| [60153] Apache Portable Runtime up to 1.4.3 denial of service
15227| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
15228| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
15229| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
15230| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
15231| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
15232| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
15233| [4571] Apache Struts up to 2.3.1.2 privilege escalation
15234| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
15235| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
15236| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
15237| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
15238| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
15239| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
15240| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
15241| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
15242| [59888] Apache Tomcat up to 6.0.6 denial of service
15243| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
15244| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
15245| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
15246| [59850] Apache Geronimo up to 2.2.1 denial of service
15247| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
15248| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
15249| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
15250| [58413] Apache Tomcat up to 6.0.10 spoofing
15251| [58381] Apache Wicket up to 1.4.17 cross site scripting
15252| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
15253| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
15254| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
15255| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
15256| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
15257| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
15258| [57568] Apache Archiva up to 1.3.4 cross site scripting
15259| [57567] Apache Archiva up to 1.3.4 cross site request forgery
15260| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
15261| [4355] Apache HTTP Server APR apr_fnmatch denial of service
15262| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
15263| [57425] Apache Struts up to 2.2.1.1 cross site scripting
15264| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
15265| [57025] Apache Tomcat up to 7.0.11 information disclosure
15266| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
15267| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
15268| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
15269| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
15270| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
15271| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
15272| [56512] Apache Continuum up to 1.4.0 cross site scripting
15273| [4285] Apache Tomcat 5.x JVM getLocale denial of service
15274| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
15275| [4283] Apache Tomcat 5.x ServletContect privilege escalation
15276| [56441] Apache Tomcat up to 7.0.6 denial of service
15277| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
15278| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
15279| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
15280| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
15281| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
15282| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
15283| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
15284| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
15285| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
15286| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
15287| [54693] Apache Traffic Server DNS Cache unknown vulnerability
15288| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
15289| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
15290| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
15291| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
15292| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
15293| [54012] Apache Tomcat up to 6.0.10 denial of service
15294| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
15295| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
15296| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
15297| [52894] Apache Tomcat up to 6.0.7 information disclosure
15298| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
15299| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
15300| [52786] Apache Open For Business Project up to 09.04 cross site scripting
15301| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
15302| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
15303| [52584] Apache CouchDB up to 0.10.1 information disclosure
15304| [51757] Apache HTTP Server 2.0.44 cross site scripting
15305| [51756] Apache HTTP Server 2.0.44 spoofing
15306| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
15307| [51690] Apache Tomcat up to 6.0 directory traversal
15308| [51689] Apache Tomcat up to 6.0 information disclosure
15309| [51688] Apache Tomcat up to 6.0 directory traversal
15310| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
15311| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
15312| [50626] Apache Solr 1.0.0 cross site scripting
15313| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
15314| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
15315| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
15316| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
15317| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
15318| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
15319| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
15320| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
15321| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
15322| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
15323| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
15324| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
15325| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
15326| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
15327| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
15328| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
15329| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
15330| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
15331| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
15332| [47214] Apachefriends xampp 1.6.8 spoofing
15333| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
15334| [47162] Apachefriends XAMPP 1.4.4 weak authentication
15335| [47065] Apache Tomcat 4.1.23 cross site scripting
15336| [46834] Apache Tomcat up to 5.5.20 cross site scripting
15337| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
15338| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
15339| [86625] Apache Struts directory traversal
15340| [44461] Apache Tomcat up to 5.5.0 information disclosure
15341| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
15342| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
15343| [43663] Apache Tomcat up to 6.0.16 directory traversal
15344| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
15345| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
15346| [43516] Apache Tomcat up to 4.1.20 directory traversal
15347| [43509] Apache Tomcat up to 6.0.13 cross site scripting
15348| [42637] Apache Tomcat up to 6.0.16 cross site scripting
15349| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
15350| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
15351| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
15352| [40924] Apache Tomcat up to 6.0.15 information disclosure
15353| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
15354| [40922] Apache Tomcat up to 6.0 information disclosure
15355| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
15356| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
15357| [40656] Apache Tomcat 5.5.20 information disclosure
15358| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
15359| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
15360| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
15361| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
15362| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
15363| [40234] Apache Tomcat up to 6.0.15 directory traversal
15364| [40221] Apache HTTP Server 2.2.6 information disclosure
15365| [40027] David Castro Apache Authcas 0.4 sql injection
15366| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
15367| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
15368| [3414] Apache Tomcat WebDAV Stored privilege escalation
15369| [39489] Apache Jakarta Slide up to 2.1 directory traversal
15370| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
15371| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
15372| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
15373| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
15374| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
15375| [38524] Apache Geronimo 2.0 unknown vulnerability
15376| [3256] Apache Tomcat up to 6.0.13 cross site scripting
15377| [38331] Apache Tomcat 4.1.24 information disclosure
15378| [38330] Apache Tomcat 4.1.24 information disclosure
15379| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
15380| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
15381| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
15382| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
15383| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
15384| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
15385| [37292] Apache Tomcat up to 5.5.1 cross site scripting
15386| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
15387| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
15388| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
15389| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
15390| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
15391| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
15392| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
15393| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
15394| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
15395| [36225] XAMPP Apache Distribution 1.6.0a sql injection
15396| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
15397| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
15398| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
15399| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
15400| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
15401| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
15402| [34252] Apache HTTP Server denial of service
15403| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
15404| [33877] Apache Opentaps 0.9.3 cross site scripting
15405| [33876] Apache Open For Business Project unknown vulnerability
15406| [33875] Apache Open For Business Project cross site scripting
15407| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
15408| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
15409|
15410| MITRE CVE - https://cve.mitre.org:
15411| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
15412| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
15413| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
15414| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
15415| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
15416| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
15417| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
15418| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
15419| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
15420| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
15421| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
15422| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
15423| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
15424| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
15425| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
15426| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
15427| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
15428| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
15429| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
15430| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
15431| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
15432| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
15433| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
15434| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
15435| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
15436| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
15437| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
15438| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
15439| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
15440| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
15441| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15442| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
15443| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
15444| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
15445| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
15446| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
15447| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
15448| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
15449| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
15450| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
15451| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
15452| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15453| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15454| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15455| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15456| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
15457| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
15458| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
15459| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
15460| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
15461| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
15462| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
15463| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
15464| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
15465| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
15466| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
15467| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
15468| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
15469| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
15470| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
15471| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
15472| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
15473| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
15474| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
15475| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15476| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
15477| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
15478| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
15479| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
15480| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
15481| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
15482| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
15483| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
15484| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
15485| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
15486| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
15487| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
15488| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
15489| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
15490| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
15491| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
15492| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
15493| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
15494| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
15495| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
15496| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
15497| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
15498| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
15499| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
15500| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
15501| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
15502| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
15503| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
15504| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
15505| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
15506| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
15507| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
15508| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
15509| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
15510| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
15511| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
15512| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
15513| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
15514| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
15515| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
15516| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
15517| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
15518| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
15519| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
15520| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
15521| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
15522| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
15523| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
15524| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
15525| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
15526| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
15527| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
15528| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
15529| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
15530| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
15531| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
15532| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
15533| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
15534| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
15535| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
15536| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
15537| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
15538| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
15539| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
15540| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
15541| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
15542| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
15543| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
15544| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
15545| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
15546| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
15547| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
15548| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
15549| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
15550| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
15551| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
15552| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
15553| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
15554| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
15555| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
15556| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
15557| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
15558| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
15559| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
15560| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
15561| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
15562| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
15563| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
15564| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
15565| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
15566| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
15567| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
15568| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
15569| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
15570| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
15571| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
15572| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
15573| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
15574| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15575| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
15576| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
15577| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
15578| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
15579| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
15580| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
15581| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
15582| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
15583| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
15584| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
15585| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
15586| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
15587| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
15588| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
15589| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
15590| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15591| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
15592| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
15593| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
15594| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
15595| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
15596| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
15597| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
15598| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
15599| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
15600| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
15601| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
15602| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
15603| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
15604| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
15605| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
15606| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
15607| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
15608| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
15609| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
15610| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
15611| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
15612| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
15613| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
15614| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
15615| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
15616| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
15617| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
15618| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
15619| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
15620| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
15621| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
15622| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
15623| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
15624| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
15625| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
15626| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
15627| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
15628| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
15629| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
15630| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
15631| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15632| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
15633| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
15634| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
15635| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
15636| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
15637| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
15638| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
15639| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
15640| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
15641| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
15642| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
15643| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
15644| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
15645| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
15646| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
15647| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
15648| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
15649| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
15650| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
15651| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
15652| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
15653| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
15654| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
15655| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
15656| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
15657| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
15658| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
15659| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
15660| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
15661| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
15662| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
15663| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
15664| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
15665| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
15666| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
15667| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
15668| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
15669| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
15670| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
15671| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
15672| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
15673| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
15674| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
15675| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
15676| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
15677| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
15678| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
15679| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
15680| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
15681| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
15682| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
15683| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
15684| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
15685| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
15686| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
15687| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
15688| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
15689| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
15690| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
15691| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
15692| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
15693| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
15694| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
15695| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
15696| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
15697| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
15698| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
15699| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
15700| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
15701| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
15702| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
15703| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
15704| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15705| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15706| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
15707| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
15708| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
15709| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
15710| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
15711| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
15712| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
15713| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
15714| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
15715| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
15716| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15717| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15718| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
15719| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
15720| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
15721| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15722| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
15723| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
15724| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
15725| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
15726| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
15727| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
15728| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
15729| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
15730| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15731| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
15732| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
15733| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
15734| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
15735| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
15736| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
15737| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
