· 5 years ago · Feb 16, 2020, 08:34 AM
1##################################################################################################################################
2=================================================================================================================================
3Hostname whitepridearchives.com ISP New Dream Network, LLC
4Continent North America Flag
5US
6Country United States Country Code US
7Region California Local time 15 Feb 2020 22:53 PST
8City Brea Postal Code 92821
9IP Address 69.163.233.4 Latitude 33.934
10 Longitude -117.885
11====================================================================================================================================
12##################################################################################################################################
13> whitepridearchives.com
14Server: 10.101.0.243
15Address: 10.101.0.243#53
16
17Non-authoritative answer:
18Name: whitepridearchives.com
19Address: 69.163.233.4
20>
21##################################################################################################################################
22 Domain Name: WHITEPRIDEARCHIVES.COM
23 Registry Domain ID: 1422007101_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.dreamhost.com
25 Registrar URL: http://www.DreamHost.com
26 Updated Date: 2020-02-11T10:25:26Z
27 Creation Date: 2008-03-13T16:40:31Z
28 Registry Expiry Date: 2021-03-13T16:40:31Z
29 Registrar: DreamHost, LLC
30 Registrar IANA ID: 431
31 Registrar Abuse Contact Email:
32 Registrar Abuse Contact Phone:
33 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
34 Name Server: NS1.DREAMHOST.COM
35 Name Server: NS2.DREAMHOST.COM
36 Name Server: NS3.DREAMHOST.COM
37 DNSSEC: unsigned
38#################################################################################################################################
39Domain Name: whitepridearchives.com
40Registry Domain ID: 1422007101_DOMAIN_COM-VRSN
41Registrar WHOIS Server: WHOIS.DREAMHOST.COM
42Registrar URL: WWW.DREAMHOST.COM
43Updated Date: 2020-02-11T10:25:26.00Z
44Creation Date: 2008-03-13T09:40:31.00Z
45Registrar Registration Expiration Date: 2021-03-13T16:40:31.00Z
46Registrar: DREAMHOST
47Registrar IANA ID: 431
48Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
49Domain Status: renewPeriod https://www.icann.org/epp#renewPeriod
50Registrant Name: Proxy Protection LLC
51Registrant Organization: Proxy Protection LLC
52Registrant Street: 417 Associated Rd #324
53Registrant Street: C/O whitepridearchives.com
54Registrant City: Brea
55Registrant State/Province: CA
56Registrant Postal Code: 92821
57Registrant Country: US
58Registrant Phone: +1.7147064182
59Registrant Phone Ext:
60Registrant Fax:
61Registrant Email: whitepridearchives.com@proxy.dreamhost.com
62Admin Name: Proxy Protection LLC
63Admin Organization: Proxy Protection LLC
64Admin Street: 417 Associated Rd #324
65Admin Street: C/O whitepridearchives.com
66Admin City: Brea
67Admin State/Province: CA
68Admin Postal Code: 92821
69Admin Country: US
70Admin Phone: +1.7147064182
71Admin Phone Ext:
72Admin Fax:
73Admin Email: whitepridearchives.com@proxy.dreamhost.com
74Tech Name: Proxy Protection LLC
75Tech Organization: Proxy Protection LLC
76Tech Street: 417 Associated Rd #324
77Tech Street: C/O whitepridearchives.com
78Tech City: Brea
79Tech State/Province: CA
80Tech Postal Code: 92821
81Tech Country: US
82Tech Phone: +1.7147064182
83Tech Phone Ext:
84Tech Fax:
85Tech Email: whitepridearchives.com@proxy.dreamhost.com
86Name Server: NS1.DREAMHOST.COM
87Name Server: NS2.DREAMHOST.COM
88Name Server: NS3.DREAMHOST.COM
89DNSSEC: unsigned
90###################################################################################################################################
91[+] Target : whitepridearchives.com
92
93[+] IP Address : 69.163.233.4
94
95[+] Headers :
96
97[+] Date : Sun, 16 Feb 2020 07:00:07 GMT
98[+] Server : Apache
99[+] Last-Modified : Fri, 18 Jul 2008 01:37:35 GMT
100[+] ETag : "2ffc-4524266ed75c0"
101[+] Accept-Ranges : bytes
102[+] Vary : Accept-Encoding
103[+] Content-Encoding : gzip
104[+] Content-Length : 3795
105[+] Keep-Alive : timeout=2, max=100
106[+] Connection : Keep-Alive
107[+] Content-Type : text/html
108
109[+] SSL Certificate Information :
110
111[+] countryName : US
112[+] stateOrProvinceName : California
113[+] organizationName : DreamHost
114[+] commonName : sni.dreamhost.com
115[+] countryName : US
116[+] stateOrProvinceName : California
117[+] organizationName : DreamHost
118[+] commonName : sni.dreamhost.com
119[+] Version : 3
120[+] Serial Number : 0BADC0FFEE
121[+] Not Before : Aug 11 18:24:23 2015 GMT
122[+] Not After : Aug 8 18:24:23 2025 GMT
123
124[+] Whois Lookup :
125
126[+] NIR : None
127[+] ASN Registry : arin
128[+] ASN : 26347
129[+] ASN CIDR : 69.163.224.0/20
130[+] ASN Country Code : US
131[+] ASN Date : 2009-03-27
132[+] ASN Description : DREAMHOST-AS, US
133[+] cidr : 69.163.128.0/17
134[+] name : DREAMHOST-BLK9
135[+] handle : NET-69-163-128-0-1
136[+] range : 69.163.128.0 - 69.163.255.255
137[+] description : New Dream Network, LLC
138[+] country : US
139[+] state : CA
140[+] city : Brea
141[+] address : 417 Associated Rd.
142PMB #257
143[+] postal_code : 92821
144[+] emails : ['abuse@dreamhost.com', 'netops@dreamhost.com']
145[+] created : 2009-03-27
146[+] updated : 2015-08-31
147
148[+] Crawling Target...
149
150[+] Looking for robots.txt........[ Found ]
151[+] Extracting robots Links.......[ 3 ]
152[+] Looking for sitemap.xml.......[ Found ]
153[+] Extracting sitemap Links......[ 5 ]
154[+] Extracting CSS Links..........[ 0 ]
155[+] Extracting Javascript Links...[ 0 ]
156[+] Extracting Internal Links.....[ 0 ]
157[+] Extracting External Links.....[ 6 ]
158[+] Extracting Images.............[ 3 ]
159
160[+] Total Links Extracted : 17
161
162[+] Dumping Links in /opt/FinalRecon/dumps/whitepridearchives.com.dump
163[+] Completed!
164##################################################################################################################################
165[i] Scanning Site: http://whitepridearchives.com
166
167
168
169B A S I C I N F O
170====================
171
172
173[+] Site Title: White Pride News and Entertainment
174[+] IP address: 69.163.233.4
175[+] Web Server: Apache
176[+] CMS: Could Not Detect
177[+] Cloudflare: Not Detected
178[+] Robots File: Found
179
180-------------[ contents ]----------------
181User-agent: *
182Disallow: http://www.whitepridearchives.com/GMRradio/flash/
183Disallow: http://www.whitepridearchives.com/This is the Klan/flash/
184Disallow: http://www.whitepridearchives.com/playerProductInstall/flash/
185Disallow: http://www.whitepridearchives.com/Political Watchdog/flash/
186Disallow: http://www.whitepridearchives.com/This is the Klan/flash/
187Disallow: /cgi-bin/
188Disallow: /tmp/
189
190-----------[end of contents]-------------
191
192
193
194W H O I S L O O K U P
195========================
196
197 Domain Name: WHITEPRIDEARCHIVES.COM
198 Registry Domain ID: 1422007101_DOMAIN_COM-VRSN
199 Registrar WHOIS Server: whois.dreamhost.com
200 Registrar URL: http://www.DreamHost.com
201 Updated Date: 2020-02-11T10:25:26Z
202 Creation Date: 2008-03-13T16:40:31Z
203 Registry Expiry Date: 2021-03-13T16:40:31Z
204 Registrar: DreamHost, LLC
205 Registrar IANA ID: 431
206 Registrar Abuse Contact Email:
207 Registrar Abuse Contact Phone:
208 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
209 Name Server: NS1.DREAMHOST.COM
210 Name Server: NS2.DREAMHOST.COM
211 Name Server: NS3.DREAMHOST.COM
212 DNSSEC: unsigned
213 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
214>>> Last update of whois database: 2020-02-16T07:00:17Z <<<
215
216For more information on Whois status codes, please visit https://icann.org/epp
217
218
219
220The Registry database contains ONLY .COM, .NET, .EDU domains and
221Registrars.
222
223
224
225
226G E O I P L O O K U P
227=========================
228
229[i] IP Address: 69.163.233.4
230[i] Country: United States
231[i] State: California
232[i] City: Brea
233[i] Latitude: 33.9339
234[i] Longitude: -117.8854
235
236
237
238
239H T T P H E A D E R S
240=======================
241
242
243[i] HTTP/1.1 200 OK
244[i] Date: Sun, 16 Feb 2020 07:00:29 GMT
245[i] Server: Apache
246[i] Last-Modified: Fri, 18 Jul 2008 01:37:35 GMT
247[i] ETag: "2ffc-4524266ed75c0"
248[i] Accept-Ranges: bytes
249[i] Content-Length: 12284
250[i] Vary: Accept-Encoding
251[i] Connection: close
252[i] Content-Type: text/html
253[i] X-Pad: avoid browser bug
254
255
256
257
258D N S L O O K U P
259===================
260
261whitepridearchives.com. 14399 IN NS ns3.dreamhost.com.
262whitepridearchives.com. 14399 IN NS ns2.dreamhost.com.
263whitepridearchives.com. 14399 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com. 2016022700 15144 1800 1814400 14400
264whitepridearchives.com. 14399 IN A 69.163.233.4
265whitepridearchives.com. 14399 IN NS ns1.dreamhost.com.
266
267
268
269
270S U B N E T C A L C U L A T I O N
271====================================
272
273Address = 69.163.233.4
274Network = 69.163.233.4 / 32
275Netmask = 255.255.255.255
276Broadcast = not needed on Point-to-Point links
277Wildcard Mask = 0.0.0.0
278Hosts Bits = 0
279Max. Hosts = 1 (2^0 - 0)
280Host Range = { 69.163.233.4 - 69.163.233.4 }
281
282
283
284N M A P P O R T S C A N
285============================
286
287Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-16 07:00 UTC
288Nmap scan report for whitepridearchives.com (69.163.233.4)
289Host is up (0.064s latency).
290rDNS record for 69.163.233.4: ps54052.dreamhostps.com
291
292PORT STATE SERVICE
29321/tcp open ftp
29422/tcp open ssh
29523/tcp closed telnet
29680/tcp open http
297110/tcp closed pop3
298143/tcp closed imap
299443/tcp open https
3003389/tcp closed ms-wbt-server
301
302Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
303
304
305
306S U B - D O M A I N F I N D E R
307==================================
308
309
310[i] Total Subdomains Found : 1
311
312[+] Subdomain: www.whitepridearchives.com
313[-] IP: 69.163.233.4
314##################################################################################################################################
315[+] Starting At 2020-02-16 02:01:50.258462
316[+] Collecting Information On: http://whitepridearchives.com/
317[#] Status: 200
318--------------------------------------------------
319[#] Web Server Detected: Apache
320[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
321- Date: Sun, 16 Feb 2020 07:01:50 GMT
322- Server: Apache
323- Last-Modified: Fri, 18 Jul 2008 01:37:35 GMT
324- ETag: "2ffc-4524266ed75c0"
325- Accept-Ranges: bytes
326- Vary: Accept-Encoding
327- Content-Encoding: gzip
328- Content-Length: 3795
329- Keep-Alive: timeout=2, max=100
330- Connection: Keep-Alive
331- Content-Type: text/html
332--------------------------------------------------
333[#] Finding Location..!
334[#] status: success
335[#] country: United States
336[#] countryCode: US
337[#] region: CA
338[#] regionName: California
339[#] city: Brea
340[#] zip: 92821
341[#] lat: 33.9167
342[#] lon: -117.9
343[#] timezone: America/Los_Angeles
344[#] isp: New Dream Network, LLC
345[#] org: New Dream Network, LLC
346[#] as: AS26347 New Dream Network, LLC
347[#] query: 69.163.233.4
348--------------------------------------------------
349[x] Didn't Detect WAF Presence on: http://whitepridearchives.com/
350--------------------------------------------------
351[#] Starting Reverse DNS
352[-] Failed ! Fail
353--------------------------------------------------
354[!] Scanning Open Port
355[#] 21/tcp open ftp
356[#] 22/tcp open ssh
357[#] 25/tcp open smtp
358[#] 80/tcp open http
359[#] 443/tcp open https
360[#] 587/tcp open submission
361--------------------------------------------------
362[+] Getting SSL Info
363[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
364--------------------------------------------------
365[+] Collecting Information Disclosure!
366[#] Detecting sitemap.xml file
367[!] sitemap.xml File Found: http://whitepridearchives.com//sitemap.xml
368[#] Detecting robots.txt file
369[!] robots.txt File Found: http://whitepridearchives.com//robots.txt
370[#] Detecting GNU Mailman
371[-] GNU Mailman App Not Detected!?
372--------------------------------------------------
373[+] Crawling Url Parameter On: http://whitepridearchives.com/
374--------------------------------------------------
375[#] Searching Html Form !
376[-] No Html Form Found!?
377--------------------------------------------------
378[-] No DOM Paramter Found!?
379--------------------------------------------------
380[-] No internal Dynamic Parameter Found!?
381--------------------------------------------------
382[-] No external Dynamic Paramter Found!?
383--------------------------------------------------
384[!] 5 Internal links Discovered
385[+] http://www.whitepridearchives.com/favicon.ico
386[+] http://whitepridearchives.com//www.whitepridearchives.com/favicon.ico
387[+] http://whitepridearchives.com///favicon.ico
388[+] http://whitepridearchives.com///favicon.ico
389[+] http://whitepridearchives.com//mailto:mail@christianidentitychurch.net
390--------------------------------------------------
391[!] 6 External links Discovered
392[#] http://www.baldwin2008tv.com
393[#] http://www.christianidentitychurch.net/
394[#] http://www.whiteheritagestore.net/
395[#] http://www.whitechristianheritagefestival.org/
396[#] http://www.moseshand.com/
397[#] http://www.globalminorityreport.com
398--------------------------------------------------
399[#] Mapping Subdomain..
400[!] Found 2 Subdomain
401- whitepridearchives.com
402- www.whitepridearchives.com
403--------------------------------------------------
404[!] Done At 2020-02-16 02:02:05.892687
405#################################################################################################################################
406[INFO] ------TARGET info------
407[*] TARGET: http://whitepridearchives.com/
408[*] TARGET IP: 69.163.233.4
409[INFO] NO load balancer detected for whitepridearchives.com...
410[*] DNS servers: ns1.dreamhost.com.
411[*] TARGET server: Apache
412[*] CC: US
413[*] Country: United States
414[*] RegionCode: CA
415[*] RegionName: California
416[*] City: Brea
417[*] ASN: AS26347
418[*] BGP_PREFIX: 69.163.224.0/20
419[*] ISP: DREAMHOST-AS, US
420[INFO] DNS enumeration:
421[*] ftp.whitepridearchives.com 69.163.233.4
422[INFO] Possible abuse mails are:
423[*] abuse@whitepridearchives.com
424[*] spamcop-fbl@hq.newdream.net
425[INFO] NO PAC (Proxy Auto Configuration) file FOUND
426[ALERT] robots.txt file FOUND in http://whitepridearchives.com/robots.txt
427[INFO] Checking for HTTP status codes recursively from http://whitepridearchives.com/robots.txt
428[INFO] Status code Folders
429[INFO] Starting FUZZing in http://whitepridearchives.com/FUzZzZzZzZz...
430[INFO] Status code Folders
431[*] 200 http://whitepridearchives.com/images
432[ALERT] Look in the source code. It may contain passwords
433[INFO] Links found from http://whitepridearchives.com/ http://69.163.233.4/:
434[*] https://panel.dreamhost.com/index.cgi?tree=support.msg
435[*] http://whitepridearchives.com/LivePlaylist.html
436[*] http://whitepridearchives.com/whitepridearchives-headerfram.html
437[*] http://whitepridearchives.com/whitepridearchives-menu.html
438[*] http://wiki.dreamhost.com/Site_not_found
439[*] http://www.baldwin2008tv.com/
440[*] http://www.christianidentitychurch.net/
441[*] http://www.dreamhost.com/
442[*] http://www.globalminorityreport.com/
443[*] http://www.moseshand.com/
444[*] http://www.whitechristianheritagefestival.org/
445[*] http://www.whiteheritagestore.net/
446cut: intervalle de champ incorrecte
447Saisissez « cut --help » pour plus d'informations.
448[INFO] Shodan detected the following opened ports on 69.163.233.4:
449[*] 21
450[*] 214
451[*] 22
452[*] 25
453[*] 443
454[*] 587
455[*] 8
456[*] 80
457[INFO] ------VirusTotal SECTION------
458[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
459[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
460[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
461[INFO] ------Alexa Rank SECTION------
462[INFO] Percent of Visitors Rank in Country:
463[INFO] Percent of Search Traffic:
464[INFO] Percent of Unique Visits:
465[INFO] Total Sites Linking In:
466[*] Total Sites
467[INFO] Useful links related to whitepridearchives.com - 69.163.233.4:
468[*] https://www.virustotal.com/pt/ip-address/69.163.233.4/information/
469[*] https://www.hybrid-analysis.com/search?host=69.163.233.4
470[*] https://www.shodan.io/host/69.163.233.4
471[*] https://www.senderbase.org/lookup/?search_string=69.163.233.4
472[*] https://www.alienvault.com/open-threat-exchange/ip/69.163.233.4
473[*] http://pastebin.com/search?q=69.163.233.4
474[*] http://urlquery.net/search.php?q=69.163.233.4
475[*] http://www.alexa.com/siteinfo/whitepridearchives.com
476[*] http://www.google.com/safebrowsing/diagnostic?site=whitepridearchives.com
477[*] https://censys.io/ipv4/69.163.233.4
478[*] https://www.abuseipdb.com/check/69.163.233.4
479[*] https://urlscan.io/search/#69.163.233.4
480[*] https://github.com/search?q=69.163.233.4&type=Code
481[INFO] Useful links related to AS26347 - 69.163.224.0/20:
482[*] http://www.google.com/safebrowsing/diagnostic?site=AS:26347
483[*] https://www.senderbase.org/lookup/?search_string=69.163.224.0/20
484[*] http://bgp.he.net/AS26347
485[*] https://stat.ripe.net/AS26347
486[INFO] Date: 16/02/20 | Time: 02:03:16
487[INFO] Total time: 1 minute(s) and 21 second(s)
488#################################################################################################################################
489Trying "whitepridearchives.com"
490;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25569
491;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
492
493;; QUESTION SECTION:
494;whitepridearchives.com. IN ANY
495
496;; ANSWER SECTION:
497whitepridearchives.com. 14400 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com. 2016022700 15144 1800 1814400 14400
498whitepridearchives.com. 14229 IN A 69.163.233.4
499whitepridearchives.com. 14400 IN NS ns2.dreamhost.com.
500whitepridearchives.com. 14400 IN NS ns1.dreamhost.com.
501whitepridearchives.com. 14400 IN NS ns3.dreamhost.com
502
503;; ADDITIONAL SECTION:
504ns3.dreamhost.com. 18863 IN A 66.33.205.230
505ns2.dreamhost.com. 18863 IN A 208.97.182.10
506ns1.dreamhost.com. 35559 IN A 64.90.62.230
507
508Received 215 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 41 ms
509##################################################################################################################################
510; <<>> DiG 9.11.14-3-Debian <<>> +trace whitepridearchives.com any
511;; global options: +cmd
512. 42730 IN NS b.root-servers.net.
513. 42730 IN NS j.root-servers.net.
514. 42730 IN NS i.root-servers.net.
515. 42730 IN NS k.root-servers.net.
516. 42730 IN NS l.root-servers.net.
517. 42730 IN NS d.root-servers.net.
518. 42730 IN NS a.root-servers.net.
519. 42730 IN NS g.root-servers.net.
520. 42730 IN NS c.root-servers.net.
521. 42730 IN NS m.root-servers.net.
522. 42730 IN NS e.root-servers.net.
523. 42730 IN NS f.root-servers.net.
524. 42730 IN NS h.root-servers.net.
525. 42730 IN RRSIG NS 8 0 518400 20200229050000 20200216040000 33853 . oobuk9R6WiPPIPAsXWoX2JV2VJ6+WRRPN/3sbeyMd4s1/6ddjt6MUgvm DdCgzDz/wEVSVEBcLcts2Vi2wiFrpqyLudu47oLLbfh75nTHlir1bR5Y kpxba71i3iQB4zBqjW0Q7OVei8vnrlsw7yI79z7rtoxaqaPSZfYFvDE9 IyFdJ15yaadCMXttloGIU6MjBLxsXmd6y3vOQNd1btv2NSXn7tDwtji2 3Hk7oEphL8yAirsHviODpwqkhywLzd7fSoUD6qAHKXvNGXWOI896Vbqf BDhN129AcOq1CjgwFWxHKApKZufOmXrhp8J/28/SLoevnzAmj+Hh2hND RDhnvw==
526;; Received 525 bytes from 10.101.0.243#53(10.101.0.243) in 198 ms
527
528com. 172800 IN NS f.gtld-servers.net.
529com. 172800 IN NS a.gtld-servers.net.
530com. 172800 IN NS g.gtld-servers.net.
531com. 172800 IN NS c.gtld-servers.net.
532com. 172800 IN NS m.gtld-servers.net.
533com. 172800 IN NS d.gtld-servers.net.
534com. 172800 IN NS l.gtld-servers.net.
535com. 172800 IN NS i.gtld-servers.net.
536com. 172800 IN NS k.gtld-servers.net.
537com. 172800 IN NS b.gtld-servers.net.
538com. 172800 IN NS j.gtld-servers.net.
539com. 172800 IN NS h.gtld-servers.net.
540com. 172800 IN NS e.gtld-servers.net.
541com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
542com. 86400 IN RRSIG DS 8 1 86400 20200229050000 20200216040000 33853 . apStefmhDrUaLZsLF2thGrrd9eKSdoHazlF2U1zuvA0g0ZegAzrzup5p QO6v9KzMa5ywJ6uwuWE7XuYqfDjNMjoBukkHfpkjASFnr+3NOfTQd9mg YNl/G0EIwmgPRMTwZV/58iUggwfZJtLfs2Ls/cXYxbhUkSC1OwxPAfog /LqRt6wAUevAzTbNIAK/+N45uGbPJRVqYh/yBPHSTQlrtEc27sI22fLJ P6GFHBNhr1Pm+Oy81RZ0ei0RJNXf8V8Ae7s102oDvwaoCJrfgM4fmYT4 z/CbirFnNyhcXlVJOl0/KZHBJjKLUk9RytPpf5/wb4FU6OjfOkxVUrla TIt9ww==
543;; Received 1210 bytes from 192.112.36.4#53(g.root-servers.net) in 171 ms
544
545whitepridearchives.com. 172800 IN NS ns1.dreamhost.com.
546whitepridearchives.com. 172800 IN NS ns2.dreamhost.com.
547whitepridearchives.com. 172800 IN NS ns3.dreamhost.com.
548CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
549CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200223054910 20200216043910 56311 com. eUQKMnns0yYh9r2lA/4SveJZd2bo9A3pCRacfBZk+uDkurEtLtvN6xKA OcOz7kdaZsnT50rLRVUgheT+yGSsowSr1hdoYZ9zv70y3BkwTuG5IETD jqBDFRu8ngQ6MFGREnhICFWjtCN9LU7K8DWMLCxHaC5thQDElHPoNxAj LbJLdXOUBGbqCLt9xyEFlt7+rVzqnqkv/b5dXE3j+ZcY2A==
55087V5D9RLF82S2VQL6D6142GRQSH6DM1A.com. 86400 IN NSEC3 1 1 0 - 87V66VP1ERCSJTCKU1LI4DQDP6LLQNU4 NS DS RRSIG
55187V5D9RLF82S2VQL6D6142GRQSH6DM1A.com. 86400 IN RRSIG NSEC3 8 2 86400 20200221063458 20200214052458 56311 com. D5vtefWbXwpHtaxRvVI+qSGd1pg4QLgl5/QieVIM+cW3pwLqumiE32Vw gz+UMQMqJUx9gnFlIycDSWkuMNk6uPRH8RA34P2Q155CkwnAIoDn09Kq IGSN6gu2N6I3vxtP/eZs5011MJ56H2HM1+A1X2Hj6EAteNcb2KexaUFI rioG4NFdsZb63Qs5+5fikxheTLFw7lzLGauJN3IkcCN5tQ==
552;; Received 712 bytes from 192.42.93.30#53(g.gtld-servers.net) in 167 ms
553
554whitepridearchives.com. 14400 IN A 69.163.233.4
555whitepridearchives.com. 14400 IN NS ns1.dreamhost.com.
556whitepridearchives.com. 14400 IN NS ns2.dreamhost.com.
557whitepridearchives.com. 14400 IN NS ns3.dreamhost.com.