15738| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
15739| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
15740| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
15741| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
15742| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
15743| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
15744| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
15745| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
15746| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
15747| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
15748| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
15749| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
15750| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
15751| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
15752| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
15753| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
15754| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
15755| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
15756| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
15757| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
15758| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15759| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15760| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
15761| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
15762| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
15763| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15764| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
15765| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
15766| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
15767| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
15768| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
15769| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
15770| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
15771| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
15772| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
15773| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
15774| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
15775| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
15776| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
15777| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15778| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15779| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
15780| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
15781| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
15782| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
15783| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
15784| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
15785| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
15786| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15787| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
15788| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15789| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
15790| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
15791| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
15792| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15793| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
15794| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15795| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
15796| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
15797| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15798| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
15799| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
15800| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
15801| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
15802| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
15803| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
15804| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
15805| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
15806| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15807| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
15808| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
15809| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
15810| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
15811| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
15812| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
15813| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
15814| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
15815| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
15816| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
15817| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
15818| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
15819| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
15820| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
15821| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
15822| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
15823| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
15824| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
15825| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
15826| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
15827| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
15828| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15829| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15830| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
15831| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
15832| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
15833| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
15834| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
15835| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
15836| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
15837| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
15838| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
15839| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
15840| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
15841| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
15842| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
15843| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
15844| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
15845| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
15846| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
15847| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
15848| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
15849| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
15850| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
15851| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
15852| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
15853| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15854| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15855| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15856| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
15857| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
15858| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
15859| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
15860| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
15861| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
15862| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
15863| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
15864| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
15865| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
15866| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
15867| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
15868| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
15869| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
15870| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
15871| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15872| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15873| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
15874| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
15875| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
15876| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
15877| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
15878| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
15879| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
15880| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
15881| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
15882| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
15883| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
15884| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
15885| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
15886| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
15887| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
15888| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
15889| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
15890| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
15891| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
15892| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
15893| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
15894| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
15895| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
15896| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
15897| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
15898| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15899| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15900| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
15901| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
15902| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
15903| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
15904| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
15905| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
15906| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
15907| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
15908| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
15909| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
15910| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
15911| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
15912| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
15913| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
15914| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
15915| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
15916| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
15917| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
15918| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
15919| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
15920| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
15921| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
15922| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
15923| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
15924| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
15925| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
15926| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
15927| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15928| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
15929| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
15930| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
15931| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
15932| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
15933| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
15934| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
15935| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
15936| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
15937| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
15938| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
15939| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
15940| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
15941| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
15942| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
15943| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
15944| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
15945| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15946| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
15947| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
15948| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
15949| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
15950| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
15951| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
15952| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
15953| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
15954| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
15955| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
15956| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
15957| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
15958| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
15959| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
15960| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
15961| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
15962| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
15963| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
15964| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
15965| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
15966| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
15967| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
15968| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
15969| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
15970| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
15971| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
15972| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
15973| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
15974| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
15975| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
15976| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
15977| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
15978| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
15979| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
15980| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
15981| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
15982| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
15983| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
15984| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
15985| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
15986| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
15987| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
15988| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
15989| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
15990| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
15991| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
15992| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
15993| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
15994| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
15995| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
15996| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
15997| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
15998| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
15999| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
16000| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
16001| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
16002| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
16003| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
16004| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
16005| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
16006| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
16007| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
16008| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
16009| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
16010| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
16011| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
16012| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
16013| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
16014| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
16015| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
16016| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
16017| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
16018| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
16019| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
16020|
16021| SecurityFocus - https://www.securityfocus.com/bid/:
16022| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
16023| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
16024| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
16025| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
16026| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
16027| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
16028| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
16029| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
16030| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
16031| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
16032| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
16033| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
16034| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
16035| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
16036| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
16037| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
16038| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
16039| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
16040| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
16041| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
16042| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
16043| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
16044| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
16045| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
16046| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
16047| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
16048| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
16049| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
16050| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
16051| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
16052| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
16053| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
16054| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
16055| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
16056| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
16057| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
16058| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
16059| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
16060| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
16061| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
16062| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
16063| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
16064| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
16065| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
16066| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
16067| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
16068| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
16069| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
16070| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
16071| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
16072| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
16073| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
16074| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
16075| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
16076| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
16077| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
16078| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
16079| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
16080| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
16081| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
16082| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
16083| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
16084| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
16085| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
16086| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
16087| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
16088| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
16089| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
16090| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
16091| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
16092| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
16093| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
16094| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
16095| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
16096| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
16097| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
16098| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
16099| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
16100| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
16101| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
16102| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
16103| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
16104| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
16105| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
16106| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
16107| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
16108| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
16109| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
16110| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
16111| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
16112| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
16113| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
16114| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
16115| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
16116| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
16117| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
16118| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
16119| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
16120| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
16121| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
16122| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
16123| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
16124| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
16125| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
16126| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
16127| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
16128| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
16129| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
16130| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
16131| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
16132| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
16133| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
16134| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
16135| [100447] Apache2Triad Multiple Security Vulnerabilities
16136| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
16137| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
16138| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
16139| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
16140| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
16141| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
16142| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
16143| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
16144| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
16145| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
16146| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
16147| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
16148| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
16149| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
16150| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
16151| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
16152| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
16153| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
16154| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
16155| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
16156| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
16157| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
16158| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
16159| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
16160| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
16161| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
16162| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
16163| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
16164| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
16165| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
16166| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
16167| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
16168| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
16169| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
16170| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
16171| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
16172| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
16173| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
16174| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
16175| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
16176| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
16177| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
16178| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
16179| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
16180| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
16181| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
16182| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
16183| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
16184| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
16185| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
16186| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
16187| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
16188| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
16189| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
16190| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
16191| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
16192| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
16193| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
16194| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
16195| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
16196| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
16197| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
16198| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
16199| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
16200| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
16201| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
16202| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
16203| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
16204| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
16205| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
16206| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
16207| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
16208| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
16209| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
16210| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
16211| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
16212| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
16213| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
16214| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
16215| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
16216| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
16217| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
16218| [95675] Apache Struts Remote Code Execution Vulnerability
16219| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
16220| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
16221| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
16222| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
16223| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
16224| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
16225| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
16226| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
16227| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
16228| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
16229| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
16230| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
16231| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
16232| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
16233| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
16234| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
16235| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
16236| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
16237| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
16238| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
16239| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
16240| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
16241| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
16242| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
16243| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
16244| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
16245| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
16246| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
16247| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
16248| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
16249| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
16250| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
16251| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