558whitepridearchives.com. 14400 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com. 2016022700 15144 1800 1814400 14400
559;; Received 226 bytes from 64.90.62.230#53(ns1.dreamhost.com) in 641 ms
560
561##################################################################################################################################
562 AVAILABLE PLUGINS
563 -----------------
564
565 HttpHeadersPlugin
566 CompressionPlugin
567 EarlyDataPlugin
568 HeartbleedPlugin
569 RobotPlugin
570 OpenSslCipherSuitesPlugin
571 OpenSslCcsInjectionPlugin
572 SessionResumptionPlugin
573 SessionRenegotiationPlugin
574 CertificateInfoPlugin
575 FallbackScsvPlugin
576
577
578
579 CHECKING HOST(S) AVAILABILITY
580 -----------------------------
581
582 69.163.233.4:443 => 69.163.233.4
583
584
585
586
587 SCAN RESULTS FOR 69.163.233.4:443 - 69.163.233.4
588 ------------------------------------------------
589
590 * Downgrade Attacks:
591 TLS_FALLBACK_SCSV: OK - Supported
592
593 * SSLV2 Cipher Suites:
594 Server rejected all cipher suites.
595
596 * TLSV1_3 Cipher Suites:
597 Server rejected all cipher suites.
598
599 * Certificate Information:
600 Content
601 SHA1 Fingerprint: 8b96693327a26e1e520f894476c5e7a6de0c16f4
602 Common Name: sni.dreamhost.com
603 Issuer: sni.dreamhost.com
604 Serial Number: 50159747054
605 Not Before: 2015-08-11 18:24:23
606 Not After: 2025-08-08 18:24:23
607 Signature Algorithm: sha256
608 Public Key Algorithm: RSA
609 Key Size: 2048
610 Exponent: 65537 (0x10001)
611 DNS Subject Alternative Names: []
612
613 Trust
614 Hostname Validation: FAILED - Certificate does NOT match 69.163.233.4
615 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
616 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
617 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
618 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
619 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
620 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
621 Received Chain: sni.dreamhost.com
622 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
623 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
624 Received Chain Order: OK - Order is valid
625 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
626
627 Extensions
628 OCSP Must-Staple: NOT SUPPORTED - Extension not found
629 Certificate Transparency: NOT SUPPORTED - Extension not found
630
631 OCSP Stapling
632 NOT SUPPORTED - Server did not send back an OCSP response
633
634 * OpenSSL Heartbleed:
635 OK - Not vulnerable to Heartbleed
636
637 * OpenSSL CCS Injection:
638 OK - Not vulnerable to OpenSSL CCS injection
639
640 * TLSV1 Cipher Suites:
641 Server rejected all cipher suites.
642
643 * TLSV1_1 Cipher Suites:
644 Forward Secrecy OK - Supported
645 RC4 OK - Not Supported
646
647 Preferred:
648 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
649 Accepted:
650 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
651 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
652 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
653 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
654 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
655 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
656 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
657 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
658 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
659 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
660
661 * TLS 1.2 Session Resumption Support:
662 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
663 With TLS Tickets: OK - Supported
664
665 * Deflate Compression:
666 OK - Compression disabled
667
668 * TLSV1_2 Cipher Suites:
669 Forward Secrecy OK - Supported
670 RC4 OK - Not Supported
671
672 Preferred:
673 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
674 Accepted:
675 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
676 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
677 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
678 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
679 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
680 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
681 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
682 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
683 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
684 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
685 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
686 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
687 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
688 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
689 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
690 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
691 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
692 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
693 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
694 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
695 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
696 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
697
698 * Session Renegotiation:
699 Client-initiated Renegotiation: OK - Rejected
700 Secure Renegotiation: OK - Supported
701
702 * SSLV3 Cipher Suites:
703 Server rejected all cipher suites.
704
705 * ROBOT Attack:
706 OK - Not vulnerable
707
708
709 SCAN COMPLETED IN 39.38 S
710 -------------------------
711#################################################################################################################################
712
713Domains still to check: 1
714 Checking if the hostname whitepridearchives.com. given is in fact a domain...
715
716Analyzing domain: whitepridearchives.com.
717 Checking NameServers using system default resolver...
718 IP: 208.97.182.10 (United States)
719 HostName: ns2.dreamhost.com Type: NS
720 HostName: ns2.dreamhost.com Type: PTR
721 IP: 66.33.205.230 (United States)
722 HostName: ns3.dreamhost.com Type: NS
723 HostName: ns3.dreamhost.com Type: PTR
724 IP: 64.90.62.230 (United States)
725 HostName: ns1.dreamhost.com Type: NS
726 HostName: ns1.dreamhost.com Type: PTR
727
728 Checking MailServers using system default resolver...
729 WARNING!! There are no MX records for this domain
730
731 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
732 No zone transfer found on nameserver 66.33.205.230
733 No zone transfer found on nameserver 64.90.62.230
734 No zone transfer found on nameserver 208.97.182.10
735
736 Checking SPF record...
737 No SPF record
738
739 Checking 192 most common hostnames using system default resolver...
740 IP: 69.163.233.4 (United States)
741 HostName: www.whitepridearchives.com. Type: A
742 IP: 69.163.233.4 (United States)
743 HostName: www.whitepridearchives.com. Type: A
744 HostName: ftp.whitepridearchives.com. Type: A
745 HostName: ps54052.dreamhostps.com Type: PTR
746 IP: 69.163.233.4 (United States)
747 HostName: www.whitepridearchives.com. Type: A
748 HostName: ftp.whitepridearchives.com. Type: A
749 HostName: ps54052.dreamhostps.com Type: PTR
750 HostName: ssh.whitepridearchives.com. Type: A
751
752 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
753 Checking netblock 66.33.205.0
754 Checking netblock 64.90.62.0
755 Checking netblock 208.97.182.0
756 Checking netblock 69.163.233.0
757
758 Searching for whitepridearchives.com. emails in Google
759
760 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
761 Host 66.33.205.230 is up (echo-reply ttl 41)
762 Host 64.90.62.230 is up (echo-reply ttl 42)
763 Host 208.97.182.10 is up (echo-reply ttl 48)
764 Host 69.163.233.4 is up (port-unreach ttl 42)
765
766 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
767 Scanning ip 66.33.205.230 (ns3.dreamhost.com (PTR)):
768 53/tcp open domain? syn-ack ttl 41
769 | fingerprint-strings:
770 | DNSVersionBindReqTCP:
771 | version
772 |_ bind
773 Scanning ip 64.90.62.230 (ns1.dreamhost.com (PTR)):
774 53/tcp open domain? syn-ack ttl 41
775 | fingerprint-strings:
776 | DNSVersionBindReqTCP:
777 | version
778 |_ bind
779 Scanning ip 208.97.182.10 (ns2.dreamhost.com (PTR)):
780 53/tcp open domain? syn-ack ttl 49
781 Device type: general purpose|media device|webcam|firewall|load balancer
782 Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Tiandy embedded (90%), Geovision embedded (85%), IPCop 2.X (85%), Kemp embedded (85%)
783 Scanning ip 69.163.233.4 (ssh.whitepridearchives.com.):
784 21/tcp open ftp syn-ack ttl 42 ProFTPD 1.2.10
785 22/tcp open ssh syn-ack ttl 42 OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
786 | ssh-hostkey:
787 | 2048 73:3e:fd:9f:b5:91:05:3a:59:de:53:9a:ad:5d:77:92 (RSA)
788 | 256 3d:3e:fb:92:af:0e:69:68:b0:71:18:77:49:c6:55:34 (ECDSA)
789 |_ 256 4f:b5:93:d8:09:7c:a8:0f:42:02:c4:43:23:92:78:a1 (ED25519)
790 25/tcp open smtp syn-ack ttl 42 Postfix smtpd
791 |_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
792 80/tcp open http syn-ack ttl 41 Apache httpd
793 | http-methods:
794 |_ Supported Methods: POST OPTIONS GET HEAD
795 |_http-server-header: Apache
796 |_http-title: Site not found · DreamHost
797 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
798 | http-methods:
799 |_ Supported Methods: GET HEAD POST OPTIONS
800 |_http-server-header: Apache
801 |_http-title: 400 Bad Request
802 | ssl-cert: Subject: commonName=sni.dreamhost.com/organizationName=DreamHost/stateOrProvinceName=California/countryName=US
803 | Issuer: commonName=sni.dreamhost.com/organizationName=DreamHost/stateOrProvinceName=California/countryName=US
804 | Public Key type: rsa
805 | Public Key bits: 2048
806 | Signature Algorithm: sha256WithRSAEncryption
807 | Not valid before: 2015-08-11T18:24:23
808 | Not valid after: 2025-08-08T18:24:23
809 | MD5: df80 e5e1 75da fd00 a477 23e0 e5d6 2cdd
810 |_SHA-1: 8b96 6933 27a2 6e1e 520f 8944 76c5 e7a6 de0c 16f4
811 |_ssl-date: TLS randomness does not represent time
812 587/tcp open smtp syn-ack ttl 41 Postfix smtpd
813 |_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
814 OS Info: Service Info: Host: ps54052.dreamhostps.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel
815 WebCrawling domain's web servers... up to 50 max links.
816
817 + URL to crawl: http://ssh.whitepridearchives.com.
818 + Date: 2020-02-16
819
820 + Crawling URL: http://ssh.whitepridearchives.com.:
821 + Links:
822 + Crawling http://ssh.whitepridearchives.com.
823 + Searching for directories...
824 - Found: http://ssh.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/
825 - Found: http://ssh.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/
826 - Found: http://ssh.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/css/
827 + Searching open folders...
828 - http://ssh.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/ (404 Not Found)
829 - http://ssh.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/ (404 Not Found)
830 - http://ssh.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/css/ (404 Not Found)
831
832
833 + URL to crawl: http://www.whitepridearchives.com.
834 + Date: 2020-02-16
835
836 + Crawling URL: http://www.whitepridearchives.com.:
837 + Links:
838 + Crawling http://www.whitepridearchives.com.
839 + Crawling http://www.whitepridearchives.com./whitepridearchives-headerfram.html
840 + Crawling http://www.whitepridearchives.com./whitepridearchives-menu.html
841 + Crawling http://www.whitepridearchives.com./LivePlaylist.html
842 + Crawling http://www.whitepridearchives.com./
843 + Crawling http://www.whitepridearchives.com./power-pulpid/IFRAME%20index.html
844 + Crawling http://www.whitepridearchives.com./This%20is%20the%20Klan/index.html
845 + Crawling http://www.whitepridearchives.com./whitepridearchives-ARCHIVED.html
846 + Crawling http://www.whitepridearchives.com./welcome-knights-party-video/welcome-knights-party-video.html
847 + Crawling http://www.whitepridearchives.com./LINK Mogulus baldwin2008.html
848 + Crawling http://www.whitepridearchives.com./LINK%20Mogulus%20Ron%20Paul%20Channel.html
849 + Crawling http://www.whitepridearchives.com./LINK%20Mogulus%20baldwin2008.html
850 + Crawling http://www.whitepridearchives.com./LINK%20STORMFRONT%20RADIO.html
851 + Crawling http://www.whitepridearchives.com./LINK%20gcnlive.html
852 + Crawling http://www.whitepridearchives.com./LINK%20Alex%20Jones%20.html
853 + Crawling http://www.whitepridearchives.com./GMRradio/index.html
854 + Crawling http://www.whitepridearchives.com./DynamicFeed.html
855 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Why%20the%20Knights/index.html
856 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/index.html
857 + Crawling http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-21-this-is-the-klan/index.html (404 Not Found)
858 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Lierature%20Distribution%20101/index.html
859 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Never%20Quit/index.html
860 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Standing%20Firm/index.html
861 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Right%20to%20be%20Proud/index.html
862 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Be%20a%20Hero/index.html
863 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/The%20Best%20is%20Yet%20to%20Come/index.html
864 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Loving%20You/index.html
865 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/The%20Curse/index.html
866 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Assurance%20of%20Victory/index.html
867 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Be%20Faithful/index.html
868 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Dont%20You%20Know%20Who%20You%20Are/index.html
869 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Christian%20Foundation%20of%20America/index.html
870 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Christion%20Reason/index.html
871 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Walls%20and%20Bridges/index.html
872 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Jewish%20Reason/index.html
873 + Crawling http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-07-this-is-the-klan/index.html (404 Not Found)
874 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Christianity%20Destroyed%20Through%20The%20Courts/index.html
875 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Founding%20Fathers%20vs%20Modern%20Views/index.html
876 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Gentile%20Confusion/index.html
877 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/God%20Our%20Father/index.html
878 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Power%20of%20Purpose/index.html
879 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%201/index.html
880 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Shining%20as%20a%20Light/index.html
881 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%202/index.html
882 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/There%20Aint%20No%20Baby%20In%20The%20Manger/index.html
883 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Family/index.html
884 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/True%20Believer/index.html
885 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Relatives/index.html
886 + Crawling http://www.whitepridearchives.com./This%20is%20the%20Klan/
887 + Crawling http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/2008-05-23-this-is-the-klan/index.html
888 + Searching for directories...
889 - Found: http://www.whitepridearchives.com./power-pulpid/
890 - Found: http://www.whitepridearchives.com./This%20is%20the%20Klan/
891 - Found: http://www.whitepridearchives.com./welcome-knights-party-video/
892 - Found: http://www.whitepridearchives.com./GMRradio/
893 - Found: http://www.whitepridearchives.com./power-pulpid/flash/
894 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Why%20the%20Knights/
895 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/
896 - Found: http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/
897 - Found: http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/
898 - Found: http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-21-this-is-the-klan/
899 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Lierature%20Distribution%20101/
900 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Never%20Quit/
901 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Standing%20Firm/
902 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Right%20to%20be%20Proud/
903 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Be%20a%20Hero/
904 - Found: http://www.whitepridearchives.com./power-pulpid/flash/The%20Best%20is%20Yet%20to%20Come/
905 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Loving%20You/
906 - Found: http://www.whitepridearchives.com./power-pulpid/flash/The%20Curse/
907 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Assurance%20of%20Victory/
908 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Be%20Faithful/
909 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Dont%20You%20Know%20Who%20You%20Are/
910 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Christian%20Foundation%20of%20America/
911 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Christion%20Reason/
912 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Walls%20and%20Bridges/
913 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Jewish%20Reason/
914 - Found: http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-07-this-is-the-klan/
915 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Christianity%20Destroyed%20Through%20The%20Courts/
916 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Founding%20Fathers%20vs%20Modern%20Views/
917 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Gentile%20Confusion/
918 - Found: http://www.whitepridearchives.com./power-pulpid/flash/God%20Our%20Father/
919 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Power%20of%20Purpose/
920 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%201/
921 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Shining%20as%20a%20Light/
922 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%202/
923 - Found: http://www.whitepridearchives.com./power-pulpid/flash/There%20Aint%20No%20Baby%20In%20The%20Manger/
924 - Found: http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Family/
925 - Found: http://www.whitepridearchives.com./power-pulpid/flash/True%20Believer/
926 - Found: http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Relatives/
927 - Found: http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
928 - Found: http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/2008-05-23-this-is-the-klan/
929 - Found: http://www.whitepridearchives.com./www.whitepridearchives.com/
930 - Found: http://www.whitepridearchives.com./images/
931 - Found: http://www.whitepridearchives.com./playerProductInstall/
932 - Found: http://www.whitepridearchives.com./Political%20Watchdog/
933 - Found: http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
934 - Found: http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
935 + Searching open folders...
936 - http://www.whitepridearchives.com./power-pulpid/ (No Open Folder)
937 - http://www.whitepridearchives.com./This%20is%20the%20Klan/ (No Open Folder)
938 - http://www.whitepridearchives.com./welcome-knights-party-video/
939 >>> Directory indexing at: http://www.whitepridearchives.com./welcome-knights-party-video/
940 - http://www.whitepridearchives.com./GMRradio/ (No Open Folder)
941 - http://www.whitepridearchives.com./power-pulpid/flash/ (No Open Folder)
942 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20the%20Knights/ (No Open Folder)
943 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/ (No Open Folder)
944 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/ (404 Not Found)
945 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/ (404 Not Found)
946 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-21-this-is-the-klan/ (404 Not Found)
947 - http://www.whitepridearchives.com./power-pulpid/flash/Lierature%20Distribution%20101/ (No Open Folder)
948 - http://www.whitepridearchives.com./power-pulpid/flash/Never%20Quit/ (No Open Folder)
949 - http://www.whitepridearchives.com./power-pulpid/flash/Standing%20Firm/ (No Open Folder)
950 - http://www.whitepridearchives.com./power-pulpid/flash/Right%20to%20be%20Proud/ (No Open Folder)
951 - http://www.whitepridearchives.com./power-pulpid/flash/Be%20a%20Hero/ (No Open Folder)
952 - http://www.whitepridearchives.com./power-pulpid/flash/The%20Best%20is%20Yet%20to%20Come/ (No Open Folder)
953 - http://www.whitepridearchives.com./power-pulpid/flash/Loving%20You/ (No Open Folder)
954 - http://www.whitepridearchives.com./power-pulpid/flash/The%20Curse/ (No Open Folder)
955 - http://www.whitepridearchives.com./power-pulpid/flash/Assurance%20of%20Victory/ (No Open Folder)
956 - http://www.whitepridearchives.com./power-pulpid/flash/Be%20Faithful/ (No Open Folder)
957 - http://www.whitepridearchives.com./power-pulpid/flash/Dont%20You%20Know%20Who%20You%20Are/ (No Open Folder)
958 - http://www.whitepridearchives.com./power-pulpid/flash/Christian%20Foundation%20of%20America/ (No Open Folder)
959 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Christion%20Reason/ (No Open Folder)
960 - http://www.whitepridearchives.com./power-pulpid/flash/Walls%20and%20Bridges/ (No Open Folder)
961 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Jewish%20Reason/ (No Open Folder)
962 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-07-this-is-the-klan/ (404 Not Found)
963 - http://www.whitepridearchives.com./power-pulpid/flash/Christianity%20Destroyed%20Through%20The%20Courts/ (No Open Folder)
964 - http://www.whitepridearchives.com./power-pulpid/flash/Founding%20Fathers%20vs%20Modern%20Views/ (No Open Folder)
965 - http://www.whitepridearchives.com./power-pulpid/flash/Gentile%20Confusion/ (No Open Folder)
966 - http://www.whitepridearchives.com./power-pulpid/flash/God%20Our%20Father/ (No Open Folder)
967 - http://www.whitepridearchives.com./power-pulpid/flash/Power%20of%20Purpose/ (No Open Folder)
968 - http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%201/ (No Open Folder)
969 - http://www.whitepridearchives.com./power-pulpid/flash/Shining%20as%20a%20Light/ (No Open Folder)
970 - http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%202/ (No Open Folder)
971 - http://www.whitepridearchives.com./power-pulpid/flash/There%20Aint%20No%20Baby%20In%20The%20Manger/ (No Open Folder)
972 - http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Family/ (No Open Folder)
973 - http://www.whitepridearchives.com./power-pulpid/flash/True%20Believer/ (No Open Folder)
974 - http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Relatives/ (No Open Folder)
975 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
976 >>> Directory indexing at: http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
977 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/2008-05-23-this-is-the-klan/ (No Open Folder)
978 - http://www.whitepridearchives.com./www.whitepridearchives.com/ (404 Not Found)
979 - http://www.whitepridearchives.com./images/
980 >>> Directory indexing at: http://www.whitepridearchives.com./images/
981 - http://www.whitepridearchives.com./playerProductInstall/
982 >>> Directory indexing at: http://www.whitepridearchives.com./playerProductInstall/
983 - http://www.whitepridearchives.com./Political%20Watchdog/ (No Open Folder)
984 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
985 >>> Directory indexing at: http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
986 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
987 >>> Directory indexing at: http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
988 + Crawling directories with indexing:
989 + Crawling http://www.whitepridearchives.com./welcome-knights-party-video/
990 + Crawling http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
991 + Crawling http://www.whitepridearchives.com./images/
992 + Crawling http://www.whitepridearchives.com./playerProductInstall/
993 + Crawling http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
994 + Crawling http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
995 + Crawling directories with indexing finished
996 + Crawl finished successfully.
997----------------------------------------------------------------------
998Summary of http://http://www.whitepridearchives.com.
999----------------------------------------------------------------------
1000+ Links crawled:
1001 - http://www.whitepridearchives.com.
1002 - http://www.whitepridearchives.com./
1003 - http://www.whitepridearchives.com./DynamicFeed.html
1004 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
1005 - http://www.whitepridearchives.com./GMRradio/index.html
1006 - http://www.whitepridearchives.com./LINK Mogulus baldwin2008.html
1007 - http://www.whitepridearchives.com./LINK%20Alex%20Jones%20.html
1008 - http://www.whitepridearchives.com./LINK%20Mogulus%20Ron%20Paul%20Channel.html
1009 - http://www.whitepridearchives.com./LINK%20Mogulus%20baldwin2008.html
1010 - http://www.whitepridearchives.com./LINK%20STORMFRONT%20RADIO.html
1011 - http://www.whitepridearchives.com./LINK%20gcnlive.html
1012 - http://www.whitepridearchives.com./LivePlaylist.html
1013 - http://www.whitepridearchives.com./This%20is%20the%20Klan/
1014 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
1015 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/2008-05-23-this-is-the-klan/index.html
1016 - http://www.whitepridearchives.com./This%20is%20the%20Klan/index.html
1017 - http://www.whitepridearchives.com./images/
1018 - http://www.whitepridearchives.com./playerProductInstall/
1019 - http://www.whitepridearchives.com./power-pulpid/IFRAME%20index.html
1020 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-07-this-is-the-klan/index.html (404 Not Found)
1021 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-21-this-is-the-klan/index.html (404 Not Found)
1022 - http://www.whitepridearchives.com./power-pulpid/flash/Assurance%20of%20Victory/index.html
1023 - http://www.whitepridearchives.com./power-pulpid/flash/Be%20Faithful/index.html
1024 - http://www.whitepridearchives.com./power-pulpid/flash/Be%20a%20Hero/index.html
1025 - http://www.whitepridearchives.com./power-pulpid/flash/Christian%20Foundation%20of%20America/index.html
1026 - http://www.whitepridearchives.com./power-pulpid/flash/Christianity%20Destroyed%20Through%20The%20Courts/index.html
1027 - http://www.whitepridearchives.com./power-pulpid/flash/Dont%20You%20Know%20Who%20You%20Are/index.html
1028 - http://www.whitepridearchives.com./power-pulpid/flash/Founding%20Fathers%20vs%20Modern%20Views/index.html
1029 - http://www.whitepridearchives.com./power-pulpid/flash/Gentile%20Confusion/index.html
1030 - http://www.whitepridearchives.com./power-pulpid/flash/God%20Our%20Father/index.html
1031 - http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%201/index.html
1032 - http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%202/index.html
1033 - http://www.whitepridearchives.com./power-pulpid/flash/Lierature%20Distribution%20101/index.html
1034 - http://www.whitepridearchives.com./power-pulpid/flash/Loving%20You/index.html
1035 - http://www.whitepridearchives.com./power-pulpid/flash/Never%20Quit/index.html
1036 - http://www.whitepridearchives.com./power-pulpid/flash/Power%20of%20Purpose/index.html
1037 - http://www.whitepridearchives.com./power-pulpid/flash/Right%20to%20be%20Proud/index.html
1038 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
1039 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/index.html
1040 - http://www.whitepridearchives.com./power-pulpid/flash/Shining%20as%20a%20Light/index.html
1041 - http://www.whitepridearchives.com./power-pulpid/flash/Standing%20Firm/index.html
1042 - http://www.whitepridearchives.com./power-pulpid/flash/The%20Best%20is%20Yet%20to%20Come/index.html
1043 - http://www.whitepridearchives.com./power-pulpid/flash/The%20Curse/index.html
1044 - http://www.whitepridearchives.com./power-pulpid/flash/There%20Aint%20No%20Baby%20In%20The%20Manger/index.html
1045 - http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Family/index.html
1046 - http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Relatives/index.html
1047 - http://www.whitepridearchives.com./power-pulpid/flash/True%20Believer/index.html
1048 - http://www.whitepridearchives.com./power-pulpid/flash/Walls%20and%20Bridges/index.html
1049 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Christion%20Reason/index.html
1050 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Jewish%20Reason/index.html
1051 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20the%20Knights/index.html
1052 - http://www.whitepridearchives.com./welcome-knights-party-video/
1053 - http://www.whitepridearchives.com./welcome-knights-party-video/welcome-knights-party-video.html
1054 - http://www.whitepridearchives.com./whitepridearchives-ARCHIVED.html
1055 - http://www.whitepridearchives.com./whitepridearchives-headerfram.html
1056 - http://www.whitepridearchives.com./whitepridearchives-menu.html
1057 Total links crawled: 56
1058
1059+ Links to files found:
1060 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-08-truck_roy.mp3
1061 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-david_duke.mp3
1062 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-mark_downey.mp3
1063 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-nordic2005.mp3
1064 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-paul_fromm.mp3
1065 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-rachel_pendergraft.mp3
1066 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-ralph_forbes.mp3
1067 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/stormfront_radio-faith_and_freedom_04-06-2008-thomas_robb.mp3
1068 - http://www.whitepridearchives.com./Political%20Watchdog/stormfront_radio-political_watchdog-04-09-08.mp3
1069 - http://www.whitepridearchives.com./Political%20Watchdog/stormfront_radio-political_watchdog-04-16-08.mp3
1070 - http://www.whitepridearchives.com./Political%20Watchdog/stormfront_radio-political_watchdog-04-23-08.mp3
1071 - http://www.whitepridearchives.com./Political%20Watchdog/stormfront_radio-political_watchdog-04-30-08.mp3
1072 - http://www.whitepridearchives.com./favicon.ico
1073 - http://www.whitepridearchives.com./images/222EagleRedWhiteBlue-r.gif
1074 - http://www.whitepridearchives.com./images/A5889C-md.jpg
1075 - http://www.whitepridearchives.com./images/AlexJonesProductions.jpg