16252| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
16253| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
16254| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
16255| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
16256| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
16257| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
16258| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
16259| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
16260| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
16261| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
16262| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
16263| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
16264| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
16265| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
16266| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
16267| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
16268| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
16269| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
16270| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
16271| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
16272| [91736] Apache XML-RPC Multiple Security Vulnerabilities
16273| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
16274| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
16275| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
16276| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
16277| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
16278| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
16279| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
16280| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
16281| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
16282| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
16283| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
16284| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
16285| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
16286| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
16287| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
16288| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
16289| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
16290| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
16291| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
16292| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
16293| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
16294| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
16295| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
16296| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
16297| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
16298| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
16299| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
16300| [90482] Apache CVE-2004-1387 Local Security Vulnerability
16301| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
16302| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
16303| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
16304| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
16305| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
16306| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
16307| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
16308| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
16309| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
16310| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
16311| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
16312| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
16313| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
16314| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
16315| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
16316| [86399] Apache CVE-2007-1743 Local Security Vulnerability
16317| [86397] Apache CVE-2007-1742 Local Security Vulnerability
16318| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
16319| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
16320| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
16321| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
16322| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
16323| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
16324| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
16325| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
16326| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
16327| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
16328| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
16329| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
16330| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
16331| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
16332| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
16333| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
16334| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
16335| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
16336| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
16337| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
16338| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
16339| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
16340| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
16341| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
16342| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
16343| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
16344| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
16345| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
16346| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
16347| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
16348| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
16349| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
16350| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
16351| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
16352| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
16353| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
16354| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
16355| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
16356| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
16357| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
16358| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
16359| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
16360| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
16361| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
16362| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
16363| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
16364| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
16365| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
16366| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
16367| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
16368| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
16369| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
16370| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
16371| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
16372| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
16373| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
16374| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
16375| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
16376| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
16377| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
16378| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
16379| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
16380| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
16381| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
16382| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
16383| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
16384| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
16385| [76933] Apache James Server Unspecified Command Execution Vulnerability
16386| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
16387| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
16388| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
16389| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
16390| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
16391| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
16392| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
16393| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
16394| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
16395| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
16396| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
16397| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
16398| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
16399| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
16400| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
16401| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
16402| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
16403| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
16404| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
16405| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
16406| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
16407| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
16408| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
16409| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
16410| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
16411| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
16412| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
16413| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
16414| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
16415| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
16416| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
16417| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
16418| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
16419| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
16420| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
16421| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
16422| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
16423| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
16424| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
16425| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
16426| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
16427| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
16428| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
16429| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
16430| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
16431| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
16432| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
16433| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
16434| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
16435| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
16436| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
16437| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
16438| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
16439| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
16440| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
16441| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
16442| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
16443| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
16444| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
16445| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
16446| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
16447| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
16448| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
16449| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
16450| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
16451| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
16452| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
16453| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
16454| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
16455| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
16456| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
16457| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
16458| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
16459| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
16460| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
16461| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
16462| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
16463| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
16464| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
16465| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
16466| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
16467| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
16468| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
16469| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
16470| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
16471| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
16472| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
16473| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
16474| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
16475| [68229] Apache Harmony PRNG Entropy Weakness
16476| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
16477| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
16478| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
16479| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
16480| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
16481| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
16482| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
16483| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
16484| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
16485| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
16486| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
16487| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
16488| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
16489| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
16490| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
16491| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
16492| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
16493| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
16494| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
16495| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
16496| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
16497| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
16498| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
16499| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
16500| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
16501| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
16502| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
16503| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
16504| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
16505| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
16506| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
16507| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
16508| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
16509| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
16510| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
16511| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
16512| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
16513| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
16514| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
16515| [64780] Apache CloudStack Unauthorized Access Vulnerability
16516| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
16517| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
16518| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
16519| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
16520| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
16521| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
16522| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
16523| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
16524| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
16525| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
16526| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
16527| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16528| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
16529| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
16530| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
16531| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
16532| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
16533| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
16534| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
16535| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
16536| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
16537| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
16538| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
16539| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
16540| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
16541| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
16542| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
16543| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
16544| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
16545| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
16546| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
16547| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
16548| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
16549| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
16550| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
16551| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
16552| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
16553| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
16554| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
16555| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
16556| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
16557| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
16558| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
16559| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
16560| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
16561| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
16562| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
16563| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
16564| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
16565| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
16566| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
16567| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
16568| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
16569| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
16570| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
16571| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
16572| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
16573| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
16574| [59670] Apache VCL Multiple Input Validation Vulnerabilities
16575| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
16576| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
16577| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
16578| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
16579| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
16580| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
16581| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
16582| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
16583| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
16584| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
16585| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
16586| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
16587| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
16588| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
16589| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
16590| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
16591| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
16592| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
16593| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
16594| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
16595| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
16596| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
16597| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
16598| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
16599| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
16600| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
16601| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
16602| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
16603| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
16604| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
16605| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
16606| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
16607| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
16608| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
16609| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
16610| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
16611| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
16612| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
16613| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
16614| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
16615| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
16616| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
16617| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
16618| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
16619| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
16620| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
16621| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
16622| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
16623| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
16624| [54798] Apache Libcloud Man In The Middle Vulnerability
16625| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
16626| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
16627| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
16628| [54189] Apache Roller Cross Site Request Forgery Vulnerability
16629| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
16630| [53880] Apache CXF Child Policies Security Bypass Vulnerability
16631| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
16632| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
16633| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
16634| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
16635| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
16636| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
16637| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
16638| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16639| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
16640| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
16641| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
16642| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
16643| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
16644| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
16645| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
16646| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
16647| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
16648| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
16649| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
16650| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
16651| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16652| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16653| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
16654| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
16655| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
16656| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
16657| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
16658| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
16659| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
16660| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16661| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
16662| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
16663| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
16664| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
16665| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16666| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16667| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
16668| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
16669| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16670| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
16671| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
16672| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
16673| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
16674| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
16675| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
16676| [49290] Apache Wicket Cross Site Scripting Vulnerability
16677| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
16678| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
16679| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
16680| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
16681| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
16682| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
16683| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
16684| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16685| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
16686| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
16687| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
16688| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
16689| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
16690| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
16691| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
16692| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
16693| [46953] Apache MPM-ITK Module Security Weakness
16694| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
16695| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
16696| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
16697| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
16698| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
16699| [46166] Apache Tomcat JVM Denial of Service Vulnerability
16700| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
16701| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16702| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
16703| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
16704| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
16705| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
16706| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
16707| [44616] Apache Shiro Directory Traversal Vulnerability
16708| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
16709| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
16710| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
16711| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
16712| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
16713| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16714| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
16715| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
16716| [42492] Apache CXF XML DTD Processing Security Vulnerability
16717| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
16718| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16719| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16720| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
16721| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
16722| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16723| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
16724| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
16725| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
16726| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16727| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16728| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
16729| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
16730| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16731| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
16732| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
16733| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
16734| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
16735| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
16736| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
16737| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
16738| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
16739| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
16740| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
16741| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
16742| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
16743| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
16744| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
16745| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
16746| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
16747| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16748| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
16749| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
16750| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
16751| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
16752| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16753| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
16754| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
16755| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
16756| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
16757| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
16758| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16759| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16760| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
16761| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
16762| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
16763| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
16764| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
16765| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
16766| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16767| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
16768| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
16769| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16770| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
16771| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
16772| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
16773| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
16774| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
16775| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
16776| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
16777| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16778| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
16779| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
16780| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
16781| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
16782| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
16783| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
16784| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
16785| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
16786| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
16787| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16788| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
16789| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16790| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
16791| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
16792| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
16793| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
16794| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
16795| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16796| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
16797| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
16798| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
16799| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
16800| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
16801| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
16802| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
16803| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
16804| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
16805| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
16806| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
16807| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
16808| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
16809| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
16810| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
16811| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
16812| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
16813| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
16814| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
16815| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
16816| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
16817| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
16818| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
16819| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16820| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
16821| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
16822| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
16823| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
16824| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
16825| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
16826| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
16827| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
16828| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
16829| [20527] Apache Mod_TCL Remote Format String Vulnerability
16830| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
16831| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
16832| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
16833| [19106] Apache Tomcat Information Disclosure Vulnerability
16834| [18138] Apache James SMTP Denial Of Service Vulnerability
16835| [17342] Apache Struts Multiple Remote Vulnerabilities
16836| [17095] Apache Log4Net Denial Of Service Vulnerability
16837| [16916] Apache mod_python FileSession Code Execution Vulnerability
16838| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
16839| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
16840| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
16841| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
16842| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
16843| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
16844| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
16845| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
16846| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
16847| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
16848| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
16849| [15177] PHP Apache 2 Local Denial of Service Vulnerability
16850| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
16851| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
16852| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
16853| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
16854| [14106] Apache HTTP Request Smuggling Vulnerability
16855| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
16856| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
16857| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
16858| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
16859| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
16860| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
16861| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
16862| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
16863| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
16864| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
16865| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
16866| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
16867| [11471] Apache mod_include Local Buffer Overflow Vulnerability
16868| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
16869| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
16870| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
16871| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
16872| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16873| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
16874| [11094] Apache mod_ssl Denial Of Service Vulnerability
16875| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
16876| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
16877| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
16878| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
16879| [10478] ClueCentral Apache Suexec Patch Security Weakness
16880| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
16881| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
16882| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
16883| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
16884| [9921] Apache Connection Blocking Denial Of Service Vulnerability
16885| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
16886| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
16887| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
16888| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
16889| [9733] Apache Cygwin Directory Traversal Vulnerability
16890| [9599] Apache mod_php Global Variables Information Disclosure Weakness
16891| [9590] Apache-SSL Client Certificate Forging Vulnerability
16892| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
16893| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
16894| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
16895| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
16896| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
16897| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
16898| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
16899| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
16900| [8898] Red Hat Apache Directory Index Default Configuration Error
16901| [8883] Apache Cocoon Directory Traversal Vulnerability
16902| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
16903| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
16904| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
16905| [8707] Apache htpasswd Password Entropy Weakness
16906| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
16907| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
16908| [8226] Apache HTTP Server Multiple Vulnerabilities
16909| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
16910| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
16911| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
16912| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
16913| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
16914| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
16915| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
16916| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
16917| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
16918| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
16919| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
16920| [7255] Apache Web Server File Descriptor Leakage Vulnerability
16921| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16922| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
16923| [6939] Apache Web Server ETag Header Information Disclosure Weakness
16924| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
16925| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
16926| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
16927| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
16928| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
16929| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
16930| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
16931| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
16932| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
16933| [6117] Apache mod_php File Descriptor Leakage Vulnerability
16934| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
16935| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
16936| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
16937| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
16938| [5992] Apache HTDigest Insecure Temporary File Vulnerability
16939| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
16940| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
16941| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
16942| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
16943| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
16944| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16945| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
16946| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
16947| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
16948| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
16949| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16950| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
16951| [5485] Apache 2.0 Path Disclosure Vulnerability
16952| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16953| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
16954| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
16955| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
16956| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
16957| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
16958| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
16959| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
16960| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
16961| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
16962| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
16963| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
16964| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
16965| [4437] Apache Error Message Cross-Site Scripting Vulnerability
16966| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
16967| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
16968| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
16969| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
16970| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
16971| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
16972| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
16973| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
16974| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
16975| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
16976| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
16977| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
16978| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
16979| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
16980| [3596] Apache Split-Logfile File Append Vulnerability
16981| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
16982| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
16983| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
16984| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
16985| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
16986| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
16987| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
16988| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
16989| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
16990| [3169] Apache Server Address Disclosure Vulnerability
16991| [3009] Apache Possible Directory Index Disclosure Vulnerability
16992| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
16993| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
16994| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
16995| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
16996| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
16997| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
16998| [2216] Apache Web Server DoS Vulnerability
16999| [2182] Apache /tmp File Race Vulnerability
17000| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
17001| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
17002| [1821] Apache mod_cookies Buffer Overflow Vulnerability
17003| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
17004| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
17005| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
17006| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
17007| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
17008| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
17009| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
17010| [1457] Apache::ASP source.asp Example Script Vulnerability
17011| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
17012| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
17013|
17014| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17015| [86258] Apache CloudStack text fields cross-site scripting
17016| [85983] Apache Subversion mod_dav_svn module denial of service
17017| [85875] Apache OFBiz UEL code execution
17018| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
17019| [85871] Apache HTTP Server mod_session_dbd unspecified
17020| [85756] Apache Struts OGNL expression command execution
17021| [85755] Apache Struts DefaultActionMapper class open redirect
17022| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
17023| [85574] Apache HTTP Server mod_dav denial of service
17024| [85573] Apache Struts Showcase App OGNL code execution
17025| [85496] Apache CXF denial of service
17026| [85423] Apache Geronimo RMI classloader code execution
17027| [85326] Apache Santuario XML Security for C++ buffer overflow
17028| [85323] Apache Santuario XML Security for Java spoofing
17029| [85319] Apache Qpid Python client SSL spoofing
17030| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
17031| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
17032| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
17033| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
17034| [84952] Apache Tomcat CVE-2012-3544 denial of service
17035| [84763] Apache Struts CVE-2013-2135 security bypass
17036| [84762] Apache Struts CVE-2013-2134 security bypass
17037| [84719] Apache Subversion CVE-2013-2088 command execution
17038| [84718] Apache Subversion CVE-2013-2112 denial of service
17039| [84717] Apache Subversion CVE-2013-1968 denial of service
17040| [84577] Apache Tomcat security bypass
17041| [84576] Apache Tomcat symlink
17042| [84543] Apache Struts CVE-2013-2115 security bypass
17043| [84542] Apache Struts CVE-2013-1966 security bypass
17044| [84154] Apache Tomcat session hijacking
17045| [84144] Apache Tomcat denial of service
17046| [84143] Apache Tomcat information disclosure
17047| [84111] Apache HTTP Server command execution
17048| [84043] Apache Virtual Computing Lab cross-site scripting
17049| [84042] Apache Virtual Computing Lab cross-site scripting
17050| [83782] Apache CloudStack information disclosure
17051| [83781] Apache CloudStack security bypass
17052| [83720] Apache ActiveMQ cross-site scripting
17053| [83719] Apache ActiveMQ denial of service
17054| [83718] Apache ActiveMQ denial of service
17055| [83263] Apache Subversion denial of service
17056| [83262] Apache Subversion denial of service
17057| [83261] Apache Subversion denial of service
17058| [83259] Apache Subversion denial of service
17059| [83035] Apache mod_ruid2 security bypass
17060| [82852] Apache Qpid federation_tag security bypass
17061| [82851] Apache Qpid qpid::framing::Buffer denial of service
17062| [82758] Apache Rave User RPC API information disclosure
17063| [82663] Apache Subversion svn_fs_file_length() denial of service
17064| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
17065| [82641] Apache Qpid AMQP denial of service
17066| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
17067| [82618] Apache Commons FileUpload symlink
17068| [82360] Apache HTTP Server manager interface cross-site scripting
17069| [82359] Apache HTTP Server hostnames cross-site scripting
17070| [82338] Apache Tomcat log/logdir information disclosure
17071| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
17072| [82268] Apache OpenJPA deserialization command execution
17073| [81981] Apache CXF UsernameTokens security bypass
17074| [81980] Apache CXF WS-Security security bypass
17075| [81398] Apache OFBiz cross-site scripting
17076| [81240] Apache CouchDB directory traversal
17077| [81226] Apache CouchDB JSONP code execution
17078| [81225] Apache CouchDB Futon user interface cross-site scripting
17079| [81211] Apache Axis2/C SSL spoofing
17080| [81167] Apache CloudStack DeployVM information disclosure
17081| [81166] Apache CloudStack AddHost API information disclosure
17082| [81165] Apache CloudStack createSSHKeyPair API information disclosure
17083| [80518] Apache Tomcat cross-site request forgery security bypass
17084| [80517] Apache Tomcat FormAuthenticator security bypass
17085| [80516] Apache Tomcat NIO denial of service
17086| [80408] Apache Tomcat replay-countermeasure security bypass
17087| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
17088| [80317] Apache Tomcat slowloris denial of service
17089| [79984] Apache Commons HttpClient SSL spoofing
17090| [79983] Apache CXF SSL spoofing
17091| [79830] Apache Axis2/Java SSL spoofing
17092| [79829] Apache Axis SSL spoofing
17093| [79809] Apache Tomcat DIGEST security bypass
17094| [79806] Apache Tomcat parseHeaders() denial of service
17095| [79540] Apache OFBiz unspecified
17096| [79487] Apache Axis2 SAML security bypass
17097| [79212] Apache Cloudstack code execution
17098| [78734] Apache CXF SOAP Action security bypass
17099| [78730] Apache Qpid broker denial of service
17100| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
17101| [78563] Apache mod_pagespeed module unspecified cross-site scripting
17102| [78562] Apache mod_pagespeed module security bypass
17103| [78454] Apache Axis2 security bypass
17104| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
17105| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
17106| [78321] Apache Wicket unspecified cross-site scripting
17107| [78183] Apache Struts parameters denial of service
17108| [78182] Apache Struts cross-site request forgery
17109| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
17110| [77987] mod_rpaf module for Apache denial of service
17111| [77958] Apache Struts skill name code execution
17112| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
17113| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
17114| [77568] Apache Qpid broker security bypass
17115| [77421] Apache Libcloud spoofing
17116| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
17117| [77046] Oracle Solaris Apache HTTP Server information disclosure
17118| [76837] Apache Hadoop information disclosure
17119| [76802] Apache Sling CopyFrom denial of service
17120| [76692] Apache Hadoop symlink
17121| [76535] Apache Roller console cross-site request forgery
17122| [76534] Apache Roller weblog cross-site scripting
17123| [76152] Apache CXF elements security bypass
17124| [76151] Apache CXF child policies security bypass
17125| [75983] MapServer for Windows Apache file include
17126| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
17127| [75558] Apache POI denial of service
17128| [75545] PHP apache_request_headers() buffer overflow
17129| [75302] Apache Qpid SASL security bypass
17130| [75211] Debian GNU/Linux apache 2 cross-site scripting
17131| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
17132| [74871] Apache OFBiz FlexibleStringExpander code execution
17133| [74870] Apache OFBiz multiple cross-site scripting
17134| [74750] Apache Hadoop unspecified spoofing
17135| [74319] Apache Struts XSLTResult.java file upload
17136| [74313] Apache Traffic Server header buffer overflow
17137| [74276] Apache Wicket directory traversal
17138| [74273] Apache Wicket unspecified cross-site scripting
17139| [74181] Apache HTTP Server mod_fcgid module denial of service
17140| [73690] Apache Struts OGNL code execution
17141| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
17142| [73100] Apache MyFaces in directory traversal
17143| [73096] Apache APR hash denial of service
17144| [73052] Apache Struts name cross-site scripting
17145| [73030] Apache CXF UsernameToken security bypass
17146| [72888] Apache Struts lastName cross-site scripting
17147| [72758] Apache HTTP Server httpOnly information disclosure
17148| [72757] Apache HTTP Server MPM denial of service
17149| [72585] Apache Struts ParameterInterceptor security bypass
17150| [72438] Apache Tomcat Digest security bypass
17151| [72437] Apache Tomcat Digest security bypass
17152| [72436] Apache Tomcat DIGEST security bypass
17153| [72425] Apache Tomcat parameter denial of service
17154| [72422] Apache Tomcat request object information disclosure
17155| [72377] Apache HTTP Server scoreboard security bypass
17156| [72345] Apache HTTP Server HTTP request denial of service
17157| [72229] Apache Struts ExceptionDelegator command execution
17158| [72089] Apache Struts ParameterInterceptor directory traversal
17159| [72088] Apache Struts CookieInterceptor command execution
17160| [72047] Apache Geronimo hash denial of service
17161| [72016] Apache Tomcat hash denial of service
17162| [71711] Apache Struts OGNL expression code execution
17163| [71654] Apache Struts interfaces security bypass
17164| [71620] Apache ActiveMQ failover denial of service
17165| [71617] Apache HTTP Server mod_proxy module information disclosure
17166| [71508] Apache MyFaces EL security bypass
17167| [71445] Apache HTTP Server mod_proxy security bypass
17168| [71203] Apache Tomcat servlets privilege escalation
17169| [71181] Apache HTTP Server ap_pregsub() denial of service
17170| [71093] Apache HTTP Server ap_pregsub() buffer overflow
17171| [70336] Apache HTTP Server mod_proxy information disclosure
17172| [69804] Apache HTTP Server mod_proxy_ajp denial of service
17173| [69472] Apache Tomcat AJP security bypass
17174| [69396] Apache HTTP Server ByteRange filter denial of service
17175| [69394] Apache Wicket multi window support cross-site scripting
17176| [69176] Apache Tomcat XML information disclosure
17177| [69161] Apache Tomcat jsvc information disclosure
17178| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
17179| [68541] Apache Tomcat sendfile information disclosure
17180| [68420] Apache XML Security denial of service
17181| [68238] Apache Tomcat JMX information disclosure
17182| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
17183| [67804] Apache Subversion control rules information disclosure
17184| [67803] Apache Subversion control rules denial of service
17185| [67802] Apache Subversion baselined denial of service
17186| [67672] Apache Archiva multiple cross-site scripting
17187| [67671] Apache Archiva multiple cross-site request forgery
17188| [67564] Apache APR apr_fnmatch() denial of service
17189| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
17190| [67515] Apache Tomcat annotations security bypass
17191| [67480] Apache Struts s:submit information disclosure
17192| [67414] Apache APR apr_fnmatch() denial of service
17193| [67356] Apache Struts javatemplates cross-site scripting
17194| [67354] Apache Struts Xwork cross-site scripting
17195| [66676] Apache Tomcat HTTP BIO information disclosure
17196| [66675] Apache Tomcat web.xml security bypass
17197| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
17198| [66241] Apache HttpComponents information disclosure
17199| [66154] Apache Tomcat ServletSecurity security bypass
17200| [65971] Apache Tomcat ServletSecurity security bypass
17201| [65876] Apache Subversion mod_dav_svn denial of service
17202| [65343] Apache Continuum unspecified cross-site scripting
17203| [65162] Apache Tomcat NIO connector denial of service
17204| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
17205| [65160] Apache Tomcat HTML Manager interface cross-site scripting
17206| [65159] Apache Tomcat ServletContect security bypass
17207| [65050] Apache CouchDB web-based administration UI cross-site scripting
17208| [64773] Oracle HTTP Server Apache Plugin unauthorized access
17209| [64473] Apache Subversion blame -g denial of service
17210| [64472] Apache Subversion walk() denial of service
17211| [64407] Apache Axis2 CVE-2010-0219 code execution
17212| [63926] Apache Archiva password privilege escalation
17213| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
17214| [63493] Apache Archiva credentials cross-site request forgery
17215| [63477] Apache Tomcat HttpOnly session hijacking
17216| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
17217| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
17218| [62959] Apache Shiro filters security bypass
17219| [62790] Apache Perl cgi module denial of service
17220| [62576] Apache Qpid exchange denial of service
17221| [62575] Apache Qpid AMQP denial of service
17222| [62354] Apache Qpid SSL denial of service
17223| [62235] Apache APR-util apr_brigade_split_line() denial of service
17224| [62181] Apache XML-RPC SAX Parser information disclosure
17225| [61721] Apache Traffic Server cache poisoning
17226| [61202] Apache Derby BUILTIN authentication functionality information disclosure
17227| [61186] Apache CouchDB Futon cross-site request forgery
17228| [61169] Apache CXF DTD denial of service
17229| [61070] Apache Jackrabbit search.jsp SQL injection
17230| [61006] Apache SLMS Quoting cross-site request forgery
17231| [60962] Apache Tomcat time cross-site scripting
17232| [60883] Apache mod_proxy_http information disclosure
17233| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
17234| [60264] Apache Tomcat Transfer-Encoding denial of service
17235| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
17236| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
17237| [59413] Apache mod_proxy_http timeout information disclosure
17238| [59058] Apache MyFaces unencrypted view state cross-site scripting
17239| [58827] Apache Axis2 xsd file include
17240| [58790] Apache Axis2 modules cross-site scripting
17241| [58299] Apache ActiveMQ queueBrowse cross-site scripting
17242| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
17243| [58056] Apache ActiveMQ .jsp source code disclosure
17244| [58055] Apache Tomcat realm name information disclosure
17245| [58046] Apache HTTP Server mod_auth_shadow security bypass
17246| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
17247| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
17248| [57429] Apache CouchDB algorithms information disclosure
17249| [57398] Apache ActiveMQ Web console cross-site request forgery
17250| [57397] Apache ActiveMQ createDestination.action cross-site scripting
17251| [56653] Apache HTTP Server DNS spoofing
17252| [56652] Apache HTTP Server DNS cross-site scripting
17253| [56625] Apache HTTP Server request header information disclosure
17254| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
17255| [56623] Apache HTTP Server mod_proxy_ajp denial of service
17256| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
17257| [55857] Apache Tomcat WAR files directory traversal
17258| [55856] Apache Tomcat autoDeploy attribute security bypass
17259| [55855] Apache Tomcat WAR directory traversal
17260| [55210] Intuit component for Joomla! Apache information disclosure
17261| [54533] Apache Tomcat 404 error page cross-site scripting
17262| [54182] Apache Tomcat admin default password
17263| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
17264| [53666] Apache HTTP Server Solaris pollset support denial of service
17265| [53650] Apache HTTP Server HTTP basic-auth module security bypass
17266| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
17267| [53041] mod_proxy_ftp module for Apache denial of service
17268| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
17269| [51953] Apache Tomcat Path Disclosure
17270| [51952] Apache Tomcat Path Traversal
17271| [51951] Apache stronghold-status Information Disclosure
17272| [51950] Apache stronghold-info Information Disclosure
17273| [51949] Apache PHP Source Code Disclosure
17274| [51948] Apache Multiviews Attack
17275| [51946] Apache JServ Environment Status Information Disclosure
17276| [51945] Apache error_log Information Disclosure
17277| [51944] Apache Default Installation Page Pattern Found
17278| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
17279| [51942] Apache AXIS XML External Entity File Retrieval