1076 - http://www.whitepridearchives.com./images/AlexJonesProductions2.jpg
1077 - http://www.whitepridearchives.com./images/Banner1.jpg
1078 - http://www.whitepridearchives.com./images/Banner3.jpg
1079 - http://www.whitepridearchives.com./images/Banner4.jpg
1080 - http://www.whitepridearchives.com./images/Banner6.jpg
1081 - http://www.whitepridearchives.com./images/Banner8.jpg
1082 - http://www.whitepridearchives.com./images/Bannerheader.jpg
1083 - http://www.whitepridearchives.com./images/CSA%2520battleflag%2520background.gif
1084 - http://www.whitepridearchives.com./images/CSA%2520battleflag%2520background2.gif
1085 - http://www.whitepridearchives.com./images/Copy%20of%20Global%20Minority%20Report.jpg
1086 - http://www.whitepridearchives.com./images/Copy%20of%20gmr-header3.jpg
1087 - http://www.whitepridearchives.com./images/Copy%20of%20j0234637.gif
1088 - http://www.whitepridearchives.com./images/EagleRedWhiteBlue-L.gif
1089 - http://www.whitepridearchives.com./images/EagleRedWhiteBlue-r.gif
1090 - http://www.whitepridearchives.com./images/Gcs.jpg
1091 - http://www.whitepridearchives.com./images/Global%20Minority%20Report.jpg
1092 - http://www.whitepridearchives.com./images/Listen_Free.gif
1093 - http://www.whitepridearchives.com./images/Political-Watchdog.png
1094 - http://www.whitepridearchives.com./images/Political-Watchdog2.png
1095 - http://www.whitepridearchives.com./images/Political-Watchdog3.png
1096 - http://www.whitepridearchives.com./images/Political-Watchdog4.gif
1097 - http://www.whitepridearchives.com./images/Political-Watchdog4.jpg
1098 - http://www.whitepridearchives.com./images/Political-Watchdog4.png
1099 - http://www.whitepridearchives.com./images/Political-Watchdog6.gif
1100 - http://www.whitepridearchives.com./images/ThomasRobbMinistriesc.jpg
1101 - http://www.whitepridearchives.com./images/Thumbs.db
1102 - http://www.whitepridearchives.com./images/White%20Pride%20Media%20Networks2.gif
1103 - http://www.whitepridearchives.com./images/cooltext48735084.jpg
1104 - http://www.whitepridearchives.com./images/favicon.ico
1105 - http://www.whitepridearchives.com./images/flag_us_2-NoBack.gif
1106 - http://www.whitepridearchives.com./images/flagpaper.jpg
1107 - http://www.whitepridearchives.com./images/get_adobe_flash_player.png
1108 - http://www.whitepridearchives.com./images/globe.gif
1109 - http://www.whitepridearchives.com./images/gmr-footer.jpg
1110 - http://www.whitepridearchives.com./images/gmr-header.jpg
1111 - http://www.whitepridearchives.com./images/gmr-header2.jpg
1112 - http://www.whitepridearchives.com./images/gmr-header3.jpg
1113 - http://www.whitepridearchives.com./images/header.jpg
1114 - http://www.whitepridearchives.com./images/irnwchg81a.gif
1115 - http://www.whitepridearchives.com./images/j0234637.gif
1116 - http://www.whitepridearchives.com./images/j0324804.gif
1117 - http://www.whitepridearchives.com./images/left_h1.gif
1118 - http://www.whitepridearchives.com./images/libert1.jpg
1119 - http://www.whitepridearchives.com./images/main_h17.jpg
1120 - http://www.whitepridearchives.com./images/political_watchdog.jpg
1121 - http://www.whitepridearchives.com./images/pul73.jpg
1122 - http://www.whitepridearchives.com./images/radio-itunes.jpg
1123 - http://www.whitepridearchives.com./images/radio-real.gif
1124 - http://www.whitepridearchives.com./images/radio-winamp.gif
1125 - http://www.whitepridearchives.com./images/radio-windowsmedia.gif
1126 - http://www.whitepridearchives.com./images/sf-radio_sml.jpg
1127 - http://www.whitepridearchives.com./images/wplogo.gif
1128 - http://www.whitepridearchives.com./playerProductInstall/AC_OETags.js
1129 - http://www.whitepridearchives.com./playerProductInstall/playerProductInstall.swf
1130 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/Rudy%20Creek%20Part%202.flv
1131 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/Rudy%20Creek%20Part%202.jpg
1132 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/Rudy%20Creek%20Part%202.swf
1133 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/Rudy%20Creek%20Part%202_FirstFrame.jpg
1134 - http://www.whitepridearchives.com./welcome-knights-party-video/Thumbs.db
1135 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-1.flv
1136 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-1.jpg
1137 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-1.swf
1138 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-1_FirstFrame.jpg
1139 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-2.flv
1140 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-2.jpg
1141 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-2.swf
1142 - http://www.whitepridearchives.com./welcome-knights-party-video/Welcom-to-the-Knights-Party-PART-2_FirstFrame.jpg
1143 - http://www.whitepridearchives.com./www.whitepridearchives.com/favicon.ico
1144 Total links to files: 84
1145
1146+ Externals links found:
1147 - http://chat.parachat.com/images/pc.gif
1148 - http://community.loudcity.com/stations/my-new-station-id-1239/files/show/sfradio-i.pls
1149 - http://community.loudcity.com/stations/my-new-station-id-1239/files/show/sfradio.asx
1150 - http://community.loudcity.com/stations/my-new-station-id-1239/files/show/sfradio.pls
1151 - http://community.loudcity.com/stations/my-new-station-id-1239/files/show/sfradio.ram
1152 - http://prisonplanet.tv/index.html
1153 - http://www.adobe.com/go/getflash/
1154 - http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&promoid=BUIGP
1155 - http://www.baldwin2008tv.com
1156 - http://www.christianidentitychurch.net
1157 - http://www.christianidentitychurch.net/
1158 - http://www.gcnlive.com/ListenLive/realplayerfreeNtwk1.ram
1159 - http://www.gcnlive.com/ListenLive/winampfreeNtwk1.m3u
1160 - http://www.gcnlive.com/ListenLive/windowsmediafreeNtwk1.asx
1161 - http://www.gcnlive.com/index.html
1162 - http://www.globalminorityreport.com
1163 - http://www.globalminorityreport.com/
1164 - http://www.google-analytics.com/urchin.js
1165 - http://www.google.com/jsapi?key=notsupplied-wizard
1166 - http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
1167 - http://www.hitcountersonline.com/count.php?page=412180&style=0505015&nbdigits=7&reloads=1
1168 - http://www.hitcountersonline.com/details.php?page=412180&print_page=http://www.whitepridearchives.com/LivePlaylist.html
1169 - http://www.kkk.bz/
1170 - http://www.mogulus.com/scripts/playerv2.js?channel=baldwin2008&backgroundColor=0x000000&color=0x333333&showviewers=true&chatEnabled=false&initialVolume=8&on=true&width=454&height=389
1171 - http://www.mogulus.com/scripts/playerv2.js?channel=breakthematrix&backgroundColor=0x000000&color=0x333333&showviewers=true&chatEnabled=false&initialVolume=8&on=true&width=454&height=389
1172 - http://www.moseshand.com/
1173 - http://www.nfowars.net:443/stream1.pls
1174 - http://www.prisonplanet.com/
1175 - http://www.stormfront.org
1176 - http://www.whitechristianheritagefestival.org/
1177 - http://www.whiteheritagestore.net
1178 - http://www.whiteheritagestore.net/
1179 - http://www.whitepride.tv/
1180 - http://www.whitepridearchives.com
1181 - http://www.whitepridearchives.com/
1182 - http://www.whitepridearchives.com/favicon.ico
1183 Total external links: 36
1184
1185+ Email addresses found:
1186 Total email address found: 0
1187
1188+ Directories found:
1189 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
1190 - http://www.whitepridearchives.com./GMRradio/ (No open folder)
1191 - http://www.whitepridearchives.com./Political%20Watchdog/ (No open folder)
1192 - http://www.whitepridearchives.com./This%20is%20the%20Klan/ (No open folder)
1193 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
1194 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/2008-05-23-this-is-the-klan/ (No open folder)
1195 - http://www.whitepridearchives.com./images/
1196 - http://www.whitepridearchives.com./playerProductInstall/
1197 - http://www.whitepridearchives.com./power-pulpid/ (No open folder)
1198 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/ (404 Not Found)
1199 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/ (404 Not Found)
1200 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-07-this-is-the-klan/ (404 Not Found)
1201 - http://www.whitepridearchives.com./power-pulpid/This%20is%20the%20Klan/flash/2008-03-21-this-is-the-klan/ (404 Not Found)
1202 - http://www.whitepridearchives.com./power-pulpid/flash/ (No open folder)
1203 - http://www.whitepridearchives.com./power-pulpid/flash/Assurance%20of%20Victory/ (No open folder)
1204 - http://www.whitepridearchives.com./power-pulpid/flash/Be%20Faithful/ (No open folder)
1205 - http://www.whitepridearchives.com./power-pulpid/flash/Be%20a%20Hero/ (No open folder)
1206 - http://www.whitepridearchives.com./power-pulpid/flash/Christian%20Foundation%20of%20America/ (No open folder)
1207 - http://www.whitepridearchives.com./power-pulpid/flash/Christianity%20Destroyed%20Through%20The%20Courts/ (No open folder)
1208 - http://www.whitepridearchives.com./power-pulpid/flash/Dont%20You%20Know%20Who%20You%20Are/ (No open folder)
1209 - http://www.whitepridearchives.com./power-pulpid/flash/Founding%20Fathers%20vs%20Modern%20Views/ (No open folder)
1210 - http://www.whitepridearchives.com./power-pulpid/flash/Gentile%20Confusion/ (No open folder)
1211 - http://www.whitepridearchives.com./power-pulpid/flash/God%20Our%20Father/ (No open folder)
1212 - http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%201/ (No open folder)
1213 - http://www.whitepridearchives.com./power-pulpid/flash/Judgement%20Upon%20the%20Righteus%20PART%202/ (No open folder)
1214 - http://www.whitepridearchives.com./power-pulpid/flash/Lierature%20Distribution%20101/ (No open folder)
1215 - http://www.whitepridearchives.com./power-pulpid/flash/Loving%20You/ (No open folder)
1216 - http://www.whitepridearchives.com./power-pulpid/flash/Never%20Quit/ (No open folder)
1217 - http://www.whitepridearchives.com./power-pulpid/flash/Power%20of%20Purpose/ (No open folder)
1218 - http://www.whitepridearchives.com./power-pulpid/flash/Right%20to%20be%20Proud/ (No open folder)
1219 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/ (No open folder)
1220 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
1221 - http://www.whitepridearchives.com./power-pulpid/flash/Shining%20as%20a%20Light/ (No open folder)
1222 - http://www.whitepridearchives.com./power-pulpid/flash/Standing%20Firm/ (No open folder)
1223 - http://www.whitepridearchives.com./power-pulpid/flash/The%20Best%20is%20Yet%20to%20Come/ (No open folder)
1224 - http://www.whitepridearchives.com./power-pulpid/flash/The%20Curse/ (No open folder)
1225 - http://www.whitepridearchives.com./power-pulpid/flash/There%20Aint%20No%20Baby%20In%20The%20Manger/ (No open folder)
1226 - http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Family/ (No open folder)
1227 - http://www.whitepridearchives.com./power-pulpid/flash/To%20Those%20I%20Love%20My%20Relatives/ (No open folder)
1228 - http://www.whitepridearchives.com./power-pulpid/flash/True%20Believer/ (No open folder)
1229 - http://www.whitepridearchives.com./power-pulpid/flash/Walls%20and%20Bridges/ (No open folder)
1230 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Christion%20Reason/ (No open folder)
1231 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20Jesus%20Died%20-%20The%20Jewish%20Reason/ (No open folder)
1232 - http://www.whitepridearchives.com./power-pulpid/flash/Why%20the%20Knights/ (No open folder)
1233 - http://www.whitepridearchives.com./welcome-knights-party-video/
1234 - http://www.whitepridearchives.com./www.whitepridearchives.com/ (404 Not Found)
1235 Total directories: 46
1236
1237+ Directory indexing found:
1238 - http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
1239 - http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
1240 - http://www.whitepridearchives.com./images/
1241 - http://www.whitepridearchives.com./playerProductInstall/
1242 - http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
1243 - http://www.whitepridearchives.com./welcome-knights-party-video/
1244 Total directories with indexing: 6
1245
1246----------------------------------------------------------------------
1247
1248
1249 + URL to crawl: http://ftp.whitepridearchives.com.
1250 + Date: 2020-02-16
1251
1252 + Crawling URL: http://ftp.whitepridearchives.com.:
1253 + Links:
1254 + Crawling http://ftp.whitepridearchives.com.
1255 + Searching for directories...
1256 - Found: http://ftp.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/
1257 - Found: http://ftp.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/
1258 - Found: http://ftp.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/css/
1259 + Searching open folders...
1260 - http://ftp.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/ (404 Not Found)
1261 - http://ftp.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/ (404 Not Found)
1262 - http://ftp.whitepridearchives.com./d1a6zytsvzb7ig.cloudfront.net/newpanel/css/ (404 Not Found)
1263
1264
1265 + URL to crawl: https://ssh.whitepridearchives.com.
1266 + Date: 2020-02-16
1267
1268 + Crawling URL: https://ssh.whitepridearchives.com.:
1269 + Links:
1270 + Crawling https://ssh.whitepridearchives.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1271 + Searching for directories...
1272 + Searching open folders...
1273
1274
1275 + URL to crawl: https://www.whitepridearchives.com.
1276 + Date: 2020-02-16
1277
1278 + Crawling URL: https://www.whitepridearchives.com.:
1279 + Links:
1280 + Crawling https://www.whitepridearchives.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1281 + Searching for directories...
1282 + Searching open folders...
1283
1284
1285 + URL to crawl: https://ftp.whitepridearchives.com.
1286 + Date: 2020-02-16
1287
1288 + Crawling URL: https://ftp.whitepridearchives.com.:
1289 + Links:
1290 + Crawling https://ftp.whitepridearchives.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1291 + Searching for directories...
1292 + Searching open folders...
1293
1294--Finished--
1295Summary information for domain whitepridearchives.com.
1296-----------------------------------------
1297
1298 Domain Ips Information:
1299 IP: 66.33.205.230
1300 HostName: ns3.dreamhost.com Type: NS
1301 HostName: ns3.dreamhost.com Type: PTR
1302 Country: United States
1303 Is Active: True (echo-reply ttl 41)
1304 Port: 53/tcp open domain? syn-ack ttl 41
1305 Script Info: | fingerprint-strings:
1306 Script Info: | DNSVersionBindReqTCP:
1307 Script Info: | version
1308 Script Info: |_ bind
1309 IP: 64.90.62.230
1310 HostName: ns1.dreamhost.com Type: NS
1311 HostName: ns1.dreamhost.com Type: PTR
1312 Country: United States
1313 Is Active: True (echo-reply ttl 42)
1314 Port: 53/tcp open domain? syn-ack ttl 41
1315 Script Info: | fingerprint-strings:
1316 Script Info: | DNSVersionBindReqTCP:
1317 Script Info: | version
1318 Script Info: |_ bind
1319 IP: 208.97.182.10
1320 HostName: ns2.dreamhost.com Type: NS
1321 HostName: ns2.dreamhost.com Type: PTR
1322 Country: United States
1323 Is Active: True (echo-reply ttl 48)
1324 Port: 53/tcp open domain? syn-ack ttl 49
1325 Script Info: Device type: general purpose|media device|webcam|firewall|load balancer
1326 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Tiandy embedded (90%), Geovision embedded (85%), IPCop 2.X (85%), Kemp embedded (85%)
1327 IP: 69.163.233.4
1328 HostName: www.whitepridearchives.com. Type: A
1329 HostName: ftp.whitepridearchives.com. Type: A
1330 HostName: ps54052.dreamhostps.com Type: PTR
1331 HostName: ssh.whitepridearchives.com. Type: A
1332 Country: United States
1333 Is Active: True (port-unreach ttl 42)
1334 Port: 21/tcp open ftp syn-ack ttl 42 ProFTPD 1.2.10
1335 Port: 22/tcp open ssh syn-ack ttl 42 OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
1336 Script Info: | ssh-hostkey:
1337 Script Info: | 2048 73:3e:fd:9f:b5:91:05:3a:59:de:53:9a:ad:5d:77:92 (RSA)
1338 Script Info: | 256 3d:3e:fb:92:af:0e:69:68:b0:71:18:77:49:c6:55:34 (ECDSA)
1339 Script Info: |_ 256 4f:b5:93:d8:09:7c:a8:0f:42:02:c4:43:23:92:78:a1 (ED25519)
1340 Port: 25/tcp open smtp syn-ack ttl 42 Postfix smtpd
1341 Script Info: |_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1342 Port: 80/tcp open http syn-ack ttl 41 Apache httpd
1343 Script Info: | http-methods:
1344 Script Info: |_ Supported Methods: POST OPTIONS GET HEAD
1345 Script Info: |_http-server-header: Apache
1346 Script Info: |_http-title: Site not found · DreamHost
1347 Port: 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
1348 Script Info: | http-methods:
1349 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1350 Script Info: |_http-server-header: Apache
1351 Script Info: |_http-title: 400 Bad Request
1352 Script Info: | ssl-cert: Subject: commonName=sni.dreamhost.com/organizationName=DreamHost/stateOrProvinceName=California/countryName=US
1353 Script Info: | Issuer: commonName=sni.dreamhost.com/organizationName=DreamHost/stateOrProvinceName=California/countryName=US
1354 Script Info: | Public Key type: rsa
1355 Script Info: | Public Key bits: 2048
1356 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1357 Script Info: | Not valid before: 2015-08-11T18:24:23
1358 Script Info: | Not valid after: 2025-08-08T18:24:23
1359 Script Info: | MD5: df80 e5e1 75da fd00 a477 23e0 e5d6 2cdd
1360 Script Info: |_SHA-1: 8b96 6933 27a2 6e1e 520f 8944 76c5 e7a6 de0c 16f4
1361 Script Info: |_ssl-date: TLS randomness does not represent time
1362 Port: 587/tcp open smtp syn-ack ttl 41 Postfix smtpd
1363 Script Info: |_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1364 Os Info: Host: ps54052.dreamhostps.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel
1365 Open Folders: http://www.whitepridearchives.com./welcome-knights-party-video/
1366 Open Folders: http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
1367 Open Folders: http://www.whitepridearchives.com./images/
1368 Open Folders: http://www.whitepridearchives.com./playerProductInstall/
1369 Open Folders: http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
1370 Open Folders: http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
1371 Open Folders: http://www.whitepridearchives.com./welcome-knights-party-video/
1372 Open Folders: http://www.whitepridearchives.com./This%20is%20the%20Klan/flash/
1373 Open Folders: http://www.whitepridearchives.com./images/
1374 Open Folders: http://www.whitepridearchives.com./playerProductInstall/
1375 Open Folders: http://www.whitepridearchives.com./Faith_and_Freedom%20Conference%20Speeches%2004-06-08/
1376 Open Folders: http://www.whitepridearchives.com./power-pulpid/flash/Rudy%20Creek/Rudy%20Creek%20Part%202/
1377
1378--------------End Summary --------------
1379-----------------------------------------
1380##################################################################################################################################
1381traceroute to whitepridearchives.com (69.163.233.4), 30 hops max, 60 byte packets
1382 1 _gateway (10.203.3.1) 130.589 ms 135.558 ms 135.560 ms
1383 2 * * *
1384 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 135.895 ms 135.926 ms 135.976 ms
1385 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 135.530 ms 135.738 ms 135.711 ms
1386 5 be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 141.094 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190) 140.862 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 141.019 ms
1387 6 be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105) 159.637 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1) 154.269 ms 158.996 ms
1388 7 be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205) 170.702 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209) 170.867 ms 171.042 ms
1389 8 be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41) 262.525 ms 263.444 ms 262.578 ms
1390 9 be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162) 268.329 ms be2099.ccr31.bos01.atlas.cogentco.com (154.54.82.34) 267.063 ms be2490.ccr42.jfk02.atlas.cogentco.com (154.54.42.85) 268.300 ms
139110 be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89) 268.234 ms be2890.ccr22.cle04.atlas.cogentco.com (154.54.82.245) 265.726 ms 262.563 ms
139211 be2878.ccr21.cle04.atlas.cogentco.com (154.54.26.129) 261.007 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 266.586 ms 269.042 ms
139312 be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 260.977 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 263.136 ms 267.650 ms
139413 be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89) 280.816 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165) 279.239 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89) 284.905 ms
139514 be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89) 291.003 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89) 293.748 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89) 290.520 ms
139615 be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145) 302.253 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97) 300.070 ms 295.736 ms
139716 be2085.ccr21.sea02.atlas.cogentco.com (154.54.2.197) 319.675 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110) 315.589 ms be2085.ccr21.sea02.atlas.cogentco.com (154.54.2.197) 314.363 ms
139817 be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78) 323.732 ms 322.146 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158) 323.804 ms
139918 be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158) 324.291 ms 317.364 ms 321.174 ms
140019 38.142.108.114 (38.142.108.114) 315.398 ms 316.736 ms 315.560 ms
140120 pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37) 324.041 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2) 324.561 ms 327.126 ms
140221 ps54052.dreamhostps.com (69.163.233.4) 323.528 ms 328.209 ms 324.471 ms
1403##################################################################################################################################
1404----- whitepridearchives.com -----
1405
1406
1407Host's addresses:
1408__________________
1409
1410whitepridearchives.com. 14060 IN A 69.163.233.4
1411
1412
1413Name Servers:
1414______________
1415
1416ns2.dreamhost.com. 300 IN A 208.97.182.10
1417ns3.dreamhost.com. 300 IN A 66.33.205.230
1418ns1.dreamhost.com. 281 IN A 64.90.62.230
1419
1420
1421Mail (MX) Servers:
1422___________________
1423
1424
1425
1426Brute forcing with /usr/share/dnsenum/dns.txt:
1427_______________________________________________
1428
1429ftp.whitepridearchives.com. 14400 IN A 69.163.233.4
1430ssh.whitepridearchives.com. 14400 IN A 69.163.233.4
1431www.whitepridearchives.com. 14400 IN A 69.163.233.4
1432
1433
1434Launching Whois Queries:
1435_________________________
1436
1437 whois ip result: 69.163.233.0 -> 69.163.128.0/17
1438
1439
1440whitepridearchives.com______________________
1441
1442 69.163.128.0/17
1443
1444#################################################################################################################################
1445dnsenum VERSION:1.2.6
1446
1447----- whitepridearchives.com -----
1448
1449
1450Host's addresses:
1451__________________
1452
1453whitepridearchives.com. 14399 IN A 69.163.233.4
1454
1455
1456Name Servers:
1457______________
1458
1459ns1.dreamhost.com. 138 IN A 64.90.62.230
1460ns2.dreamhost.com. 300 IN A 208.97.182.10
1461ns3.dreamhost.com. 186 IN A 66.33.205.230
1462
1463
1464Mail (MX) Servers:
1465___________________
1466
1467
1468
1469Trying Zone Transfers and getting Bind Versions:
1470_________________________________________________
1471
1472
1473Trying Zone Transfer for whitepridearchives.com on ns1.dreamhost.com ...
1474
1475Trying Zone Transfer for whitepridearchives.com on ns2.dreamhost.com ...
1476
1477Trying Zone Transfer for whitepridearchives.com on ns3.dreamhost.com ...
1478
1479
1480Brute forcing with /usr/share/sniper/wordlists/vhosts.txt:
1481___________________________________________________________
1482
1483ftp.whitepridearchives.com. 14400 IN A 69.163.233.4
1484ssh.whitepridearchives.com. 14400 IN A 69.163.233.4
1485www.whitepridearchives.com. 14400 IN A 69.163.233.4
1486
1487
1488whitepridearchives.com class C netranges:
1489__________________________________________
1490
1491 69.163.233.0/24
1492
1493
1494whitepridearchives.com ip blocks:
1495__________________________________
1496
1497 69.163.233.4/32
1498
1499done.
1500##################################################################################################################################
1501Source:
1502whois.arin.net
1503IP Address:
150469.163.233.4
1505Name:
1506DREAMHOST-BLK9
1507Handle:
1508NET-69-163-128-0-1
1509Registration Date:
15103/27/09
1511Range:
151269.163.128.0-69.163.255.255
1513Org:
1514New Dream Network, LLC
1515Org Handle:
1516NDN
1517Address:
1518417 Associated Rd.
1519City:
1520Brea
1521State/Province:
1522CA
1523Postal Code:
152492821
1525Country:
1526United States
1527Name Servers:
1528##################################################################################################################################
1529Virustotal: www.whitepridearchives.com
1530DNSdumpster: www.whitepridearchives.com
1531Yahoo: www.whitepridearchives.com
1532[-] Saving results to file: /usr/share/sniper/loot/workspace/whitepridearchives.com/domains/domains-whitepridearchives.com.txt
1533[-] Total Unique Subdomains Found: 1
1534www.whitepridearchives.com
1535#################################################################################################################################
1536[*] Processing domain whitepridearchives.com
1537[*] Using system resolvers ['10.101.0.243', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1538[+] Getting nameservers
1539208.97.182.10 - ns2.dreamhost.com
154066.33.205.230 - ns3.dreamhost.com
154164.90.62.230 - ns1.dreamhost.com
1542[-] Zone transfer failed
1543
1544[*] Scanning whitepridearchives.com for A records
154569.163.233.4 - whitepridearchives.com
154669.163.233.4 - ftp.whitepridearchives.com
154769.163.233.4 - ssh.whitepridearchives.com
154869.163.233.4 - www.whitepridearchives.com
1549##################################################################################################################################
1550www.whitepridearchives.com
1551www.whitepridearchives.com
1552domain
1553ftp.whitepridearchives.com
1554ssh.whitepridearchives.com
1555whitepridearchives.com
1556www.whitepridearchives.com
1557#################################################################################################################################
1558[+] whitepridearchives.com has no SPF record!
1559[*] No DMARC record found. Looking for organizational record
1560[+] No organizational DMARC record
1561[+] Spoofing possible for whitepridearchives.com!
1562#################################################################################################################################
1563WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1564Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:16 EST
1565Nmap scan report for whitepridearchives.com (69.163.233.4)
1566Host is up (0.33s latency).
1567rDNS record for 69.163.233.4: ps54052.dreamhostps.com
1568Not shown: 486 closed ports, 4 filtered ports
1569Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1570PORT STATE SERVICE
157121/tcp open ftp
157222/tcp open ssh
157325/tcp open smtp
157480/tcp open http
1575443/tcp open https
1576587/tcp open submission
1577
1578Nmap done: 1 IP address (1 host up) scanned in 3.94 seconds
1579##################################################################################################################################
1580Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:16 EST
1581NSE: Loaded 54 scripts for scanning.
1582NSE: Script Pre-scanning.
1583Initiating NSE at 02:16
1584Completed NSE at 02:16, 0.00s elapsed
1585Initiating NSE at 02:16
1586Completed NSE at 02:16, 0.00s elapsed
1587Initiating Parallel DNS resolution of 1 host. at 02:16
1588Completed Parallel DNS resolution of 1 host. at 02:16, 0.02s elapsed
1589Initiating SYN Stealth Scan at 02:16
1590Scanning whitepridearchives.com (69.163.233.4) [1 port]
1591Discovered open port 21/tcp on 69.163.233.4
1592Completed SYN Stealth Scan at 02:16, 0.36s elapsed (1 total ports)
1593Initiating Service scan at 02:16
1594Scanning 1 service on whitepridearchives.com (69.163.233.4)
1595Completed Service scan at 02:16, 11.96s elapsed (1 service on 1 host)
1596Initiating OS detection (try #1) against whitepridearchives.com (69.163.233.4)
1597Retrying OS detection (try #2) against whitepridearchives.com (69.163.233.4)
1598Initiating Traceroute at 02:16
1599Completed Traceroute at 02:16, 3.33s elapsed
1600Initiating Parallel DNS resolution of 18 hosts. at 02:16
1601Completed Parallel DNS resolution of 18 hosts. at 02:16, 2.54s elapsed
1602NSE: Script scanning 69.163.233.4.
1603Initiating NSE at 02:16
1604NSE Timing: About 70.83% done; ETC: 02:18 (0:00:30 remaining)
1605Completed NSE at 02:18, 90.83s elapsed
1606Initiating NSE at 02:18
1607Completed NSE at 02:18, 0.05s elapsed
1608Nmap scan report for whitepridearchives.com (69.163.233.4)
1609Host is up (0.32s latency).
1610rDNS record for 69.163.233.4: ps54052.dreamhostps.com
1611
1612PORT STATE SERVICE VERSION
161321/tcp open ftp ProFTPD 1.2.10
1614| vulners:
1615| cpe:/a:proftpd:proftpd:1.2.10:
1616| CVE-2011-4130 9.0 https://vulners.com/cve/CVE-2011-4130
1617| CVE-2010-3867 7.1 https://vulners.com/cve/CVE-2010-3867
1618| CVE-2010-4652 6.8 https://vulners.com/cve/CVE-2010-4652
1619| CVE-2019-19272 5.0 https://vulners.com/cve/CVE-2019-19272
1620| CVE-2019-19271 5.0 https://vulners.com/cve/CVE-2019-19271
1621| CVE-2011-1137 5.0 https://vulners.com/cve/CVE-2011-1137
1622| CVE-2008-7265 4.0 https://vulners.com/cve/CVE-2008-7265
1623|_ CVE-2012-6095 1.2 https://vulners.com/cve/CVE-2012-6095
1624Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1625Device type: general purpose|media device|firewall|broadband router|security-misc
1626Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (99%), Tiandy embedded (98%), IPCop 2.X|1.X (97%), D-Link embedded (96%), Draytek embedded (96%)
1627OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:4.9 cpe:/o:ipcop:ipcop:2.0 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:ipcop:ipcop:1.9.19
1628Aggressive OS guesses: Linux 3.18 (99%), Linux 2.6.32 (98%), Linux 3.2 (98%), Tiandy NVR (98%), Linux 4.9 (98%), IPCop 2.0 (Linux 2.6.32) (97%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%), IPCop 1.9.19 or IPFire 2.9 firewall (Linux 2.6.32) (96%)
1629No exact OS matches for host (test conditions non-ideal).
1630Network Distance: 22 hops
1631TCP Sequence Prediction: Difficulty=264 (Good luck!)
1632IP ID Sequence Generation: All zeros
1633
1634TRACEROUTE (using port 21/tcp)
1635HOP RTT ADDRESS
16361 131.30 ms 10.203.3.1
16372 ...
16383 135.33 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
16394 131.38 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
16405 139.79 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
16416 155.59 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
16427 167.84 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
16438 268.60 ms be2182.ccr21.lpl01.atlas.cogentco.com (154.54.77.246)
16449 260.35 ms be2099.ccr31.bos01.atlas.cogentco.com (154.54.82.34)
164510 257.93 ms be3600.ccr22.alb02.atlas.cogentco.com (154.54.0.221)
164611 262.89 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
164712 260.09 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
164813 289.44 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)
164914 297.05 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
165015 294.46 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
165116 323.71 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
165217 320.92 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
165318 322.32 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
165419 322.92 ms 38.142.108.114
165520 321.96 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
165621 322.79 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
165722 318.07 ms ps54052.dreamhostps.com (69.163.233.4)
1658
1659NSE: Script Post-scanning.
1660Initiating NSE at 02:18
1661Completed NSE at 02:18, 0.00s elapsed
1662Initiating NSE at 02:18
1663Completed NSE at 02:18, 0.00s elapsed
1664##################################################################################################################################
1665# general
1666(gen) banner: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
1667(gen) software: OpenSSH 6.6.1p1
1668(gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
1669(gen) compression: enabled (zlib@openssh.com)
1670
1671# key exchange algorithms
1672(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1673(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1674 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1675(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1676 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1677(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1678 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1679(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1680 `- [info] available since OpenSSH 4.4
1681(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1682 `- [warn] using weak hashing algorithm
1683 `- [info] available since OpenSSH 2.3.0
1684(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1685 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1686(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1687 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1688 `- [warn] using small 1024-bit modulus
1689 `- [warn] using weak hashing algorithm
1690 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1691
1692# host-key algorithms
1693(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1694(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1695 `- [warn] using weak random number generator could reveal the key
1696 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1697(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1698
1699# encryption algorithms (ciphers)
1700(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1701(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1702(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1703(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1704 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1705 `- [warn] using weak cipher
1706 `- [info] available since OpenSSH 4.2
1707(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1708 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1709 `- [warn] using weak cipher
1710 `- [info] available since OpenSSH 4.2
1711(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1712(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1713(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1714 `- [info] default cipher since OpenSSH 6.9.
1715(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1716 `- [warn] using weak cipher mode
1717 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1718(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1719 `- [warn] using weak cipher
1720 `- [warn] using weak cipher mode
1721 `- [warn] using small 64-bit block size
1722 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1723(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1724 `- [fail] disabled since Dropbear SSH 0.53
1725 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1726 `- [warn] using weak cipher mode
1727 `- [warn] using small 64-bit block size
1728 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1729(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1730 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1731 `- [warn] using weak cipher mode
1732 `- [warn] using small 64-bit block size
1733 `- [info] available since OpenSSH 2.1.0
1734(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1735 `- [warn] using weak cipher mode
1736 `- [info] available since OpenSSH 2.3.0
1737(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1738 `- [warn] using weak cipher mode
1739 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1740(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1741 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1742 `- [warn] using weak cipher
1743 `- [info] available since OpenSSH 2.1.0
1744(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1745 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1746 `- [warn] using weak cipher mode
1747 `- [info] available since OpenSSH 2.3.0
1748
1749# message authentication code algorithms
1750(mac) hmac-md5-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1751 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1752 `- [warn] using weak hashing algorithm
1753 `- [info] available since OpenSSH 6.2
1754(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1755 `- [info] available since OpenSSH 6.2
1756(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1757 `- [info] available since OpenSSH 6.2
1758(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1759(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1760(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1761(mac) hmac-ripemd160-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1762 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1763 `- [info] available since OpenSSH 6.2
1764(mac) hmac-sha1-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1765 `- [warn] using weak hashing algorithm
1766 `- [info] available since OpenSSH 6.2
1767(mac) hmac-md5-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1768 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1769 `- [warn] using weak hashing algorithm
1770 `- [info] available since OpenSSH 6.2
1771(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1772 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1773 `- [warn] using encrypt-and-MAC mode
1774 `- [warn] using weak hashing algorithm
1775 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1776(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1777 `- [warn] using weak hashing algorithm
1778 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1779(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1780 `- [warn] using small 64-bit tag size
1781 `- [info] available since OpenSSH 4.7
1782(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1783 `- [info] available since OpenSSH 6.2
1784(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1785 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1786(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1787 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1788(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1789 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1790 `- [warn] using encrypt-and-MAC mode
1791 `- [info] available since OpenSSH 2.5.0
1792(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1793 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1794 `- [warn] using encrypt-and-MAC mode
1795 `- [info] available since OpenSSH 2.1.0
1796(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1797 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1798 `- [warn] using encrypt-and-MAC mode
1799 `- [warn] using weak hashing algorithm
1800 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1801(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1802 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1803 `- [warn] using encrypt-and-MAC mode
1804 `- [warn] using weak hashing algorithm
1805 `- [info] available since OpenSSH 2.5.0
1806
1807# algorithm recommendations (for OpenSSH 6.6.1)
1808(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1809(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1810(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1811(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1812(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1813(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1814(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1815(rec) -arcfour -- enc algorithm to remove
1816(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1817(rec) -blowfish-cbc -- enc algorithm to remove
1818(rec) -3des-cbc -- enc algorithm to remove
1819(rec) -aes256-cbc -- enc algorithm to remove
1820(rec) -arcfour256 -- enc algorithm to remove
1821(rec) -cast128-cbc -- enc algorithm to remove
1822(rec) -aes192-cbc -- enc algorithm to remove
1823(rec) -arcfour128 -- enc algorithm to remove
1824(rec) -aes128-cbc -- enc algorithm to remove
1825(rec) -hmac-sha2-512 -- mac algorithm to remove
1826(rec) -hmac-md5-96 -- mac algorithm to remove
1827(rec) -hmac-md5-etm@openssh.com -- mac algorithm to remove
1828(rec) -hmac-sha1-96-etm@openssh.com -- mac algorithm to remove
1829(rec) -hmac-ripemd160-etm@openssh.com -- mac algorithm to remove
1830(rec) -hmac-md5-96-etm@openssh.com -- mac algorithm to remove
1831(rec) -hmac-sha2-256 -- mac algorithm to remove
1832(rec) -hmac-ripemd160 -- mac algorithm to remove
1833(rec) -umac-128@openssh.com -- mac algorithm to remove
1834(rec) -hmac-sha1-96 -- mac algorithm to remove
1835(rec) -umac-64@openssh.com -- mac algorithm to remove
1836(rec) -hmac-md5 -- mac algorithm to remove
1837(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1838(rec) -hmac-sha1 -- mac algorithm to remove
1839(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1840(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1841###################################################################################################################################
1842Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:19 EST
1843NSE: Loaded 51 scripts for scanning.
1844NSE: Script Pre-scanning.
1845Initiating NSE at 02:19
1846Completed NSE at 02:19, 0.00s elapsed
1847Initiating NSE at 02:19
1848Completed NSE at 02:19, 0.00s elapsed
1849Initiating Parallel DNS resolution of 1 host. at 02:19
1850Completed Parallel DNS resolution of 1 host. at 02:19, 0.02s elapsed
1851Initiating SYN Stealth Scan at 02:19
1852Scanning whitepridearchives.com (69.163.233.4) [1 port]
1853Discovered open port 22/tcp on 69.163.233.4
1854Completed SYN Stealth Scan at 02:19, 0.35s elapsed (1 total ports)
1855Initiating Service scan at 02:19
1856Scanning 1 service on whitepridearchives.com (69.163.233.4)
1857Completed Service scan at 02:19, 0.64s elapsed (1 service on 1 host)
1858Initiating OS detection (try #1) against whitepridearchives.com (69.163.233.4)
1859Retrying OS detection (try #2) against whitepridearchives.com (69.163.233.4)
1860Initiating Traceroute at 02:19
1861Completed Traceroute at 02:19, 3.48s elapsed
1862Initiating Parallel DNS resolution of 18 hosts. at 02:19
1863Completed Parallel DNS resolution of 18 hosts. at 02:19, 8.57s elapsed
1864NSE: Script scanning 69.163.233.4.
1865Initiating NSE at 02:19
1866NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: root:root
1867NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: admin:admin
1868NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: administrator:administrator
1869NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: webadmin:webadmin
1870NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: sysadmin:sysadmin
1871NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: netadmin:netadmin
1872NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: guest:guest
1873NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: user:user
1874NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: web:web
1875NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: test:test
1876NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: root:
1877NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: admin:
1878NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: administrator:
1879NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: webadmin:
1880NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: sysadmin:
1881NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: netadmin:
1882NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: guest:
1883NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: user:
1884NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: web:
1885NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: test:
1886NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: root:123456
1887NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: admin:123456
1888NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: administrator:123456
1889NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: webadmin:123456
1890NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: sysadmin:123456
1891NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: netadmin:123456
1892NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: guest:123456
1893NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: user:123456
1894NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: web:123456
1895NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: test:123456
1896NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: root:12345
1897NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: admin:12345
1898NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: administrator:12345
1899NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: webadmin:12345
1900NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: sysadmin:12345
1901NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: netadmin:12345
1902NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: guest:12345
1903NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: user:12345
1904NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: web:12345
1905NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: test:12345
1906NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: root:123456789
1907NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: admin:123456789
1908NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: administrator:123456789
1909NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: webadmin:123456789
1910NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: sysadmin:123456789
1911NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: netadmin:123456789
1912NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: guest:123456789
1913NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: user:123456789
1914NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: web:123456789
1915NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: test:123456789
1916NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: root:password
1917NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: admin:password
1918NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: administrator:password
1919NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: webadmin:password
1920NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: sysadmin:password
1921NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: netadmin:password
1922NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: guest:password
1923NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: user:password
1924NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: web:password
1925NSE: [ssh-brute 69.163.233.4:22] Trying username/password pair: test:password
1926Completed NSE at 02:20, 90.27s elapsed
1927Initiating NSE at 02:20
1928Completed NSE at 02:20, 0.05s elapsed
1929Nmap scan report for whitepridearchives.com (69.163.233.4)
1930Host is up (0.32s latency).
1931rDNS record for 69.163.233.4: ps54052.dreamhostps.com
1932
1933PORT STATE SERVICE VERSION
193422/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
1935|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
1936| ssh-hostkey:
1937| 256 3d:3e:fb:92:af:0e:69:68:b0:71:18:77:49:c6:55:34 (ECDSA)
1938| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMfpzJSRXVYFX1o9BP5UiK4qsskLr6sKWaodWlgVSxP4vPagpIotcX5HTgA7PhXyFRE4yaLrQ+QF/36k5IXTZfs=
1939| 256 4f:b5:93:d8:09:7c:a8:0f:42:02:c4:43:23:92:78:a1 (ED25519)
1940|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIN9nWpEsFOWLrqXPDUOzdU8Xt2ZotriL2qe99WIklZz
1941|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
1942|_ssh-run: ERROR: Script execution failed (use -d to debug)
1943Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1944Device type: general purpose|firewall|media device|broadband router|security-misc
1945Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (99%), IPCop 2.X|1.X (98%), Tiandy embedded (98%), D-Link embedded (96%), Draytek embedded (96%)
1946OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:ipcop:ipcop:1.9.19
1947Aggressive OS guesses: Linux 4.9 (99%), Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 2.6.32 (98%), Linux 3.2 (98%), Tiandy NVR (98%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%), IPCop 1.9.19 or IPFire 2.9 firewall (Linux 2.6.32) (96%)
1948No exact OS matches for host (test conditions non-ideal).
1949Network Distance: 22 hops
1950TCP Sequence Prediction: Difficulty=260 (Good luck!)
1951IP ID Sequence Generation: All zeros
1952Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1953
1954TRACEROUTE (using port 22/tcp)
1955HOP RTT ADDRESS
19561 129.85 ms 10.203.3.1
19572 ...
19583 130.56 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
19594 129.89 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
19605 135.96 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
19616 152.69 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
19627 165.10 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
19638 256.97 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
19649 265.87 ms be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162)
196510 258.11 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
196611 262.18 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
196712 260.88 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
196813 277.94 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
196914 300.68 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
197015 321.90 ms 154.54.89.101
197116 319.73 ms 154.54.89.101
197217 329.12 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
197318 326.95 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
197419 315.33 ms 38.142.108.114
197520 320.56 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
197621 ...
197722 322.05 ms ps54052.dreamhostps.com (69.163.233.4)
1978
1979NSE: Script Post-scanning.
1980Initiating NSE at 02:20
1981Completed NSE at 02:20, 0.00s elapsed
1982Initiating NSE at 02:20
1983Completed NSE at 02:20, 0.00s elapsed
1984Read data files from: /usr/bin/../share/nmap
1985OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1986Nmap done: 1 IP address (1 host up) scanned in 110.90 seconds
1987 Raw packets sent: 103 (6.632KB) | Rcvd: 259 (49.148KB)
1988#################################################################################################################################
1989USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1990RHOSTS => whitepridearchives.com
1991RHOST => whitepridearchives.com
1992[*] 69.163.233.4:22 - SSH - Using malformed packet technique
1993[*] 69.163.233.4:22 - SSH - Starting scan
1994[+] 69.163.233.4:22 - SSH - User 'admin' found
1995[+] 69.163.233.4:22 - SSH - User 'administrator' found
1996[+] 69.163.233.4:22 - SSH - User 'anonymous' found
1997[+] 69.163.233.4:22 - SSH - User 'backup' found
1998[+] 69.163.233.4:22 - SSH - User 'bee' round
1999[+] 69.163.233.4:22 - SSH - User 'ftp' found
2000[+] 69.163.233.4:22 - SSH - User 'guest' found
2001[+] 69.163.233.4:22 - SSH - User 'GUEST' found
2002[+] 69.163.233.4:22 - SSH - User 'info' found
2003[+] 69.163.233.4:22 - SSH - User 'mail' found
2004[+] 69.163.233.4:22 - SSH - User 'mailadmin' found
2005[+] 69.163.233.4:22 - SSH - User 'msfadmin' found
2006[+] 69.163.233.4:22 - SSH - User 'mysql' found
2007[+] 69.163.233.4:22 - SSH - User 'nobody' found
2008[+] 69.163.233.4:22 - SSH - User 'oracle' found
2009[+] 69.163.233.4:22 - SSH - User 'owaspbwa' found
2010[+] 69.163.233.4:22 - SSH - User 'postfix' found
2011[+] 69.163.233.4:22 - SSH - User 'postgres' found
2012[+] 69.163.233.4:22 - SSH - User 'private' found
2013[+] 69.163.233.4:22 - SSH - User 'proftpd' found
2014[+] 69.163.233.4:22 - SSH - User 'public' found
2015[+] 69.163.233.4:22 - SSH - User 'root' found
2016[+] 69.163.233.4:22 - SSH - User 'superadmin' found
2017[+] 69.163.233.4:22 - SSH - User 'support' found
2018[+] 69.163.233.4:22 - SSH - User 'sys' found
2019[+] 69.163.233.4:22 - SSH - User 'system' found
2020[+] 69.163.233.4:22 - SSH - User 'systemadmin' found
2021[+] 69.163.233.4:22 - SSH - User 'systemadministrator' found
2022[+] 69.163.233.4:22 - SSH - User 'test' found
2023[+] 69.163.233.4:22 - SSH - User 'tomcat' found
2024[+] 69.163.233.4:22 - SSH - User 'user' found
2025[+] 69.163.233.4:22 - SSH - User 'webmaster' found
2026[+] 69.163.233.4:22 - SSH - User 'www-data' found
2027[+] 69.163.233.4:22 - SSH - User 'Fortimanager_Access' found
2028[*] Scanned 1 of 1 hosts (100% complete)
2029[*] Auxiliary module execution completed
2030##################################################################################################################################
2031Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:22 EST
2032NSE: Loaded 55 scripts for scanning.
2033NSE: Script Pre-scanning.
2034Initiating NSE at 02:22
2035Completed NSE at 02:22, 0.00s elapsed
2036Initiating NSE at 02:22
2037Completed NSE at 02:22, 0.00s elapsed
2038Initiating Parallel DNS resolution of 1 host. at 02:22
2039Completed Parallel DNS resolution of 1 host. at 02:22, 0.02s elapsed
2040Initiating SYN Stealth Scan at 02:22
2041Scanning whitepridearchives.com (69.163.233.4) [1 port]
2042Discovered open port 25/tcp on 69.163.233.4
2043Completed SYN Stealth Scan at 02:22, 0.36s elapsed (1 total ports)
2044Initiating Service scan at 02:22
2045Scanning 1 service on whitepridearchives.com (69.163.233.4)
2046Completed Service scan at 02:22, 14.80s elapsed (1 service on 1 host)
2047Initiating OS detection (try #1) against whitepridearchives.com (69.163.233.4)
2048Retrying OS detection (try #2) against whitepridearchives.com (69.163.233.4)
2049Initiating Traceroute at 02:23
2050Completed Traceroute at 02:23, 3.47s elapsed
2051Initiating Parallel DNS resolution of 20 hosts. at 02:23
2052Completed Parallel DNS resolution of 20 hosts. at 02:23, 5.79s elapsed
2053NSE: Script scanning 69.163.233.4.
2054Initiating NSE at 02:23
2055Completed NSE at 02:23, 34.56s elapsed
2056Initiating NSE at 02:23
2057Completed NSE at 02:23, 0.00s elapsed
2058Nmap scan report for whitepridearchives.com (69.163.233.4)
2059Host is up (0.32s latency).
2060rDNS record for 69.163.233.4: ps54052.dreamhostps.com
2061
2062PORT STATE SERVICE VERSION
206325/tcp open smtp Postfix smtpd
2064|_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2065| smtp-enum-users:
2066|_ Method RCPT returned a unhandled status code.
2067|_smtp-open-relay: Server doesn't seem to be an open relay, all tests failed
2068| smtp-vuln-cve2010-4344:
2069|_ The SMTP server is not Exim: NOT VULNERABLE
2070Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2071Device type: general purpose|firewall|media device|broadband router|security-misc
2072Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (99%), IPCop 2.X|1.X (98%), Tiandy embedded (98%), D-Link embedded (96%), Draytek embedded (96%)
2073OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:ipcop:ipcop:1.9.19
2074Aggressive OS guesses: Linux 4.9 (99%), Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 2.6.32 (98%), Linux 3.2 (98%), Tiandy NVR (98%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%), IPCop 1.9.19 or IPFire 2.9 firewall (Linux 2.6.32) (96%)
2075No exact OS matches for host (test conditions non-ideal).
2076Network Distance: 22 hops
2077TCP Sequence Prediction: Difficulty=261 (Good luck!)
2078IP ID Sequence Generation: All zeros
2079
2080TRACEROUTE (using port 25/tcp)
2081HOP RTT ADDRESS
20821 130.46 ms 10.203.3.1
20832 ...
20843 130.66 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
20854 130.49 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
20865 135.90 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
20876 154.61 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
20887 163.62 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
20898 258.33 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41)
20909 263.70 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38)
209110 267.30 ms be2890.ccr22.cle04.atlas.cogentco.com (154.54.82.245)
209211 255.86 ms be2878.ccr21.cle04.atlas.cogentco.com (154.54.26.129)
209312 263.94 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
209413 275.16 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
209514 287.42 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
209615 298.03 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
209716 321.36 ms 154.54.89.101
209817 328.23 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
209918 329.22 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
210019 326.88 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
210120 320.79 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
210221 317.98 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
210322 313.11 ms ps54052.dreamhostps.com (69.163.233.4)
2104
2105NSE: Script Post-scanning.
2106Initiating NSE at 02:23
2107Completed NSE at 02:23, 0.00s elapsed
2108Initiating NSE at 02:23
2109Completed NSE at 02:23, 0.00s elapsed
2110##################################################################################################################################
2111HTTP/1.1 200 OK
2112Date: Sun, 16 Feb 2020 07:28:17 GMT
2113Server: Apache
2114Last-Modified: Fri, 18 Jul 2008 01:37:35 GMT
2115ETag: "2ffc-4524266ed75c0"
2116Accept-Ranges: bytes
2117Content-Length: 12284
2118Vary: Accept-Encoding
2119Content-Type: text/html
2120
2121Allow: POST,OPTIONS,GET,HEAD
2122#################################################################################################################################
2123<!--- META TO MAKE FRAME LOAD AT TOP - NETSCAPE ONLY ----->
2124 <body bgcolor="#FFFFFF" text="#000000" link="#3399FF" vlink="#666666" alink="#FF9900"><!--mstheme--><font face="Verdana, Arial, Helvetica">
2125 <!--mstheme--></font></body>
2126################################################################################################################################
2127http://whitepridearchives.com [200 OK] Apache, Country[UNITED STATES][US], Email[mail@christianidentitychurch.net], Frame, HTTPServer[Apache], IP[69.163.233.4], Meta-Author[Mark IMS], Script, Title[White Pride News and Entertainment]
2128##################################################################################################################################
2129
2130wig - WebApp Information Gatherer
2131
2132
2133Scanning http://whitepridearchives.com...
2134_____________________ SITE INFO _____________________
2135IP Title
213669.163.233.4 White Pride News and Entertainment
2137
2138______________________ VERSION ______________________
2139Name Versions Type
2140Apache Platform
2141
2142____________________ INTERESTING ____________________
2143URL Note Type
2144/robots.txt robots.txt index Interesting
2145
2146_____________________________________________________
2147Time: 67.5 sec Urls: 606 Fingerprints: 40401
2148#############################################################################################################################
2149Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:29 EST
2150NSE: Loaded 161 scripts for scanning.
2151NSE: Script Pre-scanning.
2152Initiating NSE at 02:29
2153Completed NSE at 02:29, 0.00s elapsed
2154Initiating NSE at 02:29
2155Completed NSE at 02:29, 0.00s elapsed
2156Initiating Parallel DNS resolution of 1 host. at 02:29
2157Completed Parallel DNS resolution of 1 host. at 02:29, 0.02s elapsed
2158Initiating SYN Stealth Scan at 02:29
2159Scanning whitepridearchives.com (69.163.233.4) [1 port]
2160Discovered open port 80/tcp on 69.163.233.4
2161Completed SYN Stealth Scan at 02:29, 0.35s elapsed (1 total ports)
2162Initiating Service scan at 02:29
2163Scanning 1 service on whitepridearchives.com (69.163.233.4)
2164Completed Service scan at 02:30, 6.67s elapsed (1 service on 1 host)
2165Initiating OS detection (try #1) against whitepridearchives.com (69.163.233.4)
2166Retrying OS detection (try #2) against whitepridearchives.com (69.163.233.4)
2167Initiating Traceroute at 02:30
2168Completed Traceroute at 02:30, 3.47s elapsed
2169Initiating Parallel DNS resolution of 18 hosts. at 02:30
2170Completed Parallel DNS resolution of 18 hosts. at 02:30, 2.52s elapsed
2171NSE: Script scanning 69.163.233.4.
2172Initiating NSE at 02:30
2173Completed NSE at 02:31, 90.20s elapsed
2174Initiating NSE at 02:31
2175Completed NSE at 02:31, 1.31s elapsed
2176Nmap scan report for whitepridearchives.com (69.163.233.4)
2177Host is up (0.32s latency).
2178rDNS record for 69.163.233.4: ps54052.dreamhostps.com
2179
2180PORT STATE SERVICE VERSION
218180/tcp open http Apache httpd
2182|_http-backup-finder: ERROR: Script execution failed (use -d to debug)
2183| http-brute:
2184|_ Path "/" does not require authentication
2185|_http-chrono: Request times for /; avg: 921.63ms; min: 853.20ms; max: 1048.92ms
2186|_http-csrf: Couldn't find any CSRF vulnerabilities.
2187|_http-date: Sun, 16 Feb 2020 07:30:16 GMT; -1s from local time.
2188|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2189| http-dombased-xss:
2190| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=whitepridearchives.com
2191| Found the following indications of potential DOM based XSS:
2192|
2193| Source: window.open('http://chat.parachat.com/chat/login.html?room=gmr&width=600&height=400&bg=EFEFEF&lang=en', 'parachat', 'width=600,height=400,location=no,menubar=no')
2194|_ Pages: http://whitepridearchives.com:80/whitepridearchives-menu.html
2195|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2196|_http-errors: ERROR: Script execution failed (use -d to debug)
2197|_http-feed: Couldn't find any feeds.
2198|_http-fetch: Please enter the complete path of the directory to save data in.
2199| http-fileupload-exploiter:
2200|
2201|_ Couldn't find a file-type field.
2202| http-grep:
2203| (1) http://whitepridearchives.com:80/:
2204| (1) email:
2205| + mail@christianidentitychurch.net
2206| (8) http://whitepridearchives.com:80/LivePlaylist.html:
2207| (8) email:
2208| + martin@irt.org
2209| + privacy@Mogulus.com
2210| + feedback@mogulus.com
2211| + jobs@mogulus.com
2212| + pro@mogulus.com
2213| + advertise@mogulus.com
2214| + partners@mogulus.com
2215|_ + takedown@mogulus.com
2216| http-headers:
2217| Date: Sun, 16 Feb 2020 07:30:24 GMT
2218| Server: Apache
2219| Last-Modified: Fri, 18 Jul 2008 01:37:35 GMT
2220| ETag: "2ffc-4524266ed75c0"
2221| Accept-Ranges: bytes
2222| Content-Length: 12284
2223| Vary: Accept-Encoding
2224| Connection: close
2225| Content-Type: text/html
2226| X-Pad: avoid browser bug
2227|
2228|_ (Request type: HEAD)
2229| http-methods:
2230|_ Supported Methods: POST OPTIONS GET HEAD
2231|_http-mobileversion-checker: No mobile version detected.
2232| http-php-version: Logo query returned unknown hash 5c6196e69a5482fb45c58c269485aede
2233|_Credits query returned unknown hash 5c6196e69a5482fb45c58c269485aede
2234| http-robots.txt: 6 disallowed entries
2235| http://www.whitepridearchives.com/GMRradio/flash/
2236| http://www.whitepridearchives.com/This is the Klan/flash/ http://www.whitepridearchives.com/playerProductInstall/flash/
2237|_http://www.whitepridearchives.com/Political Watchdog/flash/ /cgi-bin/ /tmp/
2238|_http-security-headers:
2239|_http-server-header: Apache
2240| http-sitemap-generator:
2241| Directory structure:
2242| /
2243| Other: 1; html: 8; ico: 1
2244| /GMRradio/
2245| html: 1
2246| /images/
2247| gif: 2; jpg: 3; png: 1
2248| Longest directory structure:
2249| Depth: 1
2250| Dir: /images/
2251| Total files found (by extension):
2252|_ Other: 1; gif: 2; html: 9; ico: 1; jpg: 3; png: 1
2253|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2254|_http-title: White Pride News and Entertainment
2255| http-vhosts:
2256|_127 names had status 200
2257| http-waf-detect: IDS/IPS/WAF detected:
2258|_whitepridearchives.com:80/?p4yl04d=../../../../../../../../../../../../../../../../../etc/passwd
2259|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2260|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2261|_http-xssed: No previously reported XSS vuln.