17280| [51941] Apache AXIS Sample Servlet Information Leak
17281| [51940] Apache access_log Information Disclosure
17282| [51626] Apache mod_deflate denial of service
17283| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
17284| [51365] Apache Tomcat RequestDispatcher security bypass
17285| [51273] Apache HTTP Server Incomplete Request denial of service
17286| [51195] Apache Tomcat XML information disclosure
17287| [50994] Apache APR-util xml/apr_xml.c denial of service
17288| [50993] Apache APR-util apr_brigade_vprintf denial of service
17289| [50964] Apache APR-util apr_strmatch_precompile() denial of service
17290| [50930] Apache Tomcat j_security_check information disclosure
17291| [50928] Apache Tomcat AJP denial of service
17292| [50884] Apache HTTP Server XML ENTITY denial of service
17293| [50808] Apache HTTP Server AllowOverride privilege escalation
17294| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
17295| [50059] Apache mod_proxy_ajp information disclosure
17296| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
17297| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
17298| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
17299| [49921] Apache ActiveMQ Web interface cross-site scripting
17300| [49898] Apache Geronimo Services/Repository directory traversal
17301| [49725] Apache Tomcat mod_jk module information disclosure
17302| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
17303| [49712] Apache Struts unspecified cross-site scripting
17304| [49213] Apache Tomcat cal2.jsp cross-site scripting
17305| [48934] Apache Tomcat POST doRead method information disclosure
17306| [48211] Apache Tomcat header HTTP request smuggling
17307| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
17308| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
17309| [47709] Apache Roller "
17310| [47104] Novell Netware ApacheAdmin console security bypass
17311| [47086] Apache HTTP Server OS fingerprinting unspecified
17312| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
17313| [45791] Apache Tomcat RemoteFilterValve security bypass
17314| [44435] Oracle WebLogic Apache Connector buffer overflow
17315| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
17316| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
17317| [44156] Apache Tomcat RequestDispatcher directory traversal
17318| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
17319| [43885] Oracle WebLogic Server Apache Connector buffer overflow
17320| [42987] Apache HTTP Server mod_proxy module denial of service
17321| [42915] Apache Tomcat JSP files path disclosure
17322| [42914] Apache Tomcat MS-DOS path disclosure
17323| [42892] Apache Tomcat unspecified unauthorized access
17324| [42816] Apache Tomcat Host Manager cross-site scripting
17325| [42303] Apache 403 error cross-site scripting
17326| [41618] Apache-SSL ExpandCert() authentication bypass
17327| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
17328| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
17329| [40614] Apache mod_jk2 HTTP Host header buffer overflow
17330| [40562] Apache Geronimo init information disclosure
17331| [40478] Novell Web Manager webadmin-apache.conf security bypass
17332| [40411] Apache Tomcat exception handling information disclosure
17333| [40409] Apache Tomcat native (APR based) connector weak security
17334| [40403] Apache Tomcat quotes and %5C cookie information disclosure
17335| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
17336| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
17337| [39867] Apache HTTP Server mod_negotiation cross-site scripting
17338| [39804] Apache Tomcat SingleSignOn information disclosure
17339| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
17340| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
17341| [39608] Apache HTTP Server balancer manager cross-site request forgery
17342| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
17343| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
17344| [39472] Apache HTTP Server mod_status cross-site scripting
17345| [39201] Apache Tomcat JULI logging weak security
17346| [39158] Apache HTTP Server Windows SMB shares information disclosure
17347| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
17348| [38951] Apache::AuthCAS Perl module cookie SQL injection
17349| [38800] Apache HTTP Server 413 error page cross-site scripting
17350| [38211] Apache Geronimo SQLLoginModule authentication bypass
17351| [37243] Apache Tomcat WebDAV directory traversal
17352| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
17353| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
17354| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
17355| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
17356| [36782] Apache Geronimo MEJB unauthorized access
17357| [36586] Apache HTTP Server UTF-7 cross-site scripting
17358| [36468] Apache Geronimo LoginModule security bypass
17359| [36467] Apache Tomcat functions.jsp cross-site scripting
17360| [36402] Apache Tomcat calendar cross-site request forgery
17361| [36354] Apache HTTP Server mod_proxy module denial of service
17362| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
17363| [36336] Apache Derby lock table privilege escalation
17364| [36335] Apache Derby schema privilege escalation
17365| [36006] Apache Tomcat "
17366| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
17367| [35999] Apache Tomcat \"
17368| [35795] Apache Tomcat CookieExample cross-site scripting
17369| [35536] Apache Tomcat SendMailServlet example cross-site scripting
17370| [35384] Apache HTTP Server mod_cache module denial of service
17371| [35097] Apache HTTP Server mod_status module cross-site scripting
17372| [35095] Apache HTTP Server Prefork MPM module denial of service
17373| [34984] Apache HTTP Server recall_headers information disclosure
17374| [34966] Apache HTTP Server MPM content spoofing
17375| [34965] Apache HTTP Server MPM information disclosure
17376| [34963] Apache HTTP Server MPM multiple denial of service
17377| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
17378| [34869] Apache Tomcat JSP example Web application cross-site scripting
17379| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
17380| [34496] Apache Tomcat JK Connector security bypass
17381| [34377] Apache Tomcat hello.jsp cross-site scripting
17382| [34212] Apache Tomcat SSL configuration security bypass
17383| [34210] Apache Tomcat Accept-Language cross-site scripting
17384| [34209] Apache Tomcat calendar application cross-site scripting
17385| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
17386| [34167] Apache Axis WSDL file path disclosure
17387| [34068] Apache Tomcat AJP connector information disclosure
17388| [33584] Apache HTTP Server suEXEC privilege escalation
17389| [32988] Apache Tomcat proxy module directory traversal
17390| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
17391| [32708] Debian Apache tty privilege escalation
17392| [32441] ApacheStats extract() PHP call unspecified
17393| [32128] Apache Tomcat default account
17394| [31680] Apache Tomcat RequestParamExample cross-site scripting
17395| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
17396| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
17397| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
17398| [30456] Apache mod_auth_kerb off-by-one buffer overflow
17399| [29550] Apache mod_tcl set_var() format string
17400| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
17401| [28357] Apache HTTP Server mod_alias script source information disclosure
17402| [28063] Apache mod_rewrite off-by-one buffer overflow
17403| [27902] Apache Tomcat URL information disclosure
17404| [26786] Apache James SMTP server denial of service
17405| [25680] libapache2 /tmp/svn file upload
17406| [25614] Apache Struts lookupMap cross-site scripting
17407| [25613] Apache Struts ActionForm denial of service
17408| [25612] Apache Struts isCancelled() security bypass
17409| [24965] Apache mod_python FileSession command execution
17410| [24716] Apache James spooler memory leak denial of service
17411| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
17412| [24158] Apache Geronimo jsp-examples cross-site scripting
17413| [24030] Apache auth_ldap module multiple format strings
17414| [24008] Apache mod_ssl custom error message denial of service
17415| [24003] Apache mod_auth_pgsql module multiple syslog format strings
17416| [23612] Apache mod_imap referer field cross-site scripting
17417| [23173] Apache Struts error message cross-site scripting
17418| [22942] Apache Tomcat directory listing denial of service
17419| [22858] Apache Multi-Processing Module code allows denial of service
17420| [22602] RHSA-2005:582 updates for Apache httpd not installed
17421| [22520] Apache mod-auth-shadow "
17422| [22466] ApacheTop symlink
17423| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
17424| [22006] Apache HTTP Server byte-range filter denial of service
17425| [21567] Apache mod_ssl off-by-one buffer overflow
17426| [21195] Apache HTTP Server header HTTP request smuggling
17427| [20383] Apache HTTP Server htdigest buffer overflow
17428| [19681] Apache Tomcat AJP12 request denial of service
17429| [18993] Apache HTTP server check_forensic symlink attack
17430| [18790] Apache Tomcat Manager cross-site scripting
17431| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
17432| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
17433| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
17434| [17961] Apache Web server ServerTokens has not been set
17435| [17930] Apache HTTP Server HTTP GET request denial of service
17436| [17785] Apache mod_include module buffer overflow
17437| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
17438| [17473] Apache HTTP Server Satisfy directive allows access to resources
17439| [17413] Apache htpasswd buffer overflow
17440| [17384] Apache HTTP Server environment variable configuration file buffer overflow
17441| [17382] Apache HTTP Server IPv6 apr_util denial of service
17442| [17366] Apache HTTP Server mod_dav module LOCK denial of service
17443| [17273] Apache HTTP Server speculative mode denial of service
17444| [17200] Apache HTTP Server mod_ssl denial of service
17445| [16890] Apache HTTP Server server-info request has been detected
17446| [16889] Apache HTTP Server server-status request has been detected
17447| [16705] Apache mod_ssl format string attack
17448| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
17449| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
17450| [16230] Apache HTTP Server PHP denial of service
17451| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
17452| [15958] Apache HTTP Server authentication modules memory corruption
17453| [15547] Apache HTTP Server mod_disk_cache local information disclosure
17454| [15540] Apache HTTP Server socket starvation denial of service
17455| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
17456| [15422] Apache HTTP Server mod_access information disclosure
17457| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
17458| [15293] Apache for Cygwin "
17459| [15065] Apache-SSL has a default password
17460| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
17461| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
17462| [14751] Apache Mod_python output filter information disclosure
17463| [14125] Apache HTTP Server mod_userdir module information disclosure
17464| [14075] Apache HTTP Server mod_php file descriptor leak
17465| [13703] Apache HTTP Server account
17466| [13689] Apache HTTP Server configuration allows symlinks
17467| [13688] Apache HTTP Server configuration allows SSI
17468| [13687] Apache HTTP Server Server: header value
17469| [13685] Apache HTTP Server ServerTokens value
17470| [13684] Apache HTTP Server ServerSignature value
17471| [13672] Apache HTTP Server config allows directory autoindexing
17472| [13671] Apache HTTP Server default content
17473| [13670] Apache HTTP Server config file directive references outside content root
17474| [13668] Apache HTTP Server httpd not running in chroot environment
17475| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
17476| [13664] Apache HTTP Server config file contains ScriptAlias entry
17477| [13663] Apache HTTP Server CGI support modules loaded
17478| [13661] Apache HTTP Server config file contains AddHandler entry
17479| [13660] Apache HTTP Server 500 error page not CGI script
17480| [13659] Apache HTTP Server 413 error page not CGI script
17481| [13658] Apache HTTP Server 403 error page not CGI script
17482| [13657] Apache HTTP Server 401 error page not CGI script
17483| [13552] Apache HTTP Server mod_cgid module information disclosure
17484| [13550] Apache GET request directory traversal
17485| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
17486| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
17487| [13429] Apache Tomcat non-HTTP request denial of service
17488| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
17489| [13295] Apache weak password encryption
17490| [13254] Apache Tomcat .jsp cross-site scripting
17491| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
17492| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
17493| [12681] Apache HTTP Server mod_proxy could allow mail relaying
17494| [12662] Apache HTTP Server rotatelogs denial of service
17495| [12554] Apache Tomcat stores password in plain text
17496| [12553] Apache HTTP Server redirects and subrequests denial of service
17497| [12552] Apache HTTP Server FTP proxy server denial of service
17498| [12551] Apache HTTP Server prefork MPM denial of service
17499| [12550] Apache HTTP Server weaker than expected encryption
17500| [12549] Apache HTTP Server type-map file denial of service
17501| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
17502| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
17503| [12091] Apache HTTP Server apr_password_validate denial of service
17504| [12090] Apache HTTP Server apr_psprintf code execution
17505| [11804] Apache HTTP Server mod_access_referer denial of service
17506| [11750] Apache HTTP Server could leak sensitive file descriptors
17507| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
17508| [11703] Apache long slash path allows directory listing
17509| [11695] Apache HTTP Server LF (Line Feed) denial of service
17510| [11694] Apache HTTP Server filestat.c denial of service
17511| [11438] Apache HTTP Server MIME message boundaries information disclosure
17512| [11412] Apache HTTP Server error log terminal escape sequence injection
17513| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
17514| [11195] Apache Tomcat web.xml could be used to read files
17515| [11194] Apache Tomcat URL appended with a null character could list directories
17516| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
17517| [11126] Apache HTTP Server illegal character file disclosure
17518| [11125] Apache HTTP Server DOS device name HTTP POST code execution
17519| [11124] Apache HTTP Server DOS device name denial of service
17520| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
17521| [10938] Apache HTTP Server printenv test CGI cross-site scripting
17522| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
17523| [10575] Apache mod_php module could allow an attacker to take over the httpd process
17524| [10499] Apache HTTP Server WebDAV HTTP POST view source
17525| [10457] Apache HTTP Server mod_ssl "
17526| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
17527| [10414] Apache HTTP Server htdigest multiple buffer overflows
17528| [10413] Apache HTTP Server htdigest temporary file race condition
17529| [10412] Apache HTTP Server htpasswd temporary file race condition
17530| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
17531| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
17532| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
17533| [10280] Apache HTTP Server shared memory scorecard overwrite
17534| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
17535| [10241] Apache HTTP Server Host: header cross-site scripting
17536| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
17537| [10208] Apache HTTP Server mod_dav denial of service
17538| [10206] HP VVOS Apache mod_ssl denial of service
17539| [10200] Apache HTTP Server stderr denial of service
17540| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
17541| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
17542| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
17543| [10098] Slapper worm targets OpenSSL/Apache systems
17544| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
17545| [9875] Apache HTTP Server .var file request could disclose installation path
17546| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
17547| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
17548| [9623] Apache HTTP Server ap_log_rerror() path disclosure
17549| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
17550| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
17551| [9396] Apache Tomcat null character to threads denial of service
17552| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
17553| [9249] Apache HTTP Server chunked encoding heap buffer overflow
17554| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
17555| [8932] Apache Tomcat example class information disclosure
17556| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
17557| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
17558| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
17559| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
17560| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
17561| [8400] Apache HTTP Server mod_frontpage buffer overflows
17562| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
17563| [8308] Apache "
17564| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
17565| [8119] Apache and PHP OPTIONS request reveals "
17566| [8054] Apache is running on the system
17567| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
17568| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
17569| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
17570| [7836] Apache HTTP Server log directory denial of service
17571| [7815] Apache for Windows "
17572| [7810] Apache HTTP request could result in unexpected behavior
17573| [7599] Apache Tomcat reveals installation path
17574| [7494] Apache "
17575| [7419] Apache Web Server could allow remote attackers to overwrite .log files
17576| [7363] Apache Web Server hidden HTTP requests
17577| [7249] Apache mod_proxy denial of service
17578| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
17579| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
17580| [7059] Apache "
17581| [7057] Apache "
17582| [7056] Apache "
17583| [7055] Apache "
17584| [7054] Apache "
17585| [6997] Apache Jakarta Tomcat error message may reveal information
17586| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
17587| [6970] Apache crafted HTTP request could reveal the internal IP address
17588| [6921] Apache long slash path allows directory listing
17589| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
17590| [6527] Apache Web Server for Windows and OS2 denial of service
17591| [6316] Apache Jakarta Tomcat may reveal JSP source code
17592| [6305] Apache Jakarta Tomcat directory traversal
17593| [5926] Linux Apache symbolic link
17594| [5659] Apache Web server discloses files when used with php script
17595| [5310] Apache mod_rewrite allows attacker to view arbitrary files
17596| [5204] Apache WebDAV directory listings
17597| [5197] Apache Web server reveals CGI script source code
17598| [5160] Apache Jakarta Tomcat default installation
17599| [5099] Trustix Secure Linux installs Apache with world writable access
17600| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
17601| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
17602| [4931] Apache source.asp example file allows users to write to files
17603| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
17604| [4205] Apache Jakarta Tomcat delivers file contents
17605| [2084] Apache on Debian by default serves the /usr/doc directory
17606| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
17607| [697] Apache HTTP server beck exploit
17608| [331] Apache cookies buffer overflow
17609|
17610| Exploit-DB - https://www.exploit-db.com:
17611| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
17612| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
17613| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
17614| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
17615| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
17616| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
17617| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
17618| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
17619| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
17620| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
17621| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
17622| [29859] Apache Roller OGNL Injection
17623| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
17624| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
17625| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
17626| [29290] Apache / PHP 5.x Remote Code Execution Exploit
17627| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
17628| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
17629| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
17630| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
17631| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
17632| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
17633| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
17634| [27096] Apache Geronimo 1.0 Error Page XSS
17635| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
17636| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
17637| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
17638| [25986] Plesk Apache Zeroday Remote Exploit
17639| [25980] Apache Struts includeParams Remote Code Execution
17640| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
17641| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
17642| [24874] Apache Struts ParametersInterceptor Remote Code Execution
17643| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
17644| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
17645| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
17646| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
17647| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
17648| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
17649| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
17650| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
17651| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
17652| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
17653| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
17654| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
17655| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
17656| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
17657| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
17658| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
17659| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
17660| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
17661| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
17662| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
17663| [21719] Apache 2.0 Path Disclosure Vulnerability
17664| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
17665| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
17666| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
17667| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
17668| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
17669| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
17670| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
17671| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
17672| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
17673| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
17674| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
17675| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
17676| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
17677| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
17678| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
17679| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
17680| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
17681| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
17682| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
17683| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
17684| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
17685| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
17686| [20558] Apache 1.2 Web Server DoS Vulnerability
17687| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
17688| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
17689| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
17690| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
17691| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
17692| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
17693| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
17694| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
17695| [19231] PHP apache_request_headers Function Buffer Overflow
17696| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
17697| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
17698| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
17699| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
17700| [18442] Apache httpOnly Cookie Disclosure
17701| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
17702| [18221] Apache HTTP Server Denial of Service
17703| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17704| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
17705| [17691] Apache Struts < 2.2.0 - Remote Command Execution
17706| [16798] Apache mod_jk 1.2.20 Buffer Overflow
17707| [16782] Apache Win32 Chunked Encoding
17708| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
17709| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
17710| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
17711| [15319] Apache 2.2 (Windows) Local Denial of Service
17712| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
17713| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17714| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
17715| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
17716| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
17717| [12330] Apache OFBiz - Multiple XSS
17718| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
17719| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
17720| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
17721| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
17722| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
17723| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
17724| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
17725| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
17726| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17727| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
17728| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
17729| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
17730| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17731| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
17732| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
17733| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
17734| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
17735| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
17736| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
17737| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
17738| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
17739| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
17740| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
17741| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
17742| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
17743| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
17744| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
17745| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
17746| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
17747| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
17748| [466] htpasswd Apache 1.3.31 - Local Exploit
17749| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
17750| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
17751| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
17752| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
17753| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
17754| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
17755| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
17756| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
17757| [9] Apache HTTP Server 2.x Memory Leak Exploit
17758|
17759| OpenVAS (Nessus) - http://www.openvas.org:
17760| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
17761| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
17762| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
17763| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
17764| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
17765| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
17766| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
17767| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
17768| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
17769| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
17770| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
17771| [900571] Apache APR-Utils Version Detection
17772| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
17773| [900496] Apache Tiles Multiple XSS Vulnerability
17774| [900493] Apache Tiles Version Detection
17775| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
17776| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
17777| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
17778| [870175] RedHat Update for apache RHSA-2008:0004-01
17779| [864591] Fedora Update for apache-poi FEDORA-2012-10835
17780| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
17781| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
17782| [864250] Fedora Update for apache-poi FEDORA-2012-7683
17783| [864249] Fedora Update for apache-poi FEDORA-2012-7686
17784| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
17785| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
17786| [855821] Solaris Update for Apache 1.3 122912-19