2262Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2263Device type: general purpose|firewall|media device|broadband router|security-misc
2264Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (99%), IPCop 2.X|1.X (98%), Tiandy embedded (97%), D-Link embedded (96%), Draytek embedded (96%)
2265OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/o:linux:linux_kernel:4.9 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:ipcop:ipcop:1.9.19
2266Aggressive OS guesses: Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 4.9 (98%), Linux 2.6.32 (97%), Linux 3.2 (97%), Tiandy NVR (97%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%), IPCop 1.9.19 or IPFire 2.9 firewall (Linux 2.6.32) (96%)
2267No exact OS matches for host (test conditions non-ideal).
2268Network Distance: 22 hops
2269TCP Sequence Prediction: Difficulty=256 (Good luck!)
2270IP ID Sequence Generation: All zeros
2271
2272TRACEROUTE (using port 80/tcp)
2273HOP RTT ADDRESS
22741 132.93 ms 10.203.3.1
22752 ...
22763 135.29 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
22774 131.51 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
22785 140.92 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
22796 159.29 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
22807 169.53 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
22818 255.80 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
22829 265.08 ms be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162)
228310 255.47 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
228411 259.62 ms be2879.ccr22.cle04.atlas.cogentco.com (154.54.29.173)
228512 274.94 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
228613 274.38 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
228714 301.82 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
228815 316.05 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110)
228916 313.22 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110)
229017 326.25 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
229118 320.26 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
229219 317.60 ms 38.142.108.114
229320 325.45 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
229421 317.29 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
229522 317.52 ms ps54052.dreamhostps.com (69.163.233.4)
2296
2297NSE: Script Post-scanning.
2298Initiating NSE at 02:31
2299Completed NSE at 02:31, 0.00s elapsed
2300Initiating NSE at 02:31
2301Completed NSE at 02:31, 0.00s elapsed
2302#############################################################################################################################
2303------------------------------------------------------------------------------------------------------------------------
2304
2305[ ! ] Starting SCANNER INURLBR 2.1 at [16-02-2020 02:43:23]
2306[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
2307It is the end user's responsibility to obey all applicable local, state and federal laws.
2308Developers assume no liability and are not responsible for any misuse or damage caused by this program
2309
2310[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/whitepridearchives.com/output/inurlbr-whitepridearchives.com ]
2311[ INFO ][ DORK ]::[ site:whitepridearchives.com ]
2312[ INFO ][ SEARCHING ]:: {
2313[ INFO ][ ENGINE ]::[ GOOGLE - www.google.ch ]
2314
2315[ INFO ][ SEARCHING ]::
2316-[:::]
2317[ INFO ][ ENGINE ]::[ GOOGLE API ]
2318
2319[ INFO ][ SEARCHING ]::
2320-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2321[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.ru ID: 012873187529719969291:yexdhbzntue ]
2322
2323[ INFO ][ SEARCHING ]::
2324-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2325
2326[ INFO ][ TOTAL FOUND VALUES ]:: [ 12 ]
2327
2328
2329 _[ - ]::--------------------------------------------------------------------------------------------------------------
2330|_[ + ] [ 0 / 12 ]-[02:43:41] [ - ]
2331|_[ + ] Target:: [ http://www.whitepridearchives.com/ ]
2332|_[ + ] Exploit::
2333|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:69.163.233.4:80
2334|_[ + ] More details:: / - / , ISP:
2335|_[ + ] Found:: UNIDENTIFIED
2336
2337 _[ - ]::--------------------------------------------------------------------------------------------------------------
2338|_[ + ] [ 1 / 12 ]-[02:43:42] [ - ]
2339|_[ + ] Target:: [ http://www.whitepridearchives.com/GMRradio/ ]
2340|_[ + ] Exploit::
2341|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:69.163.233.4:80
2342|_[ + ] More details:: / - / , ISP:
2343|_[ + ] Found:: UNIDENTIFIED
2344
2345 _[ - ]::--------------------------------------------------------------------------------------------------------------
2346|_[ + ] [ 2 / 12 ]-[02:43:44] [ - ]
2347|_[ + ] Target:: [ http://www.whitepridearchives.com/LivePlaylist.html ]
2348|_[ + ] Exploit::
2349|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:69.163.233.4:80
2350|_[ + ] More details:: / - / , ISP:
2351|_[ + ] Found:: UNIDENTIFIED
2352
2353 _[ - ]::--------------------------------------------------------------------------------------------------------------
2354|_[ + ] [ 3 / 12 ]-[02:43:45] [ - ]
2355|_[ + ] Target:: [ http://www.whitepridearchives.com/whitepridearchives-ARCHIVED.html ]
2356|_[ + ] Exploit::
2357|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:69.163.233.4:80
2358|_[ + ] More details:: / - / , ISP:
2359|_[ + ] Found:: UNIDENTIFIED
2360
2361 _[ - ]::--------------------------------------------------------------------------------------------------------------
2362|_[ + ] [ 4 / 12 ]-[02:43:47] [ - ]
2363|_[ + ] Target:: [ http://www.whitepridearchives.com/This is the Klan/ ]
2364|_[ + ] Exploit::
2365|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2366|_[ + ] More details:: / - / , ISP:
2367|_[ + ] Found:: UNIDENTIFIED
2368
2369 _[ - ]::--------------------------------------------------------------------------------------------------------------
2370|_[ + ] [ 5 / 12 ]-[02:43:48] [ - ]
2371|_[ + ] Target:: [ http://www.whitepridearchives.com/power-pulpid/flash/Be Faithful/index.html ]
2372|_[ + ] Exploit::
2373|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2374|_[ + ] More details:: / - / , ISP:
2375|_[ + ] Found:: UNIDENTIFIED
2376
2377 _[ - ]::--------------------------------------------------------------------------------------------------------------
2378|_[ + ] [ 6 / 12 ]-[02:43:50] [ - ]
2379|_[ + ] Target:: [ http://www.whitepridearchives.com/power-pulpid/IFRAME index.html ]
2380|_[ + ] Exploit::
2381|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2382|_[ + ] More details:: / - / , ISP:
2383|_[ + ] Found:: UNIDENTIFIED
2384
2385 _[ - ]::--------------------------------------------------------------------------------------------------------------
2386|_[ + ] [ 7 / 12 ]-[02:43:51] [ - ]
2387|_[ + ] Target:: [ http://www.whitepridearchives.com/LINK STORMFRONT RADIO.html ]
2388|_[ + ] Exploit::
2389|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2390|_[ + ] More details:: / - / , ISP:
2391|_[ + ] Found:: UNIDENTIFIED
2392
2393 _[ - ]::--------------------------------------------------------------------------------------------------------------
2394|_[ + ] [ 8 / 12 ]-[02:43:52] [ - ]
2395|_[ + ] Target:: [ http://www.whitepridearchives.com/power-pulpid/flash/To Those I Love My Relatives/index.html ]
2396|_[ + ] Exploit::
2397|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2398|_[ + ] More details:: / - / , ISP:
2399|_[ + ] Found:: UNIDENTIFIED
2400
2401 _[ - ]::--------------------------------------------------------------------------------------------------------------
2402|_[ + ] [ 9 / 12 ]-[02:43:54] [ - ]
2403|_[ + ] Target:: [ http://www.whitepridearchives.com/power-pulpid/flash/The Best is Yet to Come/index.html ]
2404|_[ + ] Exploit::
2405|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2406|_[ + ] More details:: / - / , ISP:
2407|_[ + ] Found:: UNIDENTIFIED
2408
2409 _[ - ]::--------------------------------------------------------------------------------------------------------------
2410|_[ + ] [ 10 / 12 ]-[02:43:55] [ - ]
2411|_[ + ] Target:: [ http://www.whitepridearchives.com/LINK Alex Jones .html ]
2412|_[ + ] Exploit::
2413|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache , IP:69.163.233.4:80
2414|_[ + ] More details:: / - / , ISP:
2415|_[ + ] Found:: UNIDENTIFIED
2416
2417 _[ - ]::--------------------------------------------------------------------------------------------------------------
2418|_[ + ] [ 11 / 12 ]-[02:43:57] [ - ]
2419|_[ + ] Target:: [ http://www.whitepridearchives.com/welcome-knights-party-video/welcome-knights-party-video.html ]
2420|_[ + ] Exploit::
2421|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:69.163.233.4:80
2422|_[ + ] More details:: / - / , ISP:
2423|_[ + ] Found:: UNIDENTIFIED
2424
2425[ INFO ] [ Shutting down ]
2426[ INFO ] [ End of process INURLBR at [16-02-2020 02:43:57]
2427[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
2428[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/whitepridearchives.com/output/inurlbr-whitepridearchives.com ]
2429|_________________________________________________________________________________________
2430
2431\_________________________________________________________________________________________/
2432#############################################################################################################################
2433Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:44 EST
2434NSE: Loaded 161 scripts for scanning.
2435NSE: Script Pre-scanning.
2436Initiating NSE at 02:44
2437Completed NSE at 02:44, 0.00s elapsed
2438Initiating NSE at 02:44
2439Completed NSE at 02:44, 0.00s elapsed
2440Initiating Parallel DNS resolution of 1 host. at 02:44
2441Completed Parallel DNS resolution of 1 host. at 02:44, 0.03s elapsed
2442Initiating SYN Stealth Scan at 02:44
2443Scanning whitepridearchives.com (69.163.233.4) [1 port]
2444Discovered open port 443/tcp on 69.163.233.4
2445Completed SYN Stealth Scan at 02:44, 0.37s elapsed (1 total ports)
2446Initiating Service scan at 02:44
2447Scanning 1 service on whitepridearchives.com (69.163.233.4)
2448Completed Service scan at 02:44, 14.62s elapsed (1 service on 1 host)
2449Initiating OS detection (try #1) against whitepridearchives.com (69.163.233.4)
2450Retrying OS detection (try #2) against whitepridearchives.com (69.163.233.4)
2451Initiating Traceroute at 02:44
2452Completed Traceroute at 02:44, 3.47s elapsed
2453Initiating Parallel DNS resolution of 18 hosts. at 02:44
2454Completed Parallel DNS resolution of 18 hosts. at 02:44, 2.52s elapsed
2455NSE: Script scanning 69.163.233.4.
2456Initiating NSE at 02:44
2457Completed NSE at 02:46, 90.31s elapsed
2458Initiating NSE at 02:46
2459Completed NSE at 02:46, 2.62s elapsed
2460Nmap scan report for whitepridearchives.com (69.163.233.4)
2461Host is up (0.32s latency).
2462rDNS record for 69.163.233.4: ps54052.dreamhostps.com
2463
2464PORT STATE SERVICE VERSION
2465443/tcp open ssl/ssl Apache httpd (SSL-only mode)
2466| http-brute:
2467|_ Path "/" does not require authentication
2468|_http-chrono: Request times for /; avg: 1478.99ms; min: 1445.32ms; max: 1507.28ms
2469|_http-csrf: Couldn't find any CSRF vulnerabilities.
2470|_http-date: Sun, 16 Feb 2020 07:45:00 GMT; -1s from local time.
2471|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2472|_http-dombased-xss: Couldn't find any DOM based XSS.
2473|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2474|_http-errors: Couldn't find any error pages.
2475|_http-feed: Couldn't find any feeds.
2476|_http-fetch: Please enter the complete path of the directory to save data in.
2477| http-headers:
2478| Date: Sun, 16 Feb 2020 07:45:20 GMT
2479| Server: Apache
2480| Last-Modified: Thu, 18 Apr 2019 18:54:24 GMT
2481| ETag: "301-586d287d9b800"
2482| Accept-Ranges: bytes
2483| Content-Length: 769
2484| Connection: close
2485| Content-Type: text/html
2486|
2487|_ (Request type: HEAD)
2488|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2489| http-methods:
2490|_ Supported Methods: POST OPTIONS GET HEAD
2491|_http-mobileversion-checker: No mobile version detected.
2492| http-security-headers:
2493| Strict_Transport_Security:
2494|_ HSTS not configured in HTTPS Server
2495|_http-server-header: Apache
2496| http-sitemap-generator:
2497| Directory structure:
2498| /
2499| Other: 1
2500| Longest directory structure:
2501| Depth: 0
2502| Dir: /
2503| Total files found (by extension):
2504|_ Other: 1
2505|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2506|_http-title: 400 Bad Request
2507| http-vhosts:
2508|_127 names had status 400
2509|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2510|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2511|_http-xssed: No previously reported XSS vuln.
2512Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2513Device type: general purpose|firewall|media device|broadband router|security-misc
2514Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (99%), IPCop 2.X|1.X (98%), Tiandy embedded (98%), D-Link embedded (96%), Draytek embedded (96%)
2515OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/o:linux:linux_kernel:4.9 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:ipcop:ipcop:1.9.19
2516Aggressive OS guesses: Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 2.6.32 (98%), Tiandy NVR (98%), Linux 4.9 (98%), Linux 3.2 (97%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%), IPCop 1.9.19 or IPFire 2.9 firewall (Linux 2.6.32) (96%)
2517No exact OS matches for host (test conditions non-ideal).
2518Network Distance: 22 hops
2519TCP Sequence Prediction: Difficulty=260 (Good luck!)
2520IP ID Sequence Generation: All zeros
2521
2522TRACEROUTE (using port 443/tcp)
2523HOP RTT ADDRESS
25241 128.95 ms 10.203.3.1
25252 ...
25263 131.76 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
25274 131.41 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
25285 137.74 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
25296 156.33 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
25307 164.47 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
25318 256.98 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
25329 260.85 ms be2099.ccr31.bos01.atlas.cogentco.com (154.54.82.34)
253310 264.01 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
253411 260.11 ms be2879.ccr22.cle04.atlas.cogentco.com (154.54.29.173)
253512 274.39 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
253613 274.62 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
253714 299.53 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
253815 318.23 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110)
253916 313.81 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110)
254017 323.80 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
254118 324.18 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
254219 322.02 ms 38.142.108.114
254320 329.43 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
254421 321.45 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
254522 317.90 ms ps54052.dreamhostps.com (69.163.233.4)
2546
2547NSE: Script Post-scanning.
2548Initiating NSE at 02:46
2549Completed NSE at 02:46, 0.00s elapsed
2550Initiating NSE at 02:46
2551Completed NSE at 02:46, 0.00s elapsed
2552#######################################################################################################################################
2553Version: 1.11.13-static
2554OpenSSL 1.0.2-chacha (1.0.2g-dev)
2555
2556Connected to 69.163.233.4
2557
2558Testing SSL server whitepridearchives.com on port 443 using SNI name whitepridearchives.com
2559
2560 TLS Fallback SCSV:
2561Server supports TLS Fallback SCSV
2562
2563 TLS renegotiation:
2564Session renegotiation not supported
2565
2566 TLS Compression:
2567Compression disabled
2568
2569 Heartbleed:
2570TLS 1.2 not vulnerable to heartbleed
2571TLS 1.1 not vulnerable to heartbleed
2572TLS 1.0 not vulnerable to heartbleed
2573
2574 Supported Server Cipher(s):
2575Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2576Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2577Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2578Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2579Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2580Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2581Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2582Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2583Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
2584Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2585Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2586Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2587Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2588Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2589Accepted TLSv1.2 128 bits AES128-SHA256
2590Accepted TLSv1.2 128 bits AES128-SHA
2591Accepted TLSv1.2 256 bits AES256-SHA256
2592Accepted TLSv1.2 256 bits AES256-SHA
2593Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2594Accepted TLSv1.2 256 bits CAMELLIA256-SHA
2595Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2596Accepted TLSv1.2 128 bits CAMELLIA128-SHA
2597Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2598Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2599Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2600Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2601Accepted TLSv1.1 128 bits AES128-SHA
2602Accepted TLSv1.1 256 bits AES256-SHA
2603Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2604Accepted TLSv1.1 256 bits CAMELLIA256-SHA
2605Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2606Accepted TLSv1.1 128 bits CAMELLIA128-SHA
2607
2608 SSL Certificate:
2609Signature Algorithm: sha256WithRSAEncryption
2610RSA Key Strength: 2048
2611
2612Subject: sni.dreamhost.com
2613Issuer: sni.dreamhost.com
2614
2615Not valid before: Aug 11 18:24:23 2015 GMT
2616Not valid after: Aug 8 18:24:23 2025 GMT
2617##################################################################################################################################
2618Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:09 EST
2619Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
2620Host is up (0.30s latency).
2621Not shown: 466 closed ports, 4 filtered ports
2622Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2623PORT STATE SERVICE VERSION
262421/tcp open ftp ProFTPD
262522/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
2626| ssh-hostkey:
2627| 2048 73:3e:fd:9f:b5:91:05:3a:59:de:53:9a:ad:5d:77:92 (RSA)
2628| 256 3d:3e:fb:92:af:0e:69:68:b0:71:18:77:49:c6:55:34 (ECDSA)
2629|_ 256 4f:b5:93:d8:09:7c:a8:0f:42:02:c4:43:23:92:78:a1 (ED25519)
263025/tcp open smtp Postfix smtpd
2631|_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
263280/tcp open http Apache httpd
2633|_http-server-header: Apache
2634|_http-title: Site not found · DreamHost
2635443/tcp open ssl/http Apache httpd
2636|_http-server-header: Apache
2637|_http-title: 400 Bad Request
2638| ssl-cert: Subject: commonName=sni.dreamhost.com/organizationName=DreamHost/stateOrProvinceName=California/countryName=US
2639| Not valid before: 2015-08-11T18:24:23
2640|_Not valid after: 2025-08-08T18:24:23
2641|_ssl-date: TLS randomness does not represent time
2642587/tcp open smtp Postfix smtpd
2643|_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2644Aggressive OS guesses: Linux 2.6.32 (94%), Tiandy NVR (94%), Linux 3.18 (94%), Linux 4.9 (93%), Android 5.0.1 (93%), IPCop 2.0 (Linux 2.6.32) (93%), IPCop 2 firewall (Linux 3.4) (93%), Linux 3.2 (93%), D-Link DSL-2890AL ADSL router (92%), Draytek Vigor 2960 VPN firewall (92%)
2645No exact OS matches for host (test conditions non-ideal).
2646Network Distance: 22 hops
2647Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2648
2649TRACEROUTE (using port 21/tcp)
2650HOP RTT ADDRESS
26511 129.89 ms 10.203.3.1
26522 ...
26533 134.21 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
26544 134.03 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
26555 135.62 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
26566 154.43 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
26577 163.20 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
26588 254.89 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
26599 263.83 ms be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162)
266010 266.76 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
266111 266.25 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
266212 267.92 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
266313 280.75 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
266414 292.81 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)
266515 301.59 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
266616 325.14 ms 154.54.89.101
266717 328.55 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
266818 325.20 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
266919 317.21 ms 38.142.108.114
267020 320.81 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
267121 316.89 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
267222 314.80 ms ps54052.dreamhostps.com (69.163.233.4)
2673####################################################################################################################################
2674Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:10 EST
2675Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
2676Host is up (0.29s latency).
2677Not shown: 21 closed ports
2678PORT STATE SERVICE VERSION
267967/udp open|filtered dhcps
268069/udp open|filtered tftp
268188/udp open|filtered kerberos-sec
2682123/udp open|filtered ntp
2683138/udp open|filtered netbios-dgm
2684139/udp open|filtered netbios-ssn
2685162/udp open|filtered snmptrap
2686Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2687Device type: phone|broadband router|storage-misc|WAP|general purpose
2688Running: Google Android 5.X, Linksys embedded, Linux 2.4.X|2.6.X, TP-LINK embedded
2689OS CPE: cpe:/o:google:android:5.0.1 cpe:/h:linksys:wrv200 cpe:/h:linksys:nas200 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:tp-link:tl-wa801nd
2690OS details: Android 5.0.1, Linksys WRV200 wireless broadband router, Linksys NAS200 NAS device, DD-WRT v24-sp2 (Linux 2.4.36), Linux 2.6.22 (Kubuntu, x86), Linux 2.6.25 (openSUSE 11.0), Linux 2.6.32, TP-LINK TL-WA801ND WAP (Linux 2.6.36)
2691Network Distance: 22 hops
2692
2693TRACEROUTE (using port 389/udp)
2694HOP RTT ADDRESS
26951 131.59 ms 10.203.3.1
26962 ...
26973 134.90 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
26984 134.87 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
26995 140.26 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
27006 155.15 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.10
27017 168.04 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
27028 263.67 ms be2183.ccr22.lpl01.atlas.cogentco.com (154.54.58.69)
27039 271.34 ms be3043.ccr22.ymq01.atlas.cogentco.com (154.54.44.166)
270410 265.71 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89)
270511 265.88 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
270612 260.78 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
270713 278.54 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
270814 296.68 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
270915 297.84 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
271016 325.39 ms be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150)
271117 327.64 ms be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150)
271218 327.26 ms 38.142.108.114
271319 325.63 ms 38.142.108.114
271420 333.26 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
271521 331.01 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
271622 325.18 ms ps54052.dreamhostps.com (69.163.233.4)
2717####################################################################################################################################
2718Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:11 EST
2719NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
2720NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
2721NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
2722Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
2723Host is up (0.29s latency).
2724
2725PORT STATE SERVICE VERSION
272621/tcp open ftp ProFTPD 1.2.10
2727| ftp-brute:
2728| Accounts: No valid accounts found
2729|_ Statistics: Performed 2465 guesses in 181 seconds, average tps: 13.3
2730Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2731Device type: general purpose|firewall|media device|broadband router|security-misc
2732Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (99%), IPCop 2.X (98%), Tiandy embedded (98%), D-Link embedded (96%), Draytek embedded (96%)
2733OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:4.9 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20
2734Aggressive OS guesses: Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 2.6.32 (98%), IPCop 2 firewall (Linux 3.4) (98%), Linux 3.2 (98%), Tiandy NVR (98%), Linux 4.9 (98%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%)
2735No exact OS matches for host (test conditions non-ideal).
2736Network Distance: 21 hops
2737
2738TRACEROUTE (using port 21/tcp)
2739HOP RTT ADDRESS
27401 130.29 ms 10.203.3.1
27412 ...
27423 134.85 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
27434 130.68 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
27445 137.15 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
27456 157.07 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
27467 168.47 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
27478 262.76 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41)
27489 259.73 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38)
274910 266.05 ms be2890.ccr22.cle04.atlas.cogentco.com (154.54.82.245)
275011 264.83 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
275112 258.03 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
275213 277.59 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
275314 290.57 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
275415 297.00 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145)
275516 313.41 ms be3284.ccr22.sea02.atlas.cogentco.com (154.54.44.73)
275617 319.02 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
275718 324.61 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
275819 321.82 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
275920 327.25 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
276021 321.43 ms ps54052.dreamhostps.com (69.163.233.4)
2761#####################################################################################################################################
2762# general
2763(gen) banner: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
2764(gen) software: OpenSSH 6.6.1p1
2765(gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
2766(gen) compression: enabled (zlib@openssh.com)
2767
2768# key exchange algorithms
2769(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
2770(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
2771 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2772(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
2773 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2774(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
2775 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2776(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
2777 `- [info] available since OpenSSH 4.4
2778(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2779 `- [warn] using weak hashing algorithm
2780 `- [info] available since OpenSSH 2.3.0
2781(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
2782 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2783(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2784 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
2785 `- [warn] using small 1024-bit modulus
2786 `- [warn] using weak hashing algorithm
2787 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2788
2789# host-key algorithms
2790(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2791(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
2792 `- [warn] using weak random number generator could reveal the key
2793 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2794(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
2795
2796# encryption algorithms (ciphers)
2797(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2798(enc) aes192-ctr -- [info] available since OpenSSH 3.7
2799(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2800(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2801 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2802 `- [warn] using weak cipher
2803 `- [info] available since OpenSSH 4.2
2804(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2805 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2806 `- [warn] using weak cipher
2807 `- [info] available since OpenSSH 4.2
2808(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
2809(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
2810(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
2811 `- [info] default cipher since OpenSSH 6.9.
2812(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2813 `- [warn] using weak cipher mode
2814 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2815(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2816 `- [warn] using weak cipher
2817 `- [warn] using weak cipher mode
2818 `- [warn] using small 64-bit block size
2819 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2820(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2821 `- [fail] disabled since Dropbear SSH 0.53
2822 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2823 `- [warn] using weak cipher mode
2824 `- [warn] using small 64-bit block size
2825 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2826(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2827 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2828 `- [warn] using weak cipher mode
2829 `- [warn] using small 64-bit block size
2830 `- [info] available since OpenSSH 2.1.0
2831(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2832 `- [warn] using weak cipher mode
2833 `- [info] available since OpenSSH 2.3.0
2834(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2835 `- [warn] using weak cipher mode
2836 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
2837(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2838 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2839 `- [warn] using weak cipher
2840 `- [info] available since OpenSSH 2.1.0
2841(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2842 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2843 `- [warn] using weak cipher mode
2844 `- [info] available since OpenSSH 2.3.0
2845
2846# message authentication code algorithms
2847(mac) hmac-md5-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2848 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2849 `- [warn] using weak hashing algorithm
2850 `- [info] available since OpenSSH 6.2
2851(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
2852 `- [info] available since OpenSSH 6.2
2853(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
2854 `- [info] available since OpenSSH 6.2
2855(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
2856(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
2857(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
2858(mac) hmac-ripemd160-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2859 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2860 `- [info] available since OpenSSH 6.2
2861(mac) hmac-sha1-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2862 `- [warn] using weak hashing algorithm
2863 `- [info] available since OpenSSH 6.2
2864(mac) hmac-md5-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2865 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2866 `- [warn] using weak hashing algorithm
2867 `- [info] available since OpenSSH 6.2
2868(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2869 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2870 `- [warn] using encrypt-and-MAC mode
2871 `- [warn] using weak hashing algorithm
2872 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2873(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
2874 `- [warn] using weak hashing algorithm
2875 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2876(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
2877 `- [warn] using small 64-bit tag size
2878 `- [info] available since OpenSSH 4.7
2879(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
2880 `- [info] available since OpenSSH 6.2
2881(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
2882 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2883(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
2884 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2885(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2886 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2887 `- [warn] using encrypt-and-MAC mode
2888 `- [info] available since OpenSSH 2.5.0
2889(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2890 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2891 `- [warn] using encrypt-and-MAC mode
2892 `- [info] available since OpenSSH 2.1.0
2893(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2894 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2895 `- [warn] using encrypt-and-MAC mode
2896 `- [warn] using weak hashing algorithm
2897 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
2898(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2899 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2900 `- [warn] using encrypt-and-MAC mode
2901 `- [warn] using weak hashing algorithm
2902 `- [info] available since OpenSSH 2.5.0
2903
2904# algorithm recommendations (for OpenSSH 6.6.1)
2905(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
2906(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
2907(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
2908(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
2909(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
2910(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
2911(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
2912(rec) -arcfour -- enc algorithm to remove
2913(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
2914(rec) -blowfish-cbc -- enc algorithm to remove
2915(rec) -3des-cbc -- enc algorithm to remove
2916(rec) -aes256-cbc -- enc algorithm to remove
2917(rec) -arcfour256 -- enc algorithm to remove
2918(rec) -cast128-cbc -- enc algorithm to remove
2919(rec) -aes192-cbc -- enc algorithm to remove
2920(rec) -arcfour128 -- enc algorithm to remove
2921(rec) -aes128-cbc -- enc algorithm to remove
2922(rec) -hmac-sha2-512 -- mac algorithm to remove
2923(rec) -hmac-md5-96 -- mac algorithm to remove
2924(rec) -hmac-md5-etm@openssh.com -- mac algorithm to remove
2925(rec) -hmac-sha1-96-etm@openssh.com -- mac algorithm to remove
2926(rec) -hmac-ripemd160-etm@openssh.com -- mac algorithm to remove
2927(rec) -hmac-md5-96-etm@openssh.com -- mac algorithm to remove
2928(rec) -hmac-sha2-256 -- mac algorithm to remove
2929(rec) -hmac-ripemd160 -- mac algorithm to remove
2930(rec) -umac-128@openssh.com -- mac algorithm to remove
2931(rec) -hmac-sha1-96 -- mac algorithm to remove
2932(rec) -umac-64@openssh.com -- mac algorithm to remove
2933(rec) -hmac-md5 -- mac algorithm to remove
2934(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
2935(rec) -hmac-sha1 -- mac algorithm to remove
2936(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
2937(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
2938####################################################################################################################################
2939Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:16 EST
2940NSE: [ssh-run] Failed to specify credentials and command to run.