17787| [855812] Solaris Update for Apache 1.3 122911-19
17788| [855737] Solaris Update for Apache 1.3 122911-17
17789| [855731] Solaris Update for Apache 1.3 122912-17
17790| [855695] Solaris Update for Apache 1.3 122911-16
17791| [855645] Solaris Update for Apache 1.3 122912-16
17792| [855587] Solaris Update for kernel update and Apache 108529-29
17793| [855566] Solaris Update for Apache 116973-07
17794| [855531] Solaris Update for Apache 116974-07
17795| [855524] Solaris Update for Apache 2 120544-14
17796| [855494] Solaris Update for Apache 1.3 122911-15
17797| [855478] Solaris Update for Apache Security 114145-11
17798| [855472] Solaris Update for Apache Security 113146-12
17799| [855179] Solaris Update for Apache 1.3 122912-15
17800| [855147] Solaris Update for kernel update and Apache 108528-29
17801| [855077] Solaris Update for Apache 2 120543-14
17802| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
17803| [850088] SuSE Update for apache2 SUSE-SA:2007:061
17804| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
17805| [841209] Ubuntu Update for apache2 USN-1627-1
17806| [840900] Ubuntu Update for apache2 USN-1368-1
17807| [840798] Ubuntu Update for apache2 USN-1259-1
17808| [840734] Ubuntu Update for apache2 USN-1199-1
17809| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
17810| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
17811| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
17812| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
17813| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
17814| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
17815| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
17816| [835253] HP-UX Update for Apache Web Server HPSBUX02645
17817| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
17818| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
17819| [835236] HP-UX Update for Apache with PHP HPSBUX02543
17820| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
17821| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
17822| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
17823| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
17824| [835188] HP-UX Update for Apache HPSBUX02308
17825| [835181] HP-UX Update for Apache With PHP HPSBUX02332
17826| [835180] HP-UX Update for Apache with PHP HPSBUX02342
17827| [835172] HP-UX Update for Apache HPSBUX02365
17828| [835168] HP-UX Update for Apache HPSBUX02313
17829| [835148] HP-UX Update for Apache HPSBUX01064
17830| [835139] HP-UX Update for Apache with PHP HPSBUX01090
17831| [835131] HP-UX Update for Apache HPSBUX00256
17832| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
17833| [835104] HP-UX Update for Apache HPSBUX00224
17834| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
17835| [835101] HP-UX Update for Apache HPSBUX01232
17836| [835080] HP-UX Update for Apache HPSBUX02273
17837| [835078] HP-UX Update for ApacheStrong HPSBUX00255
17838| [835044] HP-UX Update for Apache HPSBUX01019
17839| [835040] HP-UX Update for Apache PHP HPSBUX00207
17840| [835025] HP-UX Update for Apache HPSBUX00197
17841| [835023] HP-UX Update for Apache HPSBUX01022
17842| [835022] HP-UX Update for Apache HPSBUX02292
17843| [835005] HP-UX Update for Apache HPSBUX02262
17844| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
17845| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
17846| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
17847| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
17848| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
17849| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
17850| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
17851| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
17852| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
17853| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
17854| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
17855| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
17856| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
17857| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
17858| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
17859| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
17860| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
17861| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
17862| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
17863| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
17864| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
17865| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
17866| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
17867| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
17868| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
17869| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
17870| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
17871| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
17872| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
17873| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
17874| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
17875| [801942] Apache Archiva Multiple Vulnerabilities
17876| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
17877| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
17878| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
17879| [801284] Apache Derby Information Disclosure Vulnerability
17880| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
17881| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
17882| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
17883| [800680] Apache APR Version Detection
17884| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
17885| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
17886| [800677] Apache Roller Version Detection
17887| [800279] Apache mod_jk Module Version Detection
17888| [800278] Apache Struts Cross Site Scripting Vulnerability
17889| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
17890| [800276] Apache Struts Version Detection
17891| [800271] Apache Struts Directory Traversal Vulnerability
17892| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
17893| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
17894| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
17895| [103122] Apache Web Server ETag Header Information Disclosure Weakness
17896| [103074] Apache Continuum Cross Site Scripting Vulnerability
17897| [103073] Apache Continuum Detection
17898| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
17899| [101023] Apache Open For Business Weak Password security check
17900| [101020] Apache Open For Business HTML injection vulnerability
17901| [101019] Apache Open For Business service detection
17902| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
17903| [100923] Apache Archiva Detection
17904| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
17905| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
17906| [100813] Apache Axis2 Detection
17907| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
17908| [100795] Apache Derby Detection
17909| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
17910| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
17911| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
17912| [100514] Apache Multiple Security Vulnerabilities
17913| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
17914| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
17915| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
17916| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17917| [72626] Debian Security Advisory DSA 2579-1 (apache2)
17918| [72612] FreeBSD Ports: apache22
17919| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
17920| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
17921| [71512] FreeBSD Ports: apache
17922| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
17923| [71256] Debian Security Advisory DSA 2452-1 (apache2)
17924| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
17925| [70737] FreeBSD Ports: apache
17926| [70724] Debian Security Advisory DSA 2405-1 (apache2)
17927| [70600] FreeBSD Ports: apache
17928| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
17929| [70235] Debian Security Advisory DSA 2298-2 (apache2)
17930| [70233] Debian Security Advisory DSA 2298-1 (apache2)
17931| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
17932| [69338] Debian Security Advisory DSA 2202-1 (apache2)
17933| [67868] FreeBSD Ports: apache
17934| [66816] FreeBSD Ports: apache
17935| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
17936| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
17937| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
17938| [66081] SLES11: Security update for Apache 2
17939| [66074] SLES10: Security update for Apache 2
17940| [66070] SLES9: Security update for Apache 2
17941| [65998] SLES10: Security update for apache2-mod_python
17942| [65893] SLES10: Security update for Apache 2
17943| [65888] SLES10: Security update for Apache 2
17944| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
17945| [65510] SLES9: Security update for Apache 2
17946| [65472] SLES9: Security update for Apache
17947| [65467] SLES9: Security update for Apache
17948| [65450] SLES9: Security update for apache2
17949| [65390] SLES9: Security update for Apache2
17950| [65363] SLES9: Security update for Apache2
17951| [65309] SLES9: Security update for Apache and mod_ssl
17952| [65296] SLES9: Security update for webdav apache module
17953| [65283] SLES9: Security update for Apache2
17954| [65249] SLES9: Security update for Apache 2
17955| [65230] SLES9: Security update for Apache 2
17956| [65228] SLES9: Security update for Apache 2
17957| [65212] SLES9: Security update for apache2-mod_python
17958| [65209] SLES9: Security update for apache2-worker
17959| [65207] SLES9: Security update for Apache 2
17960| [65168] SLES9: Security update for apache2-mod_python
17961| [65142] SLES9: Security update for Apache2
17962| [65136] SLES9: Security update for Apache 2
17963| [65132] SLES9: Security update for apache
17964| [65131] SLES9: Security update for Apache 2 oes/CORE
17965| [65113] SLES9: Security update for apache2
17966| [65072] SLES9: Security update for apache and mod_ssl
17967| [65017] SLES9: Security update for Apache 2
17968| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
17969| [64783] FreeBSD Ports: apache
17970| [64774] Ubuntu USN-802-2 (apache2)
17971| [64653] Ubuntu USN-813-2 (apache2)
17972| [64559] Debian Security Advisory DSA 1834-2 (apache2)
17973| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
17974| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
17975| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
17976| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
17977| [64443] Ubuntu USN-802-1 (apache2)
17978| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
17979| [64423] Debian Security Advisory DSA 1834-1 (apache2)
17980| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
17981| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
17982| [64251] Debian Security Advisory DSA 1816-1 (apache2)
17983| [64201] Ubuntu USN-787-1 (apache2)
17984| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
17985| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
17986| [63565] FreeBSD Ports: apache
17987| [63562] Ubuntu USN-731-1 (apache2)
17988| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
17989| [61185] FreeBSD Ports: apache
17990| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
17991| [60387] Slackware Advisory SSA:2008-045-02 apache
17992| [58826] FreeBSD Ports: apache-tomcat
17993| [58825] FreeBSD Ports: apache-tomcat
17994| [58804] FreeBSD Ports: apache
17995| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
17996| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
17997| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
17998| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
17999| [57335] Debian Security Advisory DSA 1167-1 (apache)
18000| [57201] Debian Security Advisory DSA 1131-1 (apache)
18001| [57200] Debian Security Advisory DSA 1132-1 (apache2)
18002| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
18003| [57145] FreeBSD Ports: apache
18004| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
18005| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
18006| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
18007| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
18008| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
18009| [56067] FreeBSD Ports: apache
18010| [55803] Slackware Advisory SSA:2005-310-04 apache
18011| [55519] Debian Security Advisory DSA 839-1 (apachetop)
18012| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
18013| [55355] FreeBSD Ports: apache
18014| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
18015| [55261] Debian Security Advisory DSA 805-1 (apache2)
18016| [55259] Debian Security Advisory DSA 803-1 (apache)
18017| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
18018| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
18019| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
18020| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
18021| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
18022| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
18023| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
18024| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
18025| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
18026| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
18027| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
18028| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
18029| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
18030| [54439] FreeBSD Ports: apache
18031| [53931] Slackware Advisory SSA:2004-133-01 apache
18032| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
18033| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
18034| [53878] Slackware Advisory SSA:2003-308-01 apache security update
18035| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
18036| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
18037| [53848] Debian Security Advisory DSA 131-1 (apache)
18038| [53784] Debian Security Advisory DSA 021-1 (apache)
18039| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
18040| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
18041| [53735] Debian Security Advisory DSA 187-1 (apache)
18042| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
18043| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
18044| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
18045| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
18046| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
18047| [53282] Debian Security Advisory DSA 594-1 (apache)
18048| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
18049| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
18050| [53215] Debian Security Advisory DSA 525-1 (apache)
18051| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
18052| [52529] FreeBSD Ports: apache+ssl
18053| [52501] FreeBSD Ports: apache
18054| [52461] FreeBSD Ports: apache
18055| [52390] FreeBSD Ports: apache
18056| [52389] FreeBSD Ports: apache
18057| [52388] FreeBSD Ports: apache
18058| [52383] FreeBSD Ports: apache
18059| [52339] FreeBSD Ports: apache+mod_ssl
18060| [52331] FreeBSD Ports: apache
18061| [52329] FreeBSD Ports: ru-apache+mod_ssl
18062| [52314] FreeBSD Ports: apache
18063| [52310] FreeBSD Ports: apache
18064| [15588] Detect Apache HTTPS
18065| [15555] Apache mod_proxy content-length buffer overflow
18066| [15554] Apache mod_include priviledge escalation
18067| [14771] Apache <= 1.3.33 htpasswd local overflow
18068| [14177] Apache mod_access rule bypass
18069| [13644] Apache mod_rootme Backdoor
18070| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
18071| [12280] Apache Connection Blocking Denial of Service
18072| [12239] Apache Error Log Escape Sequence Injection
18073| [12123] Apache Tomcat source.jsp malformed request information disclosure
18074| [12085] Apache Tomcat servlet/JSP container default files
18075| [11438] Apache Tomcat Directory Listing and File disclosure
18076| [11204] Apache Tomcat Default Accounts
18077| [11092] Apache 2.0.39 Win32 directory traversal
18078| [11046] Apache Tomcat TroubleShooter Servlet Installed
18079| [11042] Apache Tomcat DOS Device Name XSS
18080| [11041] Apache Tomcat /servlet Cross Site Scripting
18081| [10938] Apache Remote Command Execution via .bat files
18082| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
18083| [10773] MacOS X Finder reveals contents of Apache Web files
18084| [10766] Apache UserDir Sensitive Information Disclosure
18085| [10756] MacOS X Finder reveals contents of Apache Web directories
18086| [10752] Apache Auth Module SQL Insertion Attack
18087| [10704] Apache Directory Listing
18088| [10678] Apache /server-info accessible
18089| [10677] Apache /server-status accessible
18090| [10440] Check for Apache Multiple / vulnerability
18091|
18092| SecurityTracker - https://www.securitytracker.com:
18093| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
18094| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
18095| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
18096| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
18097| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
18098| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
18099| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
18100| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
18101| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
18102| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
18103| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
18104| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
18105| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
18106| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
18107| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
18108| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
18109| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
18110| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
18111| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
18112| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
18113| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
18114| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
18115| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
18116| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
18117| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
18118| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
18119| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
18120| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
18121| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
18122| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
18123| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
18124| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
18125| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
18126| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
18127| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
18128| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
18129| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
18130| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
18131| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
18132| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
18133| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
18134| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
18135| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
18136| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
18137| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
18138| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
18139| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
18140| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
18141| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
18142| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
18143| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
18144| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
18145| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
18146| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
18147| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
18148| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
18149| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
18150| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
18151| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
18152| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
18153| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
18154| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
18155| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
18156| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
18157| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
18158| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
18159| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
18160| [1024096] Apache mod_proxy_http May Return Results for a Different Request
18161| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
18162| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
18163| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
18164| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
18165| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
18166| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
18167| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
18168| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
18169| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
18170| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
18171| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
18172| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
18173| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
18174| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
18175| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
18176| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
18177| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
18178| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
18179| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
18180| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
18181| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
18182| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
18183| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
18184| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
18185| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
18186| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
18187| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
18188| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
18189| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
18190| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
18191| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
18192| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
18193| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
18194| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
18195| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
18196| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
18197| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
18198| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
18199| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
18200| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
18201| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
18202| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
18203| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
18204| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
18205| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
18206| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
18207| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
18208| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
18209| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
18210| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
18211| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
18212| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
18213| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
18214| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
18215| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
18216| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
18217| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
18218| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
18219| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
18220| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
18221| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
18222| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
18223| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
18224| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
18225| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
18226| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
18227| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
18228| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
18229| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
18230| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
18231| [1008920] Apache mod_digest May Validate Replayed Client Responses
18232| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
18233| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
18234| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
18235| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
18236| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
18237| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
18238| [1008030] Apache mod_rewrite Contains a Buffer Overflow
18239| [1008029] Apache mod_alias Contains a Buffer Overflow
18240| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
18241| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
18242| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
18243| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
18244| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
18245| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
18246| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
18247| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
18248| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
18249| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
18250| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
18251| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
18252| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
18253| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
18254| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
18255| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
18256| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
18257| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
18258| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
18259| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
18260| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
18261| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
18262| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
18263| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
18264| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
18265| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
18266| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
18267| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
18268| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
18269| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
18270| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
18271| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
18272| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
18273| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
18274| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
18275| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
18276| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
18277| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
18278| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
18279| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
18280| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
18281| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
18282| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
18283| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
18284| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
18285| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
18286| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
18287| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
18288| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
18289| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
18290| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
18291| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
18292| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
18293| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
18294| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
18295| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
18296|
18297| OSVDB - http://www.osvdb.org:
18298| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
18299| [96077] Apache CloudStack Global Settings Multiple Field XSS
18300| [96076] Apache CloudStack Instances Menu Display Name Field XSS
18301| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
18302| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
18303| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
18304| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
18305| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
18306| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
18307| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
18308| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
18309| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
18310| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
18311| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
18312| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
18313| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
18314| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
18315| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
18316| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
18317| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
18318| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
18319| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
18320| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