2941NSE: [ssh-brute] Trying username/password pair: root:root
2942NSE: [ssh-brute] Trying username/password pair: admin:admin
2943NSE: [ssh-brute] Trying username/password pair: administrator:administrator
2944NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
2945NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
2946NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
2947NSE: [ssh-brute] Trying username/password pair: guest:guest
2948NSE: [ssh-brute] Trying username/password pair: user:user
2949NSE: [ssh-brute] Trying username/password pair: web:web
2950NSE: [ssh-brute] Trying username/password pair: test:test
2951NSE: [ssh-brute] Trying username/password pair: root:
2952NSE: [ssh-brute] Trying username/password pair: admin:
2953NSE: [ssh-brute] Trying username/password pair: administrator:
2954NSE: [ssh-brute] Trying username/password pair: webadmin:
2955NSE: [ssh-brute] Trying username/password pair: sysadmin:
2956NSE: [ssh-brute] Trying username/password pair: netadmin:
2957NSE: [ssh-brute] Trying username/password pair: guest:
2958NSE: [ssh-brute] Trying username/password pair: user:
2959NSE: [ssh-brute] Trying username/password pair: web:
2960NSE: [ssh-brute] Trying username/password pair: test:
2961NSE: [ssh-brute] Trying username/password pair: root:123456
2962NSE: [ssh-brute] Trying username/password pair: admin:123456
2963NSE: [ssh-brute] Trying username/password pair: administrator:123456
2964NSE: [ssh-brute] Trying username/password pair: webadmin:123456
2965NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
2966NSE: [ssh-brute] Trying username/password pair: netadmin:123456
2967NSE: [ssh-brute] Trying username/password pair: guest:123456
2968NSE: [ssh-brute] Trying username/password pair: user:123456
2969NSE: [ssh-brute] Trying username/password pair: web:123456
2970NSE: [ssh-brute] Trying username/password pair: test:123456
2971NSE: [ssh-brute] Trying username/password pair: root:12345
2972NSE: [ssh-brute] Trying username/password pair: admin:12345
2973NSE: [ssh-brute] Trying username/password pair: administrator:12345
2974NSE: [ssh-brute] Trying username/password pair: webadmin:12345
2975NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
2976NSE: [ssh-brute] Trying username/password pair: netadmin:12345
2977NSE: [ssh-brute] Trying username/password pair: guest:12345
2978NSE: [ssh-brute] Trying username/password pair: user:12345
2979NSE: [ssh-brute] Trying username/password pair: web:12345
2980NSE: [ssh-brute] Trying username/password pair: test:12345
2981NSE: [ssh-brute] Trying username/password pair: root:123456789
2982NSE: [ssh-brute] Trying username/password pair: admin:123456789
2983NSE: [ssh-brute] Trying username/password pair: administrator:123456789
2984NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
2985NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
2986NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
2987NSE: [ssh-brute] Trying username/password pair: guest:123456789
2988NSE: [ssh-brute] Trying username/password pair: user:123456789
2989NSE: [ssh-brute] Trying username/password pair: web:123456789
2990NSE: [ssh-brute] Trying username/password pair: test:123456789
2991NSE: [ssh-brute] Trying username/password pair: root:password
2992NSE: [ssh-brute] Trying username/password pair: admin:password
2993NSE: [ssh-brute] Trying username/password pair: administrator:password
2994NSE: [ssh-brute] Trying username/password pair: webadmin:password
2995NSE: [ssh-brute] Trying username/password pair: sysadmin:password
2996NSE: [ssh-brute] Trying username/password pair: netadmin:password
2997NSE: [ssh-brute] Trying username/password pair: guest:password
2998NSE: [ssh-brute] Trying username/password pair: user:password
2999NSE: [ssh-brute] Trying username/password pair: web:password
3000NSE: [ssh-brute] Trying username/password pair: test:password
3001NSE: [ssh-brute] Trying username/password pair: root:iloveyou
3002NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
3003NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
3004NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
3005NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
3006NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
3007NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
3008NSE: [ssh-brute] Trying username/password pair: user:iloveyou
3009NSE: [ssh-brute] Trying username/password pair: web:iloveyou
3010NSE: [ssh-brute] Trying username/password pair: test:iloveyou
3011NSE: [ssh-brute] Trying username/password pair: root:princess
3012NSE: [ssh-brute] Trying username/password pair: admin:princess
3013NSE: [ssh-brute] Trying username/password pair: administrator:princess
3014NSE: [ssh-brute] Trying username/password pair: webadmin:princess
3015NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
3016NSE: [ssh-brute] Trying username/password pair: netadmin:princess
3017NSE: [ssh-brute] Trying username/password pair: guest:princess
3018NSE: [ssh-brute] Trying username/password pair: user:princess
3019NSE: [ssh-brute] Trying username/password pair: web:princess
3020NSE: [ssh-brute] Trying username/password pair: test:princess
3021NSE: [ssh-brute] Trying username/password pair: root:12345678
3022NSE: [ssh-brute] Trying username/password pair: admin:12345678
3023NSE: [ssh-brute] Trying username/password pair: administrator:12345678
3024NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
3025NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
3026NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
3027NSE: [ssh-brute] Trying username/password pair: guest:12345678
3028NSE: [ssh-brute] Trying username/password pair: user:12345678
3029NSE: [ssh-brute] Trying username/password pair: web:12345678
3030NSE: [ssh-brute] Trying username/password pair: test:12345678
3031NSE: [ssh-brute] Trying username/password pair: root:1234567
3032NSE: [ssh-brute] Trying username/password pair: admin:1234567
3033NSE: [ssh-brute] Trying username/password pair: administrator:1234567
3034NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
3035NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
3036NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
3037NSE: [ssh-brute] Trying username/password pair: guest:1234567
3038NSE: [ssh-brute] Trying username/password pair: user:1234567
3039NSE: [ssh-brute] Trying username/password pair: web:1234567
3040NSE: [ssh-brute] Trying username/password pair: test:1234567
3041NSE: [ssh-brute] Trying username/password pair: root:abc123
3042NSE: [ssh-brute] Trying username/password pair: admin:abc123
3043NSE: [ssh-brute] Trying username/password pair: administrator:abc123
3044NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
3045NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
3046NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
3047NSE: [ssh-brute] Trying username/password pair: guest:abc123
3048NSE: [ssh-brute] Trying username/password pair: user:abc123
3049NSE: [ssh-brute] Trying username/password pair: web:abc123
3050NSE: [ssh-brute] Trying username/password pair: test:abc123
3051NSE: [ssh-brute] Trying username/password pair: root:nicole
3052NSE: [ssh-brute] Trying username/password pair: admin:nicole
3053NSE: [ssh-brute] Trying username/password pair: administrator:nicole
3054NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
3055NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
3056NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
3057NSE: [ssh-brute] Trying username/password pair: guest:nicole
3058NSE: [ssh-brute] Trying username/password pair: user:nicole
3059NSE: [ssh-brute] Trying username/password pair: web:nicole
3060NSE: [ssh-brute] Trying username/password pair: test:nicole
3061NSE: [ssh-brute] Trying username/password pair: root:daniel
3062NSE: [ssh-brute] Trying username/password pair: admin:daniel
3063NSE: [ssh-brute] Trying username/password pair: administrator:daniel
3064NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
3065NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
3066NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
3067NSE: [ssh-brute] Trying username/password pair: guest:daniel
3068NSE: [ssh-brute] Trying username/password pair: user:daniel
3069NSE: [ssh-brute] Trying username/password pair: web:daniel
3070NSE: [ssh-brute] Trying username/password pair: test:daniel
3071NSE: [ssh-brute] Trying username/password pair: root:monkey
3072NSE: [ssh-brute] Trying username/password pair: admin:monkey
3073NSE: [ssh-brute] Trying username/password pair: administrator:monkey
3074NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
3075NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
3076NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
3077NSE: [ssh-brute] Trying username/password pair: guest:monkey
3078NSE: [ssh-brute] Trying username/password pair: user:monkey
3079NSE: [ssh-brute] Trying username/password pair: web:monkey
3080NSE: [ssh-brute] Trying username/password pair: test:monkey
3081NSE: [ssh-brute] Trying username/password pair: root:babygirl
3082NSE: [ssh-brute] Trying username/password pair: admin:babygirl
3083NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
3084NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
3085NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
3086NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
3087NSE: [ssh-brute] Trying username/password pair: guest:babygirl
3088NSE: [ssh-brute] Trying username/password pair: user:babygirl
3089NSE: [ssh-brute] Trying username/password pair: web:babygirl
3090NSE: [ssh-brute] Trying username/password pair: test:babygirl
3091NSE: [ssh-brute] Trying username/password pair: root:qwerty
3092NSE: [ssh-brute] Trying username/password pair: admin:qwerty
3093NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
3094NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
3095NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
3096NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
3097NSE: [ssh-brute] Trying username/password pair: guest:qwerty
3098NSE: [ssh-brute] Trying username/password pair: user:qwerty
3099NSE: [ssh-brute] Trying username/password pair: web:qwerty
3100NSE: [ssh-brute] Trying username/password pair: test:qwerty
3101NSE: [ssh-brute] Trying username/password pair: root:lovely
3102NSE: [ssh-brute] Trying username/password pair: admin:lovely
3103NSE: [ssh-brute] Trying username/password pair: administrator:lovely
3104NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
3105NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
3106NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
3107NSE: [ssh-brute] Trying username/password pair: guest:lovely
3108NSE: [ssh-brute] Trying username/password pair: user:lovely
3109NSE: [ssh-brute] Trying username/password pair: web:lovely
3110NSE: [ssh-brute] Trying username/password pair: test:lovely
3111NSE: [ssh-brute] Trying username/password pair: root:654321
3112NSE: [ssh-brute] Trying username/password pair: admin:654321
3113NSE: [ssh-brute] Trying username/password pair: administrator:654321
3114NSE: [ssh-brute] Trying username/password pair: webadmin:654321
3115NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
3116NSE: [ssh-brute] Trying username/password pair: netadmin:654321
3117NSE: [ssh-brute] Trying username/password pair: guest:654321
3118NSE: [ssh-brute] Trying username/password pair: user:654321
3119NSE: [ssh-brute] Trying username/password pair: web:654321
3120NSE: [ssh-brute] Trying username/password pair: test:654321
3121NSE: [ssh-brute] Trying username/password pair: root:michael
3122NSE: [ssh-brute] Trying username/password pair: admin:michael
3123NSE: [ssh-brute] Trying username/password pair: administrator:michael
3124NSE: [ssh-brute] Trying username/password pair: webadmin:michael
3125NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
3126NSE: [ssh-brute] Trying username/password pair: netadmin:michael
3127NSE: [ssh-brute] Trying username/password pair: guest:michael
3128NSE: [ssh-brute] Trying username/password pair: user:michael
3129NSE: [ssh-brute] Trying username/password pair: web:michael
3130NSE: [ssh-brute] Trying username/password pair: test:michael
3131NSE: [ssh-brute] Trying username/password pair: root:jessica
3132NSE: [ssh-brute] Trying username/password pair: admin:jessica
3133NSE: [ssh-brute] Trying username/password pair: administrator:jessica
3134NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
3135NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
3136NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
3137NSE: [ssh-brute] Trying username/password pair: guest:jessica
3138NSE: [ssh-brute] Trying username/password pair: user:jessica
3139NSE: [ssh-brute] Trying username/password pair: web:jessica
3140NSE: [ssh-brute] Trying username/password pair: test:jessica
3141NSE: [ssh-brute] Trying username/password pair: root:111111
3142NSE: [ssh-brute] Trying username/password pair: admin:111111
3143NSE: [ssh-brute] Trying username/password pair: administrator:111111
3144NSE: [ssh-brute] Trying username/password pair: webadmin:111111
3145NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
3146NSE: [ssh-brute] Trying username/password pair: netadmin:111111
3147NSE: [ssh-brute] Trying username/password pair: guest:111111
3148NSE: [ssh-brute] Trying username/password pair: user:111111
3149NSE: [ssh-brute] Trying username/password pair: web:111111
3150NSE: [ssh-brute] Trying username/password pair: test:111111
3151NSE: [ssh-brute] Trying username/password pair: root:ashley
3152NSE: [ssh-brute] Trying username/password pair: admin:ashley
3153NSE: [ssh-brute] Trying username/password pair: administrator:ashley
3154NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
3155NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
3156NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
3157NSE: [ssh-brute] Trying username/password pair: guest:ashley
3158NSE: [ssh-brute] Trying username/password pair: user:ashley
3159NSE: [ssh-brute] Trying username/password pair: web:ashley
3160NSE: [ssh-brute] Trying username/password pair: test:ashley
3161NSE: [ssh-brute] Trying username/password pair: root:000000
3162NSE: [ssh-brute] Trying username/password pair: admin:000000
3163NSE: [ssh-brute] Trying username/password pair: administrator:000000
3164NSE: [ssh-brute] Trying username/password pair: webadmin:000000
3165NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
3166NSE: [ssh-brute] Trying username/password pair: netadmin:000000
3167NSE: [ssh-brute] Trying username/password pair: guest:000000
3168NSE: [ssh-brute] Trying username/password pair: user:000000
3169NSE: [ssh-brute] Trying username/password pair: web:000000
3170NSE: [ssh-brute] Trying username/password pair: test:000000
3171NSE: [ssh-brute] Trying username/password pair: root:iloveu
3172NSE: [ssh-brute] Trying username/password pair: admin:iloveu
3173NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
3174NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
3175NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
3176NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
3177NSE: [ssh-brute] Trying username/password pair: guest:iloveu
3178NSE: [ssh-brute] Trying username/password pair: user:iloveu
3179NSE: [ssh-brute] Trying username/password pair: web:iloveu
3180NSE: [ssh-brute] Trying username/password pair: test:iloveu
3181NSE: [ssh-brute] Trying username/password pair: root:michelle
3182NSE: [ssh-brute] Trying username/password pair: admin:michelle
3183NSE: [ssh-brute] Trying username/password pair: administrator:michelle
3184NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
3185NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
3186NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
3187NSE: [ssh-brute] Trying username/password pair: guest:michelle
3188NSE: [ssh-brute] Trying username/password pair: user:michelle
3189NSE: [ssh-brute] Trying username/password pair: web:michelle
3190NSE: [ssh-brute] Trying username/password pair: test:michelle
3191NSE: [ssh-brute] Trying username/password pair: root:tigger
3192NSE: [ssh-brute] Trying username/password pair: admin:tigger
3193NSE: [ssh-brute] Trying username/password pair: administrator:tigger
3194NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
3195NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
3196NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
3197NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
3198NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
3199NSE: [ssh-brute] passwords: Time limit 3m00s exceeded.
3200Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3201Host is up (0.32s latency).
3202
3203PORT STATE SERVICE VERSION
320422/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
3205| ssh-auth-methods:
3206| Supported authentication methods:
3207| publickey
3208|_ password
3209| ssh-brute:
3210| Accounts: No valid accounts found
3211|_ Statistics: Performed 256 guesses in 182 seconds, average tps: 1.7
3212| ssh-hostkey:
3213| 2048 73:3e:fd:9f:b5:91:05:3a:59:de:53:9a:ad:5d:77:92 (RSA)
3214|_ 256 3d:3e:fb:92:af:0e:69:68:b0:71:18:77:49:c6:55:34 (ECDSA)
3215|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
3216|_ssh-run: Failed to specify credentials and command to run.
3217Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3218Device type: general purpose|firewall|media device|broadband router|security-misc
3219Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (99%), IPCop 2.X (98%), Tiandy embedded (98%), D-Link embedded (96%), Draytek embedded (96%)
3220OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:4.9 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20
3221Aggressive OS guesses: Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 2.6.32 (98%), IPCop 2 firewall (Linux 3.4) (98%), Linux 3.2 (98%), Tiandy NVR (98%), Linux 4.9 (98%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%)
3222No exact OS matches for host (test conditions non-ideal).
3223Network Distance: 22 hops
3224Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
3225
3226TRACEROUTE (using port 22/tcp)
3227HOP RTT ADDRESS
32281 132.29 ms 10.203.3.1
32292 ...
32303 130.64 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
32314 134.03 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
32325 139.51 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
32336 158.24 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
32347 170.53 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
32358 267.44 ms be2182.ccr21.lpl01.atlas.cogentco.com (154.54.77.246)
32369 267.35 ms be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162)
323710 260.04 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
323811 256.45 ms be2879.ccr22.cle04.atlas.cogentco.com (154.54.29.173)
323912 270.14 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
324013 267.35 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
324114 291.73 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
324215 321.01 ms 154.54.89.101
324316 316.64 ms 154.54.89.101
324417 323.24 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
324518 320.39 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
324619 322.57 ms 38.142.108.114
324720 324.75 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
324821 ...
324922 333.05 ms ps54052.dreamhostps.com (69.163.233.4)
3250#######################################################################################################################################
3251Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:19 EST
3252Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3253Host is up (0.29s latency).
3254
3255PORT STATE SERVICE VERSION
325625/tcp open smtp Postfix smtpd
3257|_smtp-commands: ps54052.dreamhostps.com, PIPELINING, SIZE 40960000, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
3258| smtp-enum-users:
3259|_ root
3260|_smtp-open-relay: Server doesn't seem to be an open relay, all tests failed
3261| smtp-vuln-cve2010-4344:
3262|_ The SMTP server is not Exim: NOT VULNERABLE
3263Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3264Device type: general purpose|firewall|media device|broadband router|security-misc
3265Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (99%), IPCop 2.X (98%), Tiandy embedded (98%), D-Link embedded (96%), Draytek embedded (96%)
3266OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:ipcop:ipcop:2.0 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:4.9 cpe:/h:dlink:dsl-2890al cpe:/h:draytek:vigor_2960 cpe:/o:linux:linux_kernel:2.6.25.20
3267Aggressive OS guesses: Linux 3.18 (99%), IPCop 2.0 (Linux 2.6.32) (98%), Linux 2.6.32 (98%), IPCop 2 firewall (Linux 3.4) (98%), Linux 3.2 (98%), Tiandy NVR (98%), Linux 4.9 (98%), D-Link DSL-2890AL ADSL router (96%), Draytek Vigor 2960 VPN firewall (96%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (96%)
3268No exact OS matches for host (test conditions non-ideal).
3269Network Distance: 21 hops
3270
3271TRACEROUTE (using port 25/tcp)
3272HOP RTT ADDRESS
32731 131.08 ms 10.203.3.1
32742 ...
32753 131.40 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
32764 131.37 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
32775 136.78 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
32786 154.05 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
32797 166.44 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
32808 265.25 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41)
32819 259.16 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38)
328210 267.83 ms be2890.ccr22.cle04.atlas.cogentco.com (154.54.82.245)
328311 267.26 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
328412 262.37 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
328513 280.31 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
328614 290.52 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
328715 305.76 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145)
328816 313.74 ms be3284.ccr22.sea02.atlas.cogentco.com (154.54.44.73)
328917 320.70 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
329018 325.94 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
329119 327.36 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
329220 321.36 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
329321 327.77 ms ps54052.dreamhostps.com (69.163.233.4)
3294####################################################################################################################################
3295Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:25 EST
3296Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3297Host is up (0.29s latency).
3298
3299PORT STATE SERVICE VERSION
330067/tcp closed dhcps
330167/udp closed dhcps
3302Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3303Device type: phone|broadband router|storage-misc|WAP|general purpose
3304Running: Google Android 5.X, Linksys embedded, Linux 2.4.X|2.6.X, TP-LINK embedded
3305OS CPE: cpe:/o:google:android:5.0.1 cpe:/h:linksys:wrv200 cpe:/h:linksys:nas200 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:tp-link:tl-wa801nd
3306OS details: Android 5.0.1, Linksys WRV200 wireless broadband router, Linksys NAS200 NAS device, DD-WRT v24-sp2 (Linux 2.4.36), Linux 2.6.22 (Kubuntu, x86), Linux 2.6.25 (openSUSE 11.0), Linux 2.6.32, TP-LINK TL-WA801ND WAP (Linux 2.6.36)
3307Network Distance: 21 hops
3308
3309TRACEROUTE (using port 67/tcp)
3310HOP RTT ADDRESS
33111 129.11 ms 10.203.3.1
33122 ...
33133 131.64 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
33144 131.58 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
33155 137.17 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
33166 151.99 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
33177 164.35 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
33188 261.50 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41)
33199 255.21 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38)
332010 259.37 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
332111 267.92 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
332212 272.23 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
332313 278.83 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
332414 292.01 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
332515 301.05 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145)
332616 310.63 ms be3284.ccr22.sea02.atlas.cogentco.com (154.54.44.73)
332717 317.06 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
332818 317.64 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
332919 323.02 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
333020 318.08 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
333121 319.49 ms ps54052.dreamhostps.com (69.163.233.4)
3332#####################################################################################################################################
3333Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:25 EST
3334Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3335Host is up (0.28s latency).
3336
3337PORT STATE SERVICE VERSION
333869/tcp closed tftp
333969/udp closed tftp
3340Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3341Device type: phone|broadband router|storage-misc|WAP|general purpose
3342Running: Google Android 5.X, Linksys embedded, Linux 2.4.X|2.6.X, TP-LINK embedded
3343OS CPE: cpe:/o:google:android:5.0.1 cpe:/h:linksys:wrv200 cpe:/h:linksys:nas200 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:tp-link:tl-wa801nd
3344OS details: Android 5.0.1, Linksys WRV200 wireless broadband router, Linksys NAS200 NAS device, DD-WRT v24-sp2 (Linux 2.4.36), Linux 2.6.22 (Kubuntu, x86), Linux 2.6.25 (openSUSE 11.0), Linux 2.6.32, TP-LINK TL-WA801ND WAP (Linux 2.6.36)
3345Network Distance: 22 hops
3346
3347TRACEROUTE (using port 69/tcp)
3348HOP RTT ADDRESS
33491 129.49 ms 10.203.3.1
33502 ...
33513 130.27 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
33524 129.91 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
33535 135.34 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
33546 154.29 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
33557 167.76 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
33568 258.01 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
33579 263.19 ms be2099.ccr31.bos01.atlas.cogentco.com (154.54.82.34)
335810 262.37 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
335911 263.94 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
336012 260.31 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
336113 276.04 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
336214 288.02 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)
336315 298.66 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
336416 321.50 ms 154.54.89.101
336517 325.29 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
336618 325.75 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
336719 317.53 ms 38.142.108.114
336820 325.82 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
336921 321.65 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
337022 314.41 ms ps54052.dreamhostps.com (69.163.233.4)
3371###################################################################################################################################
3372HTTP/1.1 200 OK
3373Date: Sun, 16 Feb 2020 07:27:06 GMT
3374Server: Apache
3375Last-Modified: Thu, 18 Apr 2019 18:54:24 GMT
3376ETag: "301-586d287d9b800"
3377Accept-Ranges: bytes
3378Content-Length: 769
3379Content-Type: text/html
3380
3381HTTP/1.1 200 OK
3382Date: Sun, 16 Feb 2020 07:27:07 GMT
3383Server: Apache
3384Last-Modified: Thu, 18 Apr 2019 18:54:24 GMT
3385ETag: "301-586d287d9b800"
3386Accept-Ranges: bytes
3387Content-Length: 769
3388Content-Type: text/html
3389####################################################################################################################################
3390Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:27 EST
3391Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3392Host is up (0.27s latency).
3393
3394PORT STATE SERVICE VERSION
3395123/tcp closed ntp
3396123/udp closed ntp
3397Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3398Device type: phone|broadband router|storage-misc|WAP|general purpose
3399Running: Google Android 5.X, Linksys embedded, Linux 2.4.X|2.6.X, TP-LINK embedded
3400OS CPE: cpe:/o:google:android:5.0.1 cpe:/h:linksys:wrv200 cpe:/h:linksys:nas200 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:tp-link:tl-wa801nd
3401OS details: Android 5.0.1, Linksys WRV200 wireless broadband router, Linksys NAS200 NAS device, DD-WRT v24-sp2 (Linux 2.4.36), Linux 2.6.22 (Kubuntu, x86), Linux 2.6.25 (openSUSE 11.0), Linux 2.6.32, TP-LINK TL-WA801ND WAP (Linux 2.6.36)
3402Network Distance: 21 hops
3403
3404TRACEROUTE (using port 123/tcp)
3405HOP RTT ADDRESS
34061 129.99 ms 10.203.3.1
34072 ...