18321| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
18322| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
18323| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
18324| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
18325| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
18326| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
18327| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
18328| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
18329| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
18330| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
18331| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
18332| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
18333| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
18334| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
18335| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
18336| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
18337| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
18338| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
18339| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
18340| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
18341| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
18342| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
18343| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
18344| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
18345| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
18346| [94279] Apache Qpid CA Certificate Validation Bypass
18347| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
18348| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
18349| [94042] Apache Axis JAX-WS Java Unspecified Exposure
18350| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
18351| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
18352| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
18353| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
18354| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
18355| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
18356| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
18357| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
18358| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
18359| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
18360| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
18361| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
18362| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
18363| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
18364| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
18365| [93541] Apache Solr json.wrf Callback XSS
18366| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
18367| [93521] Apache jUDDI Security API Token Session Persistence Weakness
18368| [93520] Apache CloudStack Default SSL Key Weakness
18369| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
18370| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
18371| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
18372| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
18373| [93515] Apache HBase table.jsp name Parameter XSS
18374| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
18375| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
18376| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
18377| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
18378| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
18379| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
18380| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
18381| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
18382| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
18383| [93252] Apache Tomcat FORM Authenticator Session Fixation
18384| [93172] Apache Camel camel/endpoints/ Endpoint XSS
18385| [93171] Apache Sling HtmlResponse Error Message XSS
18386| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
18387| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
18388| [93168] Apache Click ErrorReport.java id Parameter XSS
18389| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
18390| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
18391| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
18392| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
18393| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
18394| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
18395| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
18396| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
18397| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
18398| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
18399| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
18400| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
18401| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
18402| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
18403| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
18404| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
18405| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
18406| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
18407| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
18408| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
18409| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
18410| [93144] Apache Solr Admin Command Execution CSRF
18411| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
18412| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
18413| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
18414| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
18415| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
18416| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
18417| [92748] Apache CloudStack VM Console Access Restriction Bypass
18418| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
18419| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
18420| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
18421| [92706] Apache ActiveMQ Debug Log Rendering XSS
18422| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
18423| [92270] Apache Tomcat Unspecified CSRF
18424| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
18425| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
18426| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
18427| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
18428| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
18429| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
18430| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
18431| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
18432| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
18433| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
18434| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
18435| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
18436| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
18437| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
18438| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
18439| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
18440| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
18441| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
18442| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
18443| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
18444| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
18445| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
18446| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
18447| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
18448| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
18449| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
18450| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
18451| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
18452| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
18453| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
18454| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
18455| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
18456| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
18457| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
18458| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
18459| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
18460| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
18461| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
18462| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
18463| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
18464| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
18465| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
18466| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
18467| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
18468| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
18469| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
18470| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
18471| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
18472| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
18473| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
18474| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
18475| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
18476| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
18477| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
18478| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
18479| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
18480| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
18481| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
18482| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
18483| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
18484| [86901] Apache Tomcat Error Message Path Disclosure
18485| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
18486| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
18487| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
18488| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
18489| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
18490| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
18491| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
18492| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
18493| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
18494| [85430] Apache mod_pagespeed Module Unspecified XSS
18495| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
18496| [85249] Apache Wicket Unspecified XSS
18497| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
18498| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
18499| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
18500| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
18501| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
18502| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
18503| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
18504| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
18505| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
18506| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
18507| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
18508| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
18509| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
18510| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
18511| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
18512| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
18513| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
18514| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
18515| [83339] Apache Roller Blogger Roll Unspecified XSS
18516| [83270] Apache Roller Unspecified Admin Action CSRF
18517| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
18518| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
18519| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
18520| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
18521| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
18522| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
18523| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
18524| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
18525| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
18526| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
18527| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
18528| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
18529| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
18530| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
18531| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
18532| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
18533| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
18534| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
18535| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
18536| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
18537| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
18538| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
18539| [80300] Apache Wicket wicket:pageMapName Parameter XSS
18540| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
18541| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
18542| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
18543| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
18544| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
18545| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
18546| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
18547| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
18548| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
18549| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
18550| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
18551| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
18552| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
18553| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
18554| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
18555| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
18556| [78331] Apache Tomcat Request Object Recycling Information Disclosure
18557| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
18558| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
18559| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
18560| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
18561| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
18562| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
18563| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
18564| [77593] Apache Struts Conversion Error OGNL Expression Injection
18565| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
18566| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
18567| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
18568| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
18569| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
18570| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
18571| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
18572| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
18573| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
18574| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
18575| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
18576| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
18577| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
18578| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
18579| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
18580| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
18581| [74725] Apache Wicket Multi Window Support Unspecified XSS
18582| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
18583| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
18584| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
18585| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
18586| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
18587| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
18588| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
18589| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
18590| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
18591| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
18592| [73644] Apache XML Security Signature Key Parsing Overflow DoS
18593| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
18594| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
18595| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
18596| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
18597| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
18598| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
18599| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
18600| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
18601| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
18602| [73154] Apache Archiva Multiple Unspecified CSRF
18603| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
18604| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
18605| [72238] Apache Struts Action / Method Names <
18606| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
18607| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
18608| [71557] Apache Tomcat HTML Manager Multiple XSS
18609| [71075] Apache Archiva User Management Page XSS
18610| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
18611| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
18612| [70924] Apache Continuum Multiple Admin Function CSRF
18613| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
18614| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
18615| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
18616| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
18617| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
18618| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
18619| [69520] Apache Archiva Administrator Credential Manipulation CSRF
18620| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
18621| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
18622| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
18623| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
18624| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
18625| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
18626| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
18627| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
18628| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
18629| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
18630| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
18631| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
18632| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
18633| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
18634| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
18635| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
18636| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
18637| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
18638| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
18639| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
18640| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
18641| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
18642| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
18643| [65054] Apache ActiveMQ Jetty Error Handler XSS
18644| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
18645| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
18646| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
18647| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
18648| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
18649| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
18650| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
18651| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
18652| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
18653| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
18654| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
18655| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
18656| [63895] Apache HTTP Server mod_headers Unspecified Issue
18657| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
18658| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
18659| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
18660| [63140] Apache Thrift Service Malformed Data Remote DoS
18661| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
18662| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
18663| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
18664| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
18665| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
18666| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
18667| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
18668| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
18669| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
18670| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
18671| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
18672| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
18673| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
18674| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
18675| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
18676| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
18677| [60678] Apache Roller Comment Email Notification Manipulation DoS
18678| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
18679| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
18680| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
18681| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
18682| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
18683| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
18684| [60232] PHP on Apache php.exe Direct Request Remote DoS
18685| [60176] Apache Tomcat Windows Installer Admin Default Password
18686| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
18687| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
18688| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
18689| [59944] Apache Hadoop jobhistory.jsp XSS
18690| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
18691| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
18692| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
18693| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
18694| [59019] Apache mod_python Cookie Salting Weakness
18695| [59018] Apache Harmony Error Message Handling Overflow
18696| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
18697| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
18698| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
18699| [59010] Apache Solr get-file.jsp XSS
18700| [59009] Apache Solr action.jsp XSS
18701| [59008] Apache Solr analysis.jsp XSS
18702| [59007] Apache Solr schema.jsp Multiple Parameter XSS
18703| [59006] Apache Beehive select / checkbox Tag XSS
18704| [59005] Apache Beehive jpfScopeID Global Parameter XSS
18705| [59004] Apache Beehive Error Message XSS
18706| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
18707| [59002] Apache Jetspeed default-page.psml URI XSS
18708| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
18709| [59000] Apache CXF Unsigned Message Policy Bypass
18710| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
18711| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
18712| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
18713| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
18714| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
18715| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
18716| [58993] Apache Hadoop browseBlock.jsp XSS
18717| [58991] Apache Hadoop browseDirectory.jsp XSS
18718| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
18719| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
18720| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
18721| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
18722| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
18723| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
18724| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
18725| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
18726| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
18727| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
18728| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
18729| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
18730| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
18731| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
18732| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
18733| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
18734| [58974] Apache Sling /apps Script User Session Management Access Weakness
18735| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
18736| [58931] Apache Geronimo Cookie Parameters Validation Weakness
18737| [58930] Apache Xalan-C++ XPath Handling Remote DoS
18738| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
18739| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
18740| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
18741| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
18742| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
18743| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
18744| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
18745| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
18746| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
18747| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
18748| [58805] Apache Derby Unauthenticated Database / Admin Access
18749| [58804] Apache Wicket Header Contribution Unspecified Issue
18750| [58803] Apache Wicket Session Fixation
18751| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
18752| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
18753| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
18754| [58799] Apache Tapestry Logging Cleartext Password Disclosure
18755| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
18756| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
18757| [58796] Apache Jetspeed Unsalted Password Storage Weakness
18758| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
18759| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
18760| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
18761| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
18762| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
18763| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
18764| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
18765| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
18766| [58775] Apache JSPWiki preview.jsp action Parameter XSS
18767| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18768| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
18769| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
18770| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
18771| [58770] Apache JSPWiki Group.jsp group Parameter XSS
18772| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
18773| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
18774| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
18775| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
18776| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18777| [58763] Apache JSPWiki Include Tag Multiple Script XSS
18778| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
18779| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
18780| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
18781| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
18782| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
18783| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
18784| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
18785| [58755] Apache Harmony DRLVM Non-public Class Member Access
18786| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
18787| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
18788| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
18789| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
18790| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
18791| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
18792| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
18793| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
18794| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
18795| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
18796| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
18797| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
18798| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
18799| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
18800| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
18801| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
18802| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
18803| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
18804| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
18805| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
18806| [58725] Apache Tapestry Basic String ACL Bypass Weakness
18807| [58724] Apache Roller Logout Functionality Failure Session Persistence
18808| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
18809| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
18810| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
18811| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
18812| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
18813| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
18814| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
18815| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
18816| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
18817| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
18818| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
18819| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
18820| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
18821| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
18822| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
18823| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
18824| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
18825| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
18826| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
18827| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
18828| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
18829| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
18830| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
18831| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
18832| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
18833| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