34083 130.76 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
34094 130.76 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
34105 136.17 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
34116 154.38 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
34127 166.95 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
34138 258.65 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41)
34149 259.83 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38)
341510 262.25 ms be2890.ccr22.cle04.atlas.cogentco.com (154.54.82.245)
341611 268.57 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
341712 263.13 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
341813 284.58 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
341914 296.72 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
342015 306.73 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145)
342116 319.30 ms be3284.ccr22.sea02.atlas.cogentco.com (154.54.44.73)
342217 325.96 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78)
342318 324.99 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
342419 326.08 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3)
342520 325.11 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
342621 318.21 ms ps54052.dreamhostps.com (69.163.233.4)
3427####################################################################################################################################
3428Version: 1.11.13-static
3429OpenSSL 1.0.2-chacha (1.0.2g-dev)
3430
3431Connected to 69.163.233.4
3432
3433Testing SSL server 69.163.233.4 on port 443 using SNI name 69.163.233.4
3434
3435 TLS Fallback SCSV:
3436Server supports TLS Fallback SCSV
3437
3438 TLS renegotiation:
3439Session renegotiation not supported
3440
3441 TLS Compression:
3442Compression disabled
3443
3444 Heartbleed:
3445TLS 1.2 not vulnerable to heartbleed
3446TLS 1.1 not vulnerable to heartbleed
3447TLS 1.0 not vulnerable to heartbleed
3448
3449 Supported Server Cipher(s):
3450Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3451Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3452Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
3453Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
3454Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
3455Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3456Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
3457Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3458Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
3459Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3460Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
3461Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3462Accepted TLSv1.2 128 bits AES128-GCM-SHA256
3463Accepted TLSv1.2 256 bits AES256-GCM-SHA384
3464Accepted TLSv1.2 128 bits AES128-SHA256
3465Accepted TLSv1.2 128 bits AES128-SHA
3466Accepted TLSv1.2 256 bits AES256-SHA256
3467Accepted TLSv1.2 256 bits AES256-SHA
3468Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3469Accepted TLSv1.2 256 bits CAMELLIA256-SHA
3470Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3471Accepted TLSv1.2 128 bits CAMELLIA128-SHA
3472Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3473Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3474Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3475Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3476Accepted TLSv1.1 128 bits AES128-SHA
3477Accepted TLSv1.1 256 bits AES256-SHA
3478Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3479Accepted TLSv1.1 256 bits CAMELLIA256-SHA
3480Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3481Accepted TLSv1.1 128 bits CAMELLIA128-SHA
3482
3483 SSL Certificate:
3484Signature Algorithm: sha256WithRSAEncryption
3485RSA Key Strength: 2048
3486
3487Subject: sni.dreamhost.com
3488Issuer: sni.dreamhost.com
3489
3490Not valid before: Aug 11 18:24:23 2015 GMT
3491Not valid after: Aug 8 18:24:23 2025 GMT
3492####################################################################################################################################
3493Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 02:48 EST
3494Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3495Host is up (0.23s latency).
3496
3497PORT STATE SERVICE VERSION
349853/tcp closed domain
349967/tcp closed dhcps
350068/tcp closed dhcpc
350169/tcp closed tftp
350288/tcp closed kerberos-sec
3503123/tcp closed ntp
3504137/tcp closed netbios-ns
3505138/tcp closed netbios-dgm
3506139/tcp closed netbios-ssn
3507161/tcp closed snmp
3508162/tcp closed snmptrap
3509389/tcp closed ldap
3510520/tcp closed efs
35112049/tcp closed nfs
351253/udp open|filtered domain
351367/udp closed dhcps
351468/udp open|filtered dhcpc
351569/udp closed tftp
351688/udp open|filtered kerberos-sec
3517123/udp open|filtered ntp
3518137/udp closed netbios-ns
3519138/udp closed netbios-dgm
3520139/udp open|filtered netbios-ssn
3521161/udp closed snmp
3522162/udp closed snmptrap
3523389/udp open|filtered ldap
3524520/udp closed route
35252049/udp open|filtered nfs
3526Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3527Device type: phone|broadband router|storage-misc|WAP|general purpose
3528Running: Google Android 5.X, Linksys embedded, Linux 2.4.X|2.6.X, TP-LINK embedded
3529OS CPE: cpe:/o:google:android:5.0.1 cpe:/h:linksys:wrv200 cpe:/h:linksys:nas200 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:tp-link:tl-wa801nd
3530OS details: Android 5.0.1, Linksys WRV200 wireless broadband router, Linksys NAS200 NAS device, DD-WRT v24-sp2 (Linux 2.4.36), Linux 2.6.22 (Kubuntu, x86), Linux 2.6.25 (openSUSE 11.0), Linux 2.6.32, TP-LINK TL-WA801ND WAP (Linux 2.6.36)
3531Network Distance: 22 hops
3532
3533TRACEROUTE (using port 53/tcp)
3534HOP RTT ADDRESS
35351 146.77 ms 10.203.3.1
35362 ...
35373 163.21 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
35384 171.32 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
35395 177.04 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
35406 195.15 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
35417 203.49 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
35428 299.87 ms be2182.ccr21.lpl01.atlas.cogentco.com (154.54.77.246)
35439 299.71 ms be2099.ccr31.bos01.atlas.cogentco.com (154.54.82.34)
354410 305.67 ms be3599.ccr21.alb02.atlas.cogentco.com (66.28.4.237)
354511 319.87 ms be2879.ccr22.cle04.atlas.cogentco.com (154.54.29.173)
354612 275.96 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
354713 272.57 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
354814 299.57 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
354915 313.59 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110)
355016 311.06 ms be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110)
355117 324.38 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
355218 318.07 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158)
355319 320.00 ms 38.142.108.114
355420 322.30 ms pdx1-cr-1.sd.dreamhost.com (66.33.200.2)
355521 320.02 ms pdx1-a5u27-acc.sd.dreamhost.com (66.33.200.37)
355622 318.45 ms ps54052.dreamhostps.com (69.163.233.4)
3557####################################################################################################################################
3558Hosts
3559=====
3560
3561address mac name os_name os_flavor os_sp purpose info comments
3562------- --- ---- ------- --------- ----- ------- ---- --------
356345.88.202.111 Linux 3.X server
356469.163.233.4 ps54052.dreamhostps.com Linux 14.04 server
3565
3566Services
3567========
3568
3569host port proto name state info
3570---- ---- ----- ---- ----- ----
357145.88.202.111 22 tcp ssh open OpenSSH 7.9p1 Debian 10+deb10u1 protocol 2.0
357245.88.202.111 53 tcp domain open PowerDNS Authoritative Server 4.2.0-rc3
357345.88.202.111 53 udp domain open PowerDNS Authoritative Server 4.2.0-rc3
357445.88.202.111 67 tcp dhcps closed
357545.88.202.111 67 udp dhcps unknown
357645.88.202.111 68 tcp dhcpc closed
357745.88.202.111 68 udp dhcpc unknown
357845.88.202.111 69 tcp tftp closed
357945.88.202.111 69 udp tftp closed
358045.88.202.111 80 tcp http open nginx
358145.88.202.111 88 tcp kerberos-sec closed
358245.88.202.111 88 udp kerberos-sec unknown
358345.88.202.111 123 tcp ntp closed
358445.88.202.111 123 udp ntp closed
358545.88.202.111 137 tcp netbios-ns closed
358645.88.202.111 137 udp netbios-ns filtered
358745.88.202.111 138 tcp netbios-dgm closed
358845.88.202.111 138 udp netbios-dgm filtered
358945.88.202.111 139 tcp netbios-ssn closed
359045.88.202.111 139 udp netbios-ssn closed
359145.88.202.111 161 tcp snmp closed
359245.88.202.111 161 udp snmp closed
359345.88.202.111 162 tcp snmptrap closed
359445.88.202.111 162 udp snmptrap closed
359545.88.202.111 179 tcp bgp filtered
359645.88.202.111 389 tcp ldap closed
359745.88.202.111 389 udp ldap unknown
359845.88.202.111 443 tcp ssl/http open nginx
359945.88.202.111 520 tcp efs closed
360045.88.202.111 520 udp route unknown
360145.88.202.111 2049 tcp nfs closed
360245.88.202.111 2049 udp nfs closed
360345.88.202.111 10050 tcp tcpwrapped open
360469.163.233.4 21 tcp ftp open 220 DreamHost FTP Server\x0d\x0a
360569.163.233.4 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
360669.163.233.4 25 tcp open
360769.163.233.4 53 tcp domain closed
360869.163.233.4 53 udp domain unknown
360969.163.233.4 67 tcp dhcps closed
361069.163.233.4 67 udp dhcps closed
361169.163.233.4 68 tcp dhcpc closed
361269.163.233.4 68 udp dhcpc unknown
361369.163.233.4 69 tcp tftp closed
361469.163.233.4 69 udp tftp closed
361569.163.233.4 88 tcp kerberos-sec closed
361669.163.233.4 88 udp kerberos-sec unknown
361769.163.233.4 123 tcp ntp closed
361869.163.233.4 123 udp ntp unknown
361969.163.233.4 137 tcp netbios-ns closed
362069.163.233.4 137 udp netbios-ns closed
362169.163.233.4 138 tcp netbios-dgm closed
362269.163.233.4 138 udp netbios-dgm closed
362369.163.233.4 139 tcp netbios-ssn closed
362469.163.233.4 139 udp netbios-ssn unknown
362569.163.233.4 161 tcp snmp closed
362669.163.233.4 161 udp snmp closed
362769.163.233.4 162 tcp snmptrap closed
362869.163.233.4 162 udp snmptrap closed
362969.163.233.4 389 tcp ldap closed
363069.163.233.4 389 udp ldap unknown
363169.163.233.4 520 tcp efs closed
363269.163.233.4 520 udp route closed
363369.163.233.4 2049 tcp nfs closed
363469.163.233.4 2049 udp nfs unknown
3635##################################################################################################################################
3636Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-16 03:09 EST
3637Nmap scan report for ps54052.dreamhostps.com (69.163.233.4)
3638Host is up (0.33s latency).
3639Not shown: 991 closed ports
3640PORT STATE SERVICE VERSION
364121/tcp open ftp ProFTPD
3642| vulscan: VulDB - https://vuldb.com:
3643| [138380] ProFTPD 1.3.5b mod_copy Code Execution
3644| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
3645| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
3646| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
3647| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
3648| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
3649| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
3650| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
3651| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
3652| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
3653| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
3654| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
3655| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
3656| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
3657| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
3658| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
3659| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
3660| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
3661| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
3662| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
3663| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
3664| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
3665|
3666| MITRE CVE - https://cve.mitre.org:
3667| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
3668| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
3669| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
3670| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
3671| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
3672| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
3673| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
3674| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
3675| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
3676| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
3677| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
3678| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
3679| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
3680| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
3681| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
3682| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
3683| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
3684| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
3685| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
3686| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
3687| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
3688| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
3689| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
3690| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
3691| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3692| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
3693| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
3694| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
3695| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
3696| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
3697| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
3698| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
3699| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
3700| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
3701| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
3702| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
3703| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
3704| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
3705| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
3706|
3707| SecurityFocus - https://www.securityfocus.com/bid/:
3708| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
3709| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
3710| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
3711| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
3712| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
3713| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
3714| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
3715| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
3716| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
3717| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
3718| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
3719| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
3720| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
3721| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
3722| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
3723| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
3724| [44562] ProFTPD Multiple Remote Vulnerabilities
3725| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
3726| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
3727| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
3728| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
3729| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
3730| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
3731| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
3732| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
3733| [14381] ProFTPD Shutdown Message Format String Vulnerability
3734| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
3735| [12588] GProFTPD GProstats Remote Format String Vulnerability
3736| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
3737| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
3738| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
3739| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
3740| [7974] ProFTPD SQL Injection mod_sql Vulnerability
3741| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
3742| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
3743| [3310] ProFTPD Client Hostname Resolving Vulnerability
3744| [2366] ProFTPD USER Remote Denial of Service Vulnerability
3745| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
3746| [812] ProFTPD mod_sqlpw Vulnerability
3747| [650] ProFTPD snprintf Vulnerability
3748| [612] ProFTPD Remote Buffer Overflow
3749|
3750| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3751| [80980] ProFTPD FTP commands symlink
3752| [71226] ProFTPD pool code execution
3753| [65207] ProFTPD mod_sftp module denial of service
3754| [64495] ProFTPD sql_prepare_where() buffer overflow
3755| [63658] ProFTPD FTP server backdoor
3756| [63407] mod_sql module for ProFTPD buffer overflow
3757| [63155] ProFTPD pr_data_xfer denial of service
3758| [62909] ProFTPD mod_site_misc directory traversal
3759| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
3760| [53936] ProFTPD mod_tls SSL certificate security bypass
3761| [48951] ProFTPD mod_sql username percent SQL injection
3762| [48558] ProFTPD NLS support SQL injection protection bypass
3763| [45274] ProFTPD URL cross-site request forgery
3764| [33733] ProFTPD Auth API security bypass
3765| [31461] ProFTPD mod_radius buffer overflow
3766| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
3767| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
3768| [30147] ProFTPD sreplace() buffer overflow
3769| [21530] ProFTPD mod_sql format string attack
3770| [21528] ProFTPD shutdown message format string attack
3771| [19410] GProFTPD file name format string attack
3772| [18453] ProFTPD SITE CHGRP command allows group ownership modification
3773| [17724] ProFTPD could allow an attacker to obtain valid accounts
3774| [16038] ProFTPD CIDR entry ACL bypass
3775| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
3776| [12369] ProFTPD mod_sql SQL injection
3777| [12200] ProFTPD ASCII file newline buffer overflow
3778| [10932] ProFTPD long PASS command buffer overflow
3779| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
3780| [7818] ProFTPD ls "
3781| [7816] ProFTPD file globbing denial of service
3782| [7126] ProFTPD fails to resolve hostnames
3783| [6433] ProFTPD format string
3784| [6209] proFTPD /var symlink
3785| [6208] ProFTPD contains configuration error in postinst script when running as root
3786| [5801] proftpd memory leak when using SIZE or USER commands
3787| [5737] ProFTPD system using mod_sqlpw unauthorized access
3788|
3789| Exploit-DB - https://www.exploit-db.com:
3790| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
3791| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
3792| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
3793| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
3794| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
3795| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
3796| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
3797| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
3798| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
3799| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
3800| [16921] ProFTPD-1.3.3c Backdoor Command Execution
3801| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
3802| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
3803| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
3804| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
3805| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
3806| [15449] ProFTPD IAC Remote Root Exploit
3807| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
3808| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
3809| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
3810| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
3811| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
3812| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
3813| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
3814| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
3815| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
3816| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
3817| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
3818| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
3819| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
3820| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
3821| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
3822| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
3823|
3824| OpenVAS (Nessus) - http://www.openvas.org:
3825| [900815] ProFTPD Server Remote Version Detection
3826| [900507] ProFTPD Server SQL Injection Vulnerability
3827| [900506] ProFTPD Server Version Detection
3828| [900133] ProFTPD Long Command Handling Security Vulnerability
3829| [863897] Fedora Update for proftpd FEDORA-2011-15765
3830| [863633] Fedora Update for proftpd FEDORA-2011-15741
3831| [863630] Fedora Update for proftpd FEDORA-2011-15740
3832| [862999] Fedora Update for proftpd FEDORA-2011-5040
3833| [862992] Fedora Update for proftpd FEDORA-2011-5033
3834| [862829] Fedora Update for proftpd FEDORA-2011-0613
3835| [862828] Fedora Update for proftpd FEDORA-2011-0610
3836| [862658] Fedora Update for proftpd FEDORA-2010-17091
3837| [862546] Fedora Update for proftpd FEDORA-2010-17220
3838| [862544] Fedora Update for proftpd FEDORA-2010-17098
3839| [861120] Fedora Update for proftpd FEDORA-2007-2613
3840| [831503] Mandriva Update for proftpd MDVSA-2011:181 (proftpd)
3841| [831323] Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
3842| [831242] Mandriva Update for proftpd MDVSA-2010:227 (proftpd)
3843| [830311] Mandriva Update for proftpd MDKSA-2007:130 (proftpd)
3844| [830197] Mandriva Update for proftpd MDKA-2007:089 (proftpd)
3845| [801640] ProFTPD Denial of Service Vulnerability
3846| [801639] ProFTPD Multiple Remote Vulnerabilities
3847| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
3848| [100933] ProFTPD Backdoor Unauthorized Access Vulnerability
3849| [100316] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
3850| [71967] Slackware Advisory SSA:2012-041-04 proftpd
3851| [70586] FreeBSD Ports: proftpd, proftpd-mysql
3852| [70560] Debian Security Advisory DSA 2346-2 (proftpd-dfsg)
3853| [70559] Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
3854| [69584] Slackware Advisory SSA:2011-095-01 proftpd
3855| [69327] Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
3856| [69322] Debian Security Advisory DSA 2185-1 (proftpd-dfsg)
3857| [68801] Slackware Advisory SSA:2010-357-02 proftpd
3858| [68702] FreeBSD Ports: proftpd
3859| [68697] FreeBSD Ports: proftpd
3860| [68466] Slackware Advisory SSA:2010-305-03 proftpd
3861| [66585] Fedora Core 11 FEDORA-2009-13236 (proftpd)
3862| [66583] Fedora Core 12 FEDORA-2009-13250 (proftpd)
3863| [66291] Fedora Core 10 FEDORA-2009-11666 (proftpd)
3864| [66290] Fedora Core 11 FEDORA-2009-11649 (proftpd)
3865| [66205] Debian Security Advisory DSA 1925-1 (proftpd-dfsg)
3866| [66091] Mandrake Security Advisory MDVSA-2009:288 (proftpd)
3867| [64966] Fedora Core 10 FEDORA-2009-9386 (proftpd)
3868| [63630] FreeBSD Ports: proftpd, proftpd-mysql
3869| [63573] Debian Security Advisory DSA 1727-1 (proftpd-dfsg)
3870| [63558] Gentoo Security Advisory GLSA 200903-27 (proftpd)
3871| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
3872| [63128] Fedora Core 8 FEDORA-2009-0195 (proftpd)
3873| [63119] Fedora Core 10 FEDORA-2009-0089 (proftpd)
3874| [63117] Fedora Core 9 FEDORA-2009-0064 (proftpd)
3875| [63061] Debian Security Advisory DSA 1689-1 (proftpd-dfsg)
3876| [61656] FreeBSD Ports: proftpd, proftpd-mysql
3877| [58019] Gentoo Security Advisory GLSA 200702-02 (proftpd)
3878| [57939] Gentoo Security Advisory GLSA 200611-26 (proftpd)
3879| [57786] Debian Security Advisory DSA 1245-1 (proftpd)
3880| [57725] FreeBSD Ports: proftpd, proftpd-mysql
3881| [57703] Slackware Advisory SSA:2006-335-02 proftpd
3882| [57686] Debian Security Advisory DSA 1222-2 (proftpd)
3883| [57683] Debian Security Advisory DSA 1222-1 (proftpd)
3884| [57592] Debian Security Advisory DSA 1218-1 (proftpd)
3885| [57576] FreeBSD Ports: proftpd, proftpd-mysql
3886| [55234] Debian Security Advisory DSA 795-2 (proftpd)
3887| [55007] Gentoo Security Advisory GLSA 200508-02 (proftpd)
3888| [54858] Gentoo Security Advisory GLSA 200502-26 (GProFTPD)
3889| [54569] Gentoo Security Advisory GLSA 200405-09 (proftpd)
3890| [54483] FreeBSD Ports: proftpd, proftpd-mysql
3891| [53882] Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
3892| [53794] Debian Security Advisory DSA 032-1 (proftpd)
3893| [53791] Debian Security Advisory DSA 029-1 (proftpd)
3894| [52532] FreeBSD Ports: proftpd
3895| [52464] FreeBSD Ports: proftpd
3896| [15484] proftpd < 1.2.11 remote user enumeration
3897|
3898| SecurityTracker - https://www.securitytracker.com:
3899| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
3900| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
3901| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
3902| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
3903| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
3904| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
3905| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
3906| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
3907| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
3908| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
3909| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
3910| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
3911| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
3912| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
3913|
3914| OSVDB - http://www.osvdb.org:
3915| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
3916| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
3917| [70868] ProFTPD mod_sftp Component SSH Payload DoS
3918| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
3919| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
3920| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
3921| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
3922| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
3923| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
3924| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
3925| [57310] ProFTPD Multiple Unspecified Overflows
3926| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
3927| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
3928| [57307] ProFTPD Multiple Modules Unspecified Overflows
3929| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
3930| [57305] ProFTPD src/main.c Unspecified Overflow
3931| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
3932| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
3933| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
3934| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
3935| [51849] ProFTPD Character Encoding SQL Injection
3936| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
3937| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
3938| [48411] ProFTPD FTP Command Truncation CSRF
3939| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
3940| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
3941| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
3942| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
3943| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
3944| [23063] ProFTPD mod_radius Password Overflow DoS
3945| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
3946| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
3947| [18270] ProFTPD ftpshut Shutdown Message Format String
3948| [14012] GProftpd gprostats Utility Log Parser Remote Format String
3949| [10769] ProFTPD File Transfer Newline Character Overflow
3950| [10768] ProFTPD STAT Command Remote DoS
3951| [10758] ProFTPD Login Timing Account Name Enumeration
3952| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
3953| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
3954| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
3955| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
3956| [7165] ProFTPD USER Command Memory Leak DoS
3957| [5744] ProFTPD CIDR IP Subnet ACL Bypass
3958| [5705] ProFTPD Malformed cwd Command Format String
3959| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
3960| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
3961| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
3962|_
396322/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
3964| vulscan: VulDB - https://vuldb.com:
3965| [12724] OpenSSH up to 6.6 Fingerprint Record Check sshconnect.c verify_host_key HostCertificate weak authentication
3966|
3967| MITRE CVE - https://cve.mitre.org:
3968| [CVE-2012-5975] The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
3969| [CVE-2012-5536] A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
3970| [CVE-2010-5107] The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
3971| [CVE-2008-1483] OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
3972| [CVE-2007-3102] Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
3973| [CVE-2004-2414] Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
3974|
3975| SecurityFocus - https://www.securityfocus.com/bid/:
3976| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
3977| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
3978| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
3979| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
3980| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
3981| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
3982| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
3983| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
3984| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
3985| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
3986| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
3987| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
3988| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
3989| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
3990| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
3991| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
3992| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
3993| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
3994| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
3995| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
3996| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
3997| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
3998| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
3999| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
4000| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
4001| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
4002| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
4003| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
4004| [75990] OpenSSH Login Handling Security Bypass Weakness
4005| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
4006| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
4007| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
4008| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
4009| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
4010| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
4011| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
4012| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
4013| [61286] OpenSSH Remote Denial of Service Vulnerability
4014| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
4015| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
4016| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
4017| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
4018| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
4019| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
4020| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
4021| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
4022| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
4023| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
4024| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
4025| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
4026| [30794] Red Hat OpenSSH Backdoor Vulnerability
4027| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
4028| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
4029| [28531] OpenSSH ForceCommand Command Execution Weakness
4030| [28444] OpenSSH X Connections Session Hijacking Vulnerability
4031| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
4032| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
4033| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
4034| [20956] OpenSSH Privilege Separation Key Signature Weakness
4035| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
4036| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
4037| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
4038| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
4039| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
4040| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
4041| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
4042| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
4043| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
4044| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
4045| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
4046| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
4047| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
4048| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
4049| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
4050| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
4051| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
4052| [6168] OpenSSH Visible Password Vulnerability
4053| [5374] OpenSSH Trojan Horse Vulnerability
4054| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
4055| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
4056| [4241] OpenSSH Channel Code Off-By-One Vulnerability
4057| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
4058| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
4059| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
4060| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
4061| [2917] OpenSSH PAM Session Evasion Vulnerability
4062| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
4063| [2356] OpenSSH Private Key Authentication Check Vulnerability
4064| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
4065| [1334] OpenSSH UseLogin Vulnerability
4066|
4067| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4068| [83258] GSI-OpenSSH auth-pam.c security bypass
4069| [82781] OpenSSH time limit denial of service
4070| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
4071| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
4072| [72756] Debian openssh-server commands information disclosure
4073| [68339] OpenSSH pam_thread buffer overflow
4074| [67264] OpenSSH ssh-keysign unauthorized access
4075| [65910] OpenSSH remote_glob function denial of service
4076| [65163] OpenSSH certificate information disclosure
4077| [64387] OpenSSH J-PAKE security bypass
4078| [63337] Cisco Unified Videoconferencing OpenSSH weak security
4079| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
4080| [45202] OpenSSH signal handler denial of service
4081| [44747] RHEL OpenSSH backdoor
4082| [44280] OpenSSH PermitRootLogin information disclosure
4083| [44279] OpenSSH sshd weak security
4084| [44037] OpenSSH sshd SELinux role unauthorized access
4085| [43940] OpenSSH X11 forwarding information disclosure
4086| [41549] OpenSSH ForceCommand directive security bypass
4087| [41438] OpenSSH sshd session hijacking
4088| [40897] OpenSSH known_hosts weak security
4089| [40587] OpenSSH username weak security
4090| [37371] OpenSSH username data manipulation
4091| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
4092| [37112] RHSA update for OpenSSH signal handler race condition not installed
4093| [37107] RHSA update for OpenSSH identical block denial of service not installed
4094| [36637] OpenSSH X11 cookie privilege escalation
4095| [35167] OpenSSH packet.c newkeys[mode] denial of service
4096| [34490] OpenSSH OPIE information disclosure
4097| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
4098| [32975] Apple Mac OS X OpenSSH denial of service
4099| [32387] RHSA-2006:0738 updates for openssh not installed
4100| [32359] RHSA-2006:0697 updates for openssh not installed
4101| [32230] RHSA-2006:0298 updates for openssh not installed
4102| [32132] RHSA-2006:0044 updates for openssh not installed
4103| [30120] OpenSSH privilege separation monitor authentication verification weakness
4104| [29255] OpenSSH GSSAPI user enumeration
4105| [29254] OpenSSH signal handler race condition
4106| [29158] OpenSSH identical block denial of service
4107| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
4108| [25116] OpenSSH OpenPAM denial of service
4109| [24305] OpenSSH SCP shell expansion command execution
4110| [22665] RHSA-2005:106 updates for openssh not installed
4111| [22117] OpenSSH GSSAPI allows elevated privileges
4112| [22115] OpenSSH GatewayPorts security bypass
4113| [20930] OpenSSH sshd.c LoginGraceTime denial of service
4114| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
4115| [17213] OpenSSH allows port bouncing attacks
4116| [16323] OpenSSH scp file overwrite
4117| [13797] OpenSSH PAM information leak
4118| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
4119| [13264] OpenSSH PAM code could allow an attacker to gain access
4120| [13215] OpenSSH buffer management errors could allow an attacker to execute code
4121| [13214] OpenSSH memory vulnerabilities
4122| [13191] OpenSSH large packet buffer overflow
4123| [12196] OpenSSH could allow an attacker to bypass login restrictions
4124| [11970] OpenSSH could allow an attacker to obtain valid administrative account
4125| [11902] OpenSSH PAM support enabled information leak
4126| [9803] OpenSSH "
4127| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
4128| [9307] OpenSSH is running on the system
4129| [9169] OpenSSH "
4130| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
4131| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
4132| [8383] OpenSSH off-by-one error in channel code
4133| [7647] OpenSSH UseLogin option arbitrary code execution
4134| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
4135| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
4136| [7179] OpenSSH source IP access control bypass
4137| [6757] OpenSSH "
4138| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
4139| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
4140| [5517] OpenSSH allows unauthorized access to resources
4141| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
4142|
4143| Exploit-DB - https://www.exploit-db.com:
4144| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
4145|
4146| OpenVAS (Nessus) - http://www.openvas.org:
4147| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
4148| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
4149| [881183] CentOS Update for openssh CESA-2012:0884 centos6
4150| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
4151| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
4152| [870763] RedHat Update for openssh RHSA-2012:0884-04
4153| [870129] RedHat Update for openssh RHSA-2008:0855-01
4154| [861813] Fedora Update for openssh FEDORA-2010-5429
4155| [861319] Fedora Update for openssh FEDORA-2007-395
4156| [861170] Fedora Update for openssh FEDORA-2007-394
4157| [861012] Fedora Update for openssh FEDORA-2007-715
4158| [840345] Ubuntu Update for openssh vulnerability USN-597-1
4159| [840300] Ubuntu Update for openssh update USN-612-5
4160| [840271] Ubuntu Update for openssh vulnerability USN-612-2
4161| [840268] Ubuntu Update for openssh update USN-612-7
4162| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
4163| [840214] Ubuntu Update for openssh vulnerability USN-566-1
4164| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
4165| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
4166| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
4167| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
4168| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
4169| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
4170| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
4171| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
4172| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
4173| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
4174| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
4175| [100584] OpenSSH X Connections Session Hijacking Vulnerability
4176| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
4177| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
4178| [65987] SLES10: Security update for OpenSSH
4179| [65819] SLES10: Security update for OpenSSH
4180| [65514] SLES9: Security update for OpenSSH
4181| [65513] SLES9: Security update for OpenSSH
4182| [65334] SLES9: Security update for OpenSSH
4183| [65248] SLES9: Security update for OpenSSH
4184| [65218] SLES9: Security update for OpenSSH
4185| [65169] SLES9: Security update for openssh,openssh-askpass
4186| [65126] SLES9: Security update for OpenSSH
4187| [65019] SLES9: Security update for OpenSSH
4188| [65015] SLES9: Security update for OpenSSH
4189| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
4190| [61639] Debian Security Advisory DSA 1638-1 (openssh)
4191| [61030] Debian Security Advisory DSA 1576-2 (openssh)
4192| [61029] Debian Security Advisory DSA 1576-1 (openssh)
4193| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
4194| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
4195| [60667] Slackware Advisory SSA:2008-095-01 openssh
4196| [59014] Slackware Advisory SSA:2007-255-01 openssh
4197| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
4198| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
4199| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
4200| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
4201| [57492] Slackware Advisory SSA:2006-272-02 openssh
4202| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
4203| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
4204| [57470] FreeBSD Ports: openssh
4205| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
4206| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
4207| [56294] Slackware Advisory SSA:2006-045-06 openssh
4208| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
4209| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
4210| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
4211| [53788] Debian Security Advisory DSA 025-1 (openssh)
4212| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
4213| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
4214| [11343] OpenSSH Client Unauthorized Remote Forwarding
4215| [10954] OpenSSH AFS/Kerberos ticket/token passing
4216| [10883] OpenSSH Channel Code Off by 1
4217| [10823] OpenSSH UseLogin Environment Variables
4218|
4219| SecurityTracker - https://www.securitytracker.com:
4220| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
4221| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
4222| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
4223| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
4224| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
4225| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
4226| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
4227| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
4228| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
4229| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
4230| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
4231| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
4232| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
4233| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
4234| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
4235| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
4236| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
4237| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
4238| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
4239| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
4240| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
4241| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
4242| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
4243| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
4244| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
4245| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
4246| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
4247| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
4248| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
4249| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
4250| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
4251| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
4252| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
4253| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
4254| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
4255| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
4256| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
4257| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
4258|
4259| OSVDB - http://www.osvdb.org:
4260| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
4261| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
4262| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
4263| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
4264| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
4265| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
4266| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
4267| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
4268| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
4269| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
4270| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
4271| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
4272| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
4273| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
4274| [56921] OpenSSH Unspecified Remote Compromise
4275| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
4276| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
4277| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
4278| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
4279| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
4280| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
4281| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
4282| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
4283| [43745] OpenSSH X11 Forwarding Local Session Hijacking
4284| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
4285| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
4286| [37315] pam_usb OpenSSH Authentication Unspecified Issue
4287| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
4288| [34601] OPIE w/ OpenSSH Account Enumeration
4289| [34600] OpenSSH S/KEY Authentication Account Enumeration
4290| [32721] OpenSSH Username Password Complexity Account Enumeration
4291| [30232] OpenSSH Privilege Separation Monitor Weakness
4292| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
4293| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
4294| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
4295| [29152] OpenSSH Identical Block Packet DoS
4296| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
4297| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
4298| [22692] OpenSSH scp Command Line Filename Processing Command Injection
4299| [20216] OpenSSH with KerberosV Remote Authentication Bypass
4300| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
4301| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
4302| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
4303| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
4304| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
4305| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
4306| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
4307| [6601] OpenSSH *realloc() Unspecified Memory Errors
4308| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
4309| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
4310| [6072] OpenSSH PAM Conversation Function Stack Modification
4311| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
4312| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
4313| [5408] OpenSSH echo simulation Information Disclosure
4314| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
4315| [4536] OpenSSH Portable AIX linker Privilege Escalation
4316| [3938] OpenSSL and OpenSSH /dev/random Check Failure
4317| [3456] OpenSSH buffer_append_space() Heap Corruption
4318| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
4319| [2140] OpenSSH w/ PAM Username Validity Timing Attack
4320| [2112] OpenSSH Reverse DNS Lookup Bypass
4321| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
4322| [1853] OpenSSH Symbolic Link 'cookies' File Removal
4323| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
4324| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
4325| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
4326| [688] OpenSSH UseLogin Environment Variable Local Command Execution
4327| [642] OpenSSH Multiple Key Type ACL Bypass
4328| [504] OpenSSH SSHv2 Public Key Authentication Bypass
4329| [341] OpenSSH UseLogin Local Privilege Escalation
4330|_
433125/tcp open smtp Postfix smtpd
4332| vulscan: VulDB - https://vuldb.com:
4333| [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability
4334| [98314] PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status denial of service
4335| [71720] Postfix up to 2.3.0 backup.php pacrypt sql injection
4336| [12746] Postfix Admin 2.3.6 functions.inc.php sql injection
4337| [57422] Postfix memory corruption
4338| [56843] Postfix up to 2.7.2 Cleartext weak encryption
4339|
4340| MITRE CVE - https://cve.mitre.org:
4341| [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
4342| [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
4343| [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
4344| [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
4345| [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
4346| [CVE-2008-4977] ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
4347| [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
4348| [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
4349| [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
4350| [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
4351| [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
4352| [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
4353| [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
4354| [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
4355| [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
4356| [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
4357| [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
4358| [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
4359| [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
4360| [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
4361|
4362| SecurityFocus - https://www.securityfocus.com/bid/:
4363| [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability
4364| [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities
4365| [67250] Postfix Arbitrary Content Security Bypass Vulnerability
4366| [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability
4367| [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability
4368| [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
4369| [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
4370| [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
4371| [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
4372| [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
4373| [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
4374| [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability
4375| [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability
4376| [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability
4377| [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability
4378| [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability
4379| [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
4380| [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
4381| [8361] Postfix Connection Proxying Vulnerability
4382| [8333] Multiple Postfix Denial of Service Vulnerabilities
4383| [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability
4384| [3637] SuSEConfig.postfix chroot File Ownership Vulnerability
4385| [3544] Postfix SMTP Log Denial Of Service Vulnerability
4386| [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
4387|
4388| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4389| [72752] Postfix Admin multiple parameters SQL injection
4390| [72751] PostfixAdmin multiple parameters cross-site scripting
4391| [67359] Postfix Cyrus SASL library in the SMTP server code execution
4392| [55970] SUSE Linux Enterprise postfix security bypass
4393| [53425] Postfix in Debian and Ubuntu pid symlink
4394| [45876] Apple Mac OS X Postfix configuration file weak security
4395| [44865] Postfix file descriptor denial of service
4396| [44461] Postfix email information disclosure
4397| [44460] Postfix symlink code execution
4398| [22655] RHSA-2005:152 updates for postfix not installed
4399| [19218] Postfix IPv6 mail relay
4400| [18435] SQLgrey Postfix greylisting service SQL injection
4401| [18353] Postfix CRAM-MD5 authentication replay attack
4402| [17998] SQLgrey Postfix greylisting service SQL injection
4403| [17595] Apple Mac OS postfix SMTPD AUTH denial of service
4404| [12816] Postfix MAIL FROM or RCPT TO denial of service
4405| [12815] Postfix could be used as a distributed denial of service tool
4406| [7568] Postfix SMTP log denial of service
4407| [4905] Cyrus with postfix and procmail integration could allow remote command execution
4408|
4409| Exploit-DB - https://www.exploit-db.com:
4410| [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
4411| [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2)
4412| [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1)
4413| [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow
4414| [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow
4415| [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
4416| [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
4417| [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit
4418|
4419| OpenVAS (Nessus) - http://www.openvas.org:
4420| [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
4421| [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64
4422| [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64
4423| [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64
4424| [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64
4425| [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386
4426| [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386
4427| [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386
4428| [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386
4429| [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386
4430| [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64
4431| [870658] RedHat Update for postfix RHSA-2011:0423-01
4432| [870440] RedHat Update for postfix RHSA-2011:0843-01
4433| [870418] RedHat Update for postfix RHSA-2011:0422-01
4434| [870021] RedHat Update for postfix RHSA-2008:0839-01
4435| [863100] Fedora Update for postfix FEDORA-2011-6777
4436| [863097] Fedora Update for postfix FEDORA-2011-6771
4437| [862950] Fedora Update for postfix FEDORA-2011-3394
4438| [862938] Fedora Update for postfix FEDORA-2011-3355
4439| [860510] Fedora Update for postfix FEDORA-2008-8593
4440| [860419] Fedora Update for postfix FEDORA-2008-8595
4441| [850126] SuSE Update for postfix SUSE-SA:2010:011
4442| [850031] SuSE Update for postfix SUSE-SA:2008:040
4443| [840658] Ubuntu Update for postfix USN-1131-1
4444| [840648] Ubuntu Update for postfix USN-1113-1
4445| [840227] Ubuntu Update for postfix vulnerabilities USN-642-1
4446| [840190] Ubuntu Update for postfix vulnerability USN-636-1
4447| [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix)
4448| [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix)
4449| [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix)
4450| [830075] Mandriva Update for postfix MDKA-2007:079 (postfix)
4451| [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
4452| [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix)