18834| [58687] Apache Axis Invalid wsdl Request XSS
18835| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
18836| [58685] Apache Velocity Template Designer Privileged Code Execution
18837| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
18838| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
18839| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
18840| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
18841| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
18842| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
18843| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
18844| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
18845| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
18846| [58667] Apache Roller Database Cleartext Passwords Disclosure
18847| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
18848| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
18849| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
18850| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
18851| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
18852| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
18853| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
18854| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
18855| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
18856| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
18857| [56984] Apache Xerces2 Java Malformed XML Input DoS
18858| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
18859| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
18860| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
18861| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
18862| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
18863| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
18864| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
18865| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
18866| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
18867| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
18868| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
18869| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
18870| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
18871| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
18872| [55056] Apache Tomcat Cross-application TLD File Manipulation
18873| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
18874| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
18875| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
18876| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
18877| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
18878| [54589] Apache Jserv Nonexistent JSP Request XSS
18879| [54122] Apache Struts s:a / s:url Tag href Element XSS
18880| [54093] Apache ActiveMQ Web Console JMS Message XSS
18881| [53932] Apache Geronimo Multiple Admin Function CSRF
18882| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
18883| [53930] Apache Geronimo /console/portal/ URI XSS
18884| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
18885| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
18886| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
18887| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
18888| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
18889| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
18890| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
18891| [53380] Apache Struts Unspecified XSS
18892| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
18893| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
18894| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
18895| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
18896| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
18897| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
18898| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
18899| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
18900| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
18901| [51151] Apache Roller Search Function q Parameter XSS
18902| [50482] PHP with Apache php_value Order Unspecified Issue
18903| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
18904| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
18905| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
18906| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
18907| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
18908| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
18909| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
18910| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
18911| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
18912| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
18913| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
18914| [47096] Oracle Weblogic Apache Connector POST Request Overflow
18915| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
18916| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
18917| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
18918| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
18919| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
18920| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
18921| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
18922| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
18923| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
18924| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
18925| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
18926| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
18927| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
18928| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
18929| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
18930| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
18931| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
18932| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
18933| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
18934| [43452] Apache Tomcat HTTP Request Smuggling
18935| [43309] Apache Geronimo LoginModule Login Method Bypass
18936| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
18937| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
18938| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
18939| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
18940| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
18941| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
18942| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
18943| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
18944| [42091] Apache Maven Site Plugin Installation Permission Weakness
18945| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
18946| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
18947| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
18948| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
18949| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
18950| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
18951| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
18952| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
18953| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
18954| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
18955| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
18956| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
18957| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
18958| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
18959| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
18960| [40262] Apache HTTP Server mod_status refresh XSS
18961| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
18962| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
18963| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
18964| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
18965| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
18966| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
18967| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
18968| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
18969| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
18970| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
18971| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
18972| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
18973| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
18974| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
18975| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
18976| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
18977| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
18978| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
18979| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
18980| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
18981| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
18982| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
18983| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
18984| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
18985| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
18986| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
18987| [36080] Apache Tomcat JSP Examples Crafted URI XSS
18988| [36079] Apache Tomcat Manager Uploaded Filename XSS
18989| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
18990| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
18991| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
18992| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
18993| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
18994| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
18995| [34881] Apache Tomcat Malformed Accept-Language Header XSS
18996| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
18997| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
18998| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
18999| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
19000| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
19001| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
19002| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
19003| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
19004| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
19005| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
19006| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
19007| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
19008| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
19009| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
19010| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
19011| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
19012| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
19013| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
19014| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
19015| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
19016| [32724] Apache mod_python _filter_read Freed Memory Disclosure
19017| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
19018| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
19019| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
19020| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
19021| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
19022| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
19023| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
19024| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
19025| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
19026| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
19027| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
19028| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
19029| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
19030| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
19031| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
19032| [24365] Apache Struts Multiple Function Error Message XSS
19033| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
19034| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
19035| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
19036| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
19037| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
19038| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
19039| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
19040| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
19041| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
19042| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
19043| [22459] Apache Geronimo Error Page XSS
19044| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
19045| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
19046| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
19047| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
19048| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
19049| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
19050| [21021] Apache Struts Error Message XSS
19051| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
19052| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
19053| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
19054| [20439] Apache Tomcat Directory Listing Saturation DoS
19055| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
19056| [20285] Apache HTTP Server Log File Control Character Injection
19057| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
19058| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
19059| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
19060| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
19061| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
19062| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
19063| [19821] Apache Tomcat Malformed Post Request Information Disclosure
19064| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
19065| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
19066| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
19067| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
19068| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
19069| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
19070| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
19071| [18233] Apache HTTP Server htdigest user Variable Overfow
19072| [17738] Apache HTTP Server HTTP Request Smuggling
19073| [16586] Apache HTTP Server Win32 GET Overflow DoS
19074| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
19075| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
19076| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
19077| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
19078| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
19079| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
19080| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
19081| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
19082| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
19083| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
19084| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
19085| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
19086| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
19087| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
19088| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
19089| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
19090| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
19091| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
19092| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
19093| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
19094| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
19095| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
19096| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
19097| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
19098| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
19099| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
19100| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
19101| [13304] Apache Tomcat realPath.jsp Path Disclosure
19102| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
19103| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
19104| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
19105| [12848] Apache HTTP Server htdigest realm Variable Overflow
19106| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
19107| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
19108| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
19109| [12557] Apache HTTP Server prefork MPM accept Error DoS
19110| [12233] Apache Tomcat MS-DOS Device Name Request DoS
19111| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
19112| [12231] Apache Tomcat web.xml Arbitrary File Access
19113| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
19114| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
19115| [12178] Apache Jakarta Lucene results.jsp XSS
19116| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
19117| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
19118| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
19119| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
19120| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
19121| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
19122| [10471] Apache Xerces-C++ XML Parser DoS
19123| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
19124| [10068] Apache HTTP Server htpasswd Local Overflow
19125| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
19126| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
19127| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
19128| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
19129| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
19130| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
19131| [9717] Apache HTTP Server mod_cookies Cookie Overflow
19132| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
19133| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
19134| [9714] Apache Authentication Module Threaded MPM DoS
19135| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
19136| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
19137| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
19138| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
19139| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
19140| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
19141| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
19142| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
19143| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
19144| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
19145| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
19146| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
19147| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
19148| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
19149| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
19150| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
19151| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
19152| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
19153| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
19154| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
19155| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
19156| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
19157| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
19158| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
19159| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
19160| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
19161| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
19162| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
19163| [9208] Apache Tomcat .jsp Encoded Newline XSS
19164| [9204] Apache Tomcat ROOT Application XSS
19165| [9203] Apache Tomcat examples Application XSS
19166| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
19167| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
19168| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
19169| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
19170| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
19171| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
19172| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
19173| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
19174| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
19175| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
19176| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
19177| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
19178| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
19179| [7611] Apache HTTP Server mod_alias Local Overflow
19180| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
19181| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
19182| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
19183| [6882] Apache mod_python Malformed Query String Variant DoS
19184| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
19185| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
19186| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
19187| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
19188| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
19189| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
19190| [5526] Apache Tomcat Long .JSP URI Path Disclosure
19191| [5278] Apache Tomcat web.xml Restriction Bypass
19192| [5051] Apache Tomcat Null Character DoS
19193| [4973] Apache Tomcat servlet Mapping XSS
19194| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
19195| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
19196| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
19197| [4568] mod_survey For Apache ENV Tags SQL Injection
19198| [4553] Apache HTTP Server ApacheBench Overflow DoS
19199| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
19200| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
19201| [4383] Apache HTTP Server Socket Race Condition DoS
19202| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
19203| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
19204| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
19205| [4231] Apache Cocoon Error Page Server Path Disclosure
19206| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
19207| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
19208| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
19209| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
19210| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
19211| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
19212| [3322] mod_php for Apache HTTP Server Process Hijack
19213| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
19214| [2885] Apache mod_python Malformed Query String DoS
19215| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
19216| [2733] Apache HTTP Server mod_rewrite Local Overflow
19217| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
19218| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
19219| [2149] Apache::Gallery Privilege Escalation
19220| [2107] Apache HTTP Server mod_ssl Host: Header XSS
19221| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
19222| [1833] Apache HTTP Server Multiple Slash GET Request DoS
19223| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
19224| [872] Apache Tomcat Multiple Default Accounts
19225| [862] Apache HTTP Server SSI Error Page XSS
19226| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
19227| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
19228| [845] Apache Tomcat MSDOS Device XSS
19229| [844] Apache Tomcat Java Servlet Error Page XSS
19230| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
19231| [838] Apache HTTP Server Chunked Encoding Remote Overflow
19232| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
19233| [775] Apache mod_python Module Importing Privilege Function Execution
19234| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
19235| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
19236| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
19237| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
19238| [637] Apache HTTP Server UserDir Directive Username Enumeration
19239| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
19240| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
19241| [562] Apache HTTP Server mod_info /server-info Information Disclosure
19242| [561] Apache Web Servers mod_status /server-status Information Disclosure
19243| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
19244| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
19245| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
19246| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
19247| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
19248| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
19249| [376] Apache Tomcat contextAdmin Arbitrary File Access
19250| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
19251| [222] Apache HTTP Server test-cgi Arbitrary File Access
19252| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
19253| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
19254|_
19255Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
19256Device type: specialized|WAP|phone
19257Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded
19258OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz
19259OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
19260
19261TRACEROUTE (using port 443/tcp)
19262HOP RTT ADDRESS
192631 315.62 ms 10.247.204.1
192642 472.69 ms 213.184.122.97
192653 472.65 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
192664 472.80 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
192675 472.84 ms bzq-219-189-230.dsl.bezeqint.net (62.219.189.230)
192686 472.79 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
192697 472.79 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
192708 472.85 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
192719 672.62 ms vl65.dr07.lax03.as46562.net (172.83.43.51)
1927210 472.88 ms vl65.dr07.lax03.as46562.net (172.83.43.51)
1927311 ... 30
19274
19275NSE: Script Post-scanning.
19276Initiating NSE at 01:33
19277Completed NSE at 01:33, 0.00s elapsed
19278Initiating NSE at 01:33
19279Completed NSE at 01:33, 0.00s elapsed
19280######################################################################################################################################
19281Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-10 01:36 EST
19282NSE: Loaded 47 scripts for scanning.
19283NSE: Script Pre-scanning.
19284Initiating NSE at 01:36
19285Completed NSE at 01:36, 0.00s elapsed
19286Initiating NSE at 01:36
19287Completed NSE at 01:36, 0.00s elapsed
19288Initiating Parallel DNS resolution of 1 host. at 01:36
19289Completed Parallel DNS resolution of 1 host. at 01:36, 0.02s elapsed
19290Initiating UDP Scan at 01:36
19291Scanning tss.centralprocessingunit.com (107.152.98.18) [15 ports]
19292Completed UDP Scan at 01:36, 6.59s elapsed (15 total ports)
19293Initiating Service scan at 01:36
19294Scanning 13 services on tss.centralprocessingunit.com (107.152.98.18)
19295Service scan Timing: About 7.69% done; ETC: 01:57 (0:19:24 remaining)
19296Completed Service scan at 01:37, 102.60s elapsed (13 services on 1 host)
19297Initiating OS detection (try #1) against tss.centralprocessingunit.com (107.152.98.18)
19298Retrying OS detection (try #2) against tss.centralprocessingunit.com (107.152.98.18)
19299Initiating Traceroute at 01:38
19300Completed Traceroute at 01:38, 7.58s elapsed
19301Initiating Parallel DNS resolution of 1 host. at 01:38
19302Completed Parallel DNS resolution of 1 host. at 01:38, 0.00s elapsed
19303NSE: Script scanning 107.152.98.18.
19304Initiating NSE at 01:38
19305Completed NSE at 01:38, 8.77s elapsed
19306Initiating NSE at 01:38
19307Completed NSE at 01:38, 3.04s elapsed
19308Nmap scan report for tss.centralprocessingunit.com (107.152.98.18)
19309Host is up (0.31s latency).
19310
19311PORT STATE SERVICE VERSION
1931253/udp open|filtered domain
1931367/udp open|filtered dhcps
1931468/udp open|filtered dhcpc
1931569/udp open|filtered tftp
1931688/udp open|filtered kerberos-sec
19317123/udp open|filtered ntp
19318137/udp filtered netbios-ns
19319138/udp filtered netbios-dgm
19320139/udp open|filtered netbios-ssn
19321161/udp open|filtered snmp
19322162/udp open|filtered snmptrap
19323389/udp open|filtered ldap
19324500/udp open|filtered isakmp
19325|_ike-version: ERROR: Script execution failed (use -d to debug)
19326520/udp open|filtered route
193272049/udp open|filtered nfs
19328Too many fingerprints match this host to give specific OS details
19329
19330TRACEROUTE (using port 138/udp)
19331HOP RTT ADDRESS
193321 222.90 ms 10.247.204.1
193332 ... 3
193344 285.78 ms 10.247.204.1
193355 357.51 ms 10.247.204.1
193366 357.51 ms 10.247.204.1
193377 357.50 ms 10.247.204.1
193388 357.50 ms 10.247.204.1
193399 357.49 ms 10.247.204.1
1934010 199.41 ms 10.247.204.1
1934111 ... 18
1934219 216.44 ms 10.247.204.1
1934320 283.66 ms 10.247.204.1
1934421 165.20 ms 10.247.204.1
1934522 ... 27
1934628 219.00 ms 10.247.204.1
1934729 ...
1934830 244.28 ms 10.247.204.1
19349
19350NSE: Script Post-scanning.
19351Initiating NSE at 01:38
19352Completed NSE at 01:38, 0.00s elapsed
19353Initiating NSE at 01:38
19354Completed NSE at 01:38, 0.00s elapsed
19355######################################################################################################################################
19356Hosts
19357=====
19358
19359address mac name os_name os_flavor os_sp purpose info comments
19360------- --- ---- ------- --------- ----- ------- ---- --------
19361107.152.98.18 tss.centralprocessingunit.com Unknown device
19362
19363Services
19364========
19365
19366host port proto name state info
19367---- ---- ----- ---- ----- ----
19368107.152.98.18 53 udp domain unknown
19369107.152.98.18 67 udp dhcps unknown
19370107.152.98.18 68 udp dhcpc unknown
19371107.152.98.18 69 udp tftp unknown
19372107.152.98.18 88 udp kerberos-sec unknown
19373107.152.98.18 123 udp ntp unknown
19374107.152.98.18 137 udp netbios-ns filtered
19375107.152.98.18 138 udp netbios-dgm filtered
19376107.152.98.18 139 udp netbios-ssn unknown
19377107.152.98.18 161 udp snmp unknown
19378107.152.98.18 162 udp snmptrap unknown
19379107.152.98.18 389 udp ldap unknown
19380107.152.98.18 500 udp isakmp unknown
19381107.152.98.18 520 udp route unknown
19382107.152.98.18 2049 udp nfs unknown
19383#######################################################################################################################################
19384 Anonymous JTSEC #OpDomesticTerrorism Full Recon #3