4453| [70744] FreeBSD Ports: postfixadmin
4454| [69770] FreeBSD Ports: postfix, postfix-base
4455| [69733] Debian Security Advisory DSA 2233-1 (postfix)
4456| [69363] FreeBSD Ports: postfix, postfix-base
4457| [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix)
4458| [65957] SLES10: Security update for Postfix
4459| [65911] SLES10: Security update for Postfix
4460| [65353] SLES9: Security update for Postfix
4461| [65350] SLES9: Security update for postfix
4462| [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix)
4463| [61646] Gentoo Security Advisory GLSA 200809-09 (postfix)
4464| [61445] Gentoo Security Advisory GLSA 200808-12 (postfix)
4465| [61435] Debian Security Advisory DSA 1629-2 (postfix)
4466| [61434] Debian Security Advisory DSA 1629-1 (postfix)
4467| [60836] FreeBSD Ports: postfix-policyd-weight
4468| [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd)
4469| [53833] Debian Security Advisory DSA 093-1 (postfix)
4470| [53652] Debian Security Advisory DSA 363-1 (postfix)
4471|
4472| SecurityTracker - https://www.securitytracker.com:
4473| [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service
4474| [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands
4475| [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service
4476| [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges
4477| [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail
4478| [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
4479| [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts
4480| [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System
4481| [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
4482|
4483| OSVDB - http://www.osvdb.org:
4484| [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation
4485| [78567] Postfix Admin backup.php Unspecified SQL Injection
4486| [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection
4487| [78565] Postfix Admin create-domain.php Unspecified SQL Injection
4488| [78564] Postfix Admin Unspecified XSS
4489| [78563] Postfix Admin edit-alias.php Unspecified XSS
4490| [78562] Postfix Admin create-alias.php Unspecified XSS
4491| [78561] Postfix Admin create-domain.php Unspecified XSS
4492| [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS
4493| [78559] Postfix Admin templates/menu.php domain Parameter XSS
4494| [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption
4495| [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection
4496| [68340] Artica postfix.events.php Unrestricted Access Information Disclosure
4497| [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass
4498| [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite
4499| [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite
4500| [48973] Apple Mac OS X Postfix Network Access Configuration Weakness
4501| [48108] Postfix epoll File Descriptor Leak Local DoS
4502| [47659] Postfix Cross-user Filename Local Mail Interception
4503| [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append
4504| [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
4505| [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow
4506| [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
4507| [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
4508| [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection
4509| [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
4510| [11571] SQLgrey Postfix greylisting Email Address SQL Injection
4511| [10545] Postfix Multiple Mail Header SMTP listener DoS
4512| [10544] Postfix Malformed Envelope Address nqmgr DoS
4513| [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
4514| [6551] Postfix Bounce Scan / Packet Amplification DDoS
4515| [1991] Postfix SMTP Log DoS
4516|_
451780/tcp open http Apache httpd
4518|_http-server-header: Apache
4519| vulscan: VulDB - https://vuldb.com:
4520| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
4521| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
4522| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
4523| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
4524| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
4525| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
4526| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
4527| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
4528| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
4529| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
4530| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
4531| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
4532| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
4533| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
4534| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
4535| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
4536| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
4537| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
4538| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
4539| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
4540| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
4541| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
4542| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
4543| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
4544| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
4545| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
4546| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
4547| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
4548| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
4549| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
4550| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
4551| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
4552| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
4553| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
4554| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
4555| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4556| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
4557| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
4558| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
4559| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
4560| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4561| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4562| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
4563| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
4564| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
4565| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4566| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4567| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
4568| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
4569| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
4570| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
4571| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
4572| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
4573| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
4574| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
4575| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
4576| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
4577| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
4578| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
4579| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
4580| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
4581| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
4582| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
4583| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
4584| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
4585| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4586| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
4587| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
4588| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
4589| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
4590| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
4591| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
4592| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
4593| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
4594| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
4595| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
4596| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
4597| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
4598| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
4599| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
4600| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
4601| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
4602| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
4603| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
4604| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
4605| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
4606| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
4607| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
4608| [136370] Apache Fineract up to 1.2.x sql injection
4609| [136369] Apache Fineract up to 1.2.x sql injection
4610| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
4611| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
4612| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
4613| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
4614| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
4615| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
4616| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
4617| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
4618| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
4619| [134416] Apache Sanselan 0.97-incubator Loop denial of service
4620| [134415] Apache Sanselan 0.97-incubator Hang denial of service
4621| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
4622| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
4623| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4624| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4625| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
4626| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
4627| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
4628| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
4629| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
4630| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
4631| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
4632| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
4633| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
4634| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
4635| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
4636| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
4637| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4638| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4639| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
4640| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
4641| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
4642| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
4643| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4644| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
4645| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
4646| [131859] Apache Hadoop up to 2.9.1 privilege escalation
4647| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4648| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
4649| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
4650| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
4651| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
4652| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
4653| [130629] Apache Guacamole Cookie Flag weak encryption
4654| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
4655| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
4656| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
4657| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4658| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4659| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4660| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
4661| [130123] Apache Airflow up to 1.8.2 information disclosure
4662| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
4663| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4664| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4665| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
4666| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4667| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4668| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4669| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
4670| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4671| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
4672| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
4673| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
4674| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4675| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
4676| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
4677| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
4678| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
4679| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
4680| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4681| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
4682| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4683| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
4684| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
4685| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4686| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
4687| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4688| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
4689| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
4690| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
4691| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
4692| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
4693| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
4694| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4695| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
4696| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4697| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
4698| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
4699| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
4700| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
4701| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
4702| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
4703| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
4704| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
4705| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
4706| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
4707| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
4708| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4709| [127007] Apache Spark Request Code Execution
4710| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
4711| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
4712| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
4713| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
4714| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4715| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
4716| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
4717| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4718| [126346] Apache Tomcat Path privilege escalation
4719| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4720| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4721| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4722| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4723| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4724| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4725| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4726| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4727| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4728| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4729| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4730| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4731| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4732| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4733| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4734| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
4735| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
4736| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
4737| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
4738| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
4739| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4740| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4741| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4742| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4743| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4744| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4745| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4746| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4747| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4748| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4749| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4750| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4751| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4752| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4753| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4754| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4755| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4756| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4757| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
4758| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4759| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4760| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4761| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4762| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4763| [123197] Apache Sentry up to 2.0.0 privilege escalation
4764| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
4765| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
4766| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
4767| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4768| [122800] Apache Spark 1.3.0 REST API weak authentication
4769| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
4770| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
4771| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
4772| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
4773| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4774| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4775| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4776| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4777| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4778| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4779| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4780| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4781| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4782| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4783| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4784| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4785| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4786| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4787| [121354] Apache CouchDB HTTP API Code Execution
4788| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4789| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4790| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4791| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4792| [120168] Apache CXF weak authentication
4793| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4794| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4795| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4796| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4797| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4798| [119306] Apache MXNet Network Interface privilege escalation
4799| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4800| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4801| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4802| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4803| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4804| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4805| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4806| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4807| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4808| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4809| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4810| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4811| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4812| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4813| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4814| [117115] Apache Tika up to 1.17 tika-server command injection
4815| [116929] Apache Fineract getReportType Parameter privilege escalation
4816| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4817| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4818| [116926] Apache Fineract REST Parameter privilege escalation
4819| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4820| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4821| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4822| [115883] Apache Hive up to 2.3.2 privilege escalation
4823| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4824| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4825| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4826| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4827| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4828| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4829| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4830| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4831| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4832| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4833| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4834| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4835| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4836| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4837| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4838| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4839| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4840| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4841| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4842| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4843| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4844| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4845| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4846| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4847| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4848| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4849| [113895] Apache Geode up to 1.3.x Code Execution
4850| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4851| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4852| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4853| [113747] Apache Tomcat Servlets privilege escalation
4854| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4855| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4856| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4857| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4858| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4859| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4860| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4861| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4862| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4863| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4864| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4865| [112885] Apache Allura up to 1.8.0 File information disclosure
4866| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4867| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4868| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4869| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4870| [112625] Apache POI up to 3.16 Loop denial of service
4871| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4872| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4873| [112339] Apache NiFi 1.5.0 Header privilege escalation
4874| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4875| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4876| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4877| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4878| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4879| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4880| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4881| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4882| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4883| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4884| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4885| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4886| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4887| [112114] Oracle 9.1 Apache Log4j privilege escalation
4888| [112113] Oracle 9.1 Apache Log4j privilege escalation
4889| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4890| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4891| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4892| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4893| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4894| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4895| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4896| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4897| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4898| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4899| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4900| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4901| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4902| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4903| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4904| [110701] Apache Fineract Query Parameter sql injection
4905| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4906| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4907| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4908| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4909| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4910| [110106] Apache CXF Fediz Spring cross site request forgery
4911| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4912| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4913| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4914| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4915| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4916| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4917| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4918| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4919| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4920| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4921| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4922| [108938] Apple macOS up to 10.13.1 apache denial of service
4923| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4924| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4925| [108935] Apple macOS up to 10.13.1 apache denial of service
4926| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4927| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4928| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4929| [108931] Apple macOS up to 10.13.1 apache denial of service
4930| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4931| [108929] Apple macOS up to 10.13.1 apache denial of service
4932| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4933| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4934| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4935| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4936| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4937| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4938| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4939| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
4940| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4941| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4942| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4943| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4944| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4945| [108782] Apache Xerces2 XML Service denial of service
4946| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4947| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4948| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4949| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4950| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4951| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4952| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4953| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4954| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4955| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4956| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4957| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4958| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4959| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4960| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4961| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4962| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4963| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4964| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4965| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4966| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4967| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4968| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4969| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4970| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4971| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4972| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4973| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4974| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4975| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4976| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4977| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4978| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4979| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4980| [107639] Apache NiFi 1.4.0 XML External Entity
4981| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4982| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4983| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4984| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4985| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4986| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4987| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4988| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4989| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4990| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4991| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4992| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4993| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4994| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4995| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4996| [107084] Apache Struts up to 2.3.19 cross site scripting
4997| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4998| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4999| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
5000| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
5001| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
5002| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
5003| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
5004| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
5005| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
5006| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
5007| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
5008| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
5009| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
5010| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
5011| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
5012| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
5013| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
5014| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
5015| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
5016| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
5017| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
5018| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
5019| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
5020| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
5021| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
5022| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
5023| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
5024| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
5025| [105878] Apache Struts up to 2.3.24.0 privilege escalation
5026| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
5027| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
5028| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
5029| [105643] Apache Pony Mail up to 0.8b weak authentication
5030| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
5031| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
5032| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
5033| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
5034| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
5035| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
5036| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
5037| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
5038| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
5039| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
5040| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
5041| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
5042| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
5043| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
5044| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
5045| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
5046| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
5047| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
5048| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
5049| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
5050| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
5051| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
5052| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
5053| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
5054| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
5055| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
5056| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
5057| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
5058| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
5059| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
5060| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
5061| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
5062| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
5063| [103690] Apache OpenMeetings 1.0.0 sql injection
5064| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
5065| [103688] Apache OpenMeetings 1.0.0 weak encryption
5066| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
5067| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
5068| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
5069| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
5070| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
5071| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
5072| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
5073| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
5074| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
5075| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
5076| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
5077| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
5078| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
5079| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
5080| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
5081| [103352] Apache Solr Node weak authentication
5082| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
5083| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
5084| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
5085| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
5086| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
5087| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
5088| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
5089| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
5090| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
5091| [102536] Apache Ranger up to 0.6 Stored cross site scripting
5092| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
5093| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
5094| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
5095| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
5096| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
5097| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
5098| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
5099| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
5100| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
5101| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
5102| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
5103| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
5104| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
5105| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
5106| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
5107| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
5108| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
5109| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
5110| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
5111| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
5112| [99937] Apache Batik up to 1.8 privilege escalation
5113| [99936] Apache FOP up to 2.1 privilege escalation
5114| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
5115| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
5116| [99930] Apache Traffic Server up to 6.2.0 denial of service
5117| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
5118| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
5119| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
5120| [117569] Apache Hadoop up to 2.7.3 privilege escalation
5121| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
5122| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
5123| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
5124| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
5125| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
5126| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
5127| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
5128| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
5129| [99014] Apache Camel Jackson/JacksonXML privilege escalation
5130| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
5131| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
5132| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
5133| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
5134| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
5135| [98605] Apple macOS up to 10.12.3 Apache denial of service
5136| [98604] Apple macOS up to 10.12.3 Apache denial of service
5137| [98603] Apple macOS up to 10.12.3 Apache denial of service
5138| [98602] Apple macOS up to 10.12.3 Apache denial of service
5139| [98601] Apple macOS up to 10.12.3 Apache denial of service
5140| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
5141| [98405] Apache Hadoop up to 0.23.10 privilege escalation
5142| [98199] Apache Camel Validation XML External Entity
5143| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
5144| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
5145| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
5146| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
5147| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
5148| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
5149| [97081] Apache Tomcat HTTPS Request denial of service
5150| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
5151| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
5152| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
5153| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
5154| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
5155| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
5156| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
5157| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
5158| [95311] Apache Storm UI Daemon privilege escalation
5159| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
5160| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
5161| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
5162| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
5163| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
5164| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
5165| [94540] Apache Tika 1.9 tika-server File information disclosure
5166| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
5167| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
5168| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
5169| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
5170| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
5171| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
5172| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
5173| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
5174| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
5175| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
5176| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
5177| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
5178| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
5179| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
5180| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
5181| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
5182| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
5183| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
5184| [93532] Apache Commons Collections Library Java privilege escalation
5185| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
5186| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
5187| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
5188| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
5189| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
5190| [93098] Apache Commons FileUpload privilege escalation
5191| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
5192| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
5193| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
5194| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
5195| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
5196| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
5197| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
5198| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
5199| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
5200| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
5201| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
5202| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
5203| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
5204| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
5205| [92549] Apache Tomcat on Red Hat privilege escalation
5206| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
5207| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
5208| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
5209| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
5210| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
5211| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
5212| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
5213| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
5214| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
5215| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
5216| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
5217| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
5218| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
5219| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
5220| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
5221| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
5222| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
5223| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
5224| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
5225| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
5226| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
5227| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
5228| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
5229| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
5230| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
5231| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
5232| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
5233| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
5234| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
5235| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
5236| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
5237| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
5238| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
5239| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
5240| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
5241| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
5242| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
5243| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
5244| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
5245| [90263] Apache Archiva Header denial of service
5246| [90262] Apache Archiva Deserialize privilege escalation
5247| [90261] Apache Archiva XML DTD Connection privilege escalation
5248| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
5249| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
5250| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
5251| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
5252| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
5253| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
5254| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
5255| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
5256| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
5257| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
5258| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
5259| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
5260| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
5261| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
5262| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
5263| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
5264| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
5265| [87765] Apache James Server 2.3.2 Command privilege escalation
5266| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
5267| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
5268| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
5269| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
5270| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
5271| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
5272| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
5273| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
5274| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
5275| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5276| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5277| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
5278| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
5279| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
5280| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5281| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5282| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
5283| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
5284| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
5285| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
5286| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
5287| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
5288| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
5289| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
5290| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
5291| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
5292| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
5293| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
5294| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
5295| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
5296| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
5297| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
5298| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
5299| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
5300| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
5301| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
5302| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
5303| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
5304| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
5305| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
5306| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
5307| [82076] Apache Ranger up to 0.5.1 privilege escalation
5308| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
5309| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
5310| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
5311| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
5312| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
5313| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
5314| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
5315| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
5316| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
5317| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
5318| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
5319| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
5320| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5321| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5322| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
5323| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
5324| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
5325| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
5326| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
5327| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
5328| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
5329| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
5330| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
5331| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
5332| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
5333| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
5334| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
5335| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
5336| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
5337| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
5338| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
5339| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
5340| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
5341| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
5342| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
5343| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
5344| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
5345| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
5346| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
5347| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
5348| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
5349| [79791] Cisco Products Apache Commons Collections Library privilege escalation
5350| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5351| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5352| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
5353| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
5354| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
5355| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
5356| [78989] Apache Ambari up to 2.1.1 Open Redirect
5357| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
5358| [78987] Apache Ambari up to 2.0.x cross site scripting
5359| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
5360| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5361| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5362| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5363| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5364| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5365| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5366| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5367| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
5368| [77406] Apache Flex BlazeDS AMF Message XML External Entity
5369| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
5370| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
5371| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
5372| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
5373| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
5374| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
5375| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
5376| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
5377| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
5378| [76567] Apache Struts 2.3.20 unknown vulnerability
5379| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
5380| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
5381| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
5382| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
5383| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
5384| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
5385| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
5386| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
5387| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
5388| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
5389| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
5390| [74793] Apache Tomcat File Upload denial of service
5391| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
5392| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
5393| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
5394| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
5395| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
5396| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
5397| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
5398| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
5399| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
5400| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
5401| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
5402| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
5403| [74468] Apache Batik up to 1.6 denial of service
5404| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
5405| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
5406| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
5407| [74174] Apache WSS4J up to 2.0.0 privilege escalation
5408| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
5409| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
5410| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
5411| [73731] Apache XML Security unknown vulnerability
5412| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
5413| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
5414| [73593] Apache Traffic Server up to 5.1.0 denial of service
5415| [73511] Apache POI up to 3.10 Deadlock denial of service
5416| [73510] Apache Solr up to 4.3.0 cross site scripting
5417| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
5418| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
5419| [73173] Apache CloudStack Stack-Based unknown vulnerability
5420| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
5421| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
5422| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
5423| [72890] Apache Qpid 0.30 unknown vulnerability
5424| [72887] Apache Hive 0.13.0 File Permission privilege escalation
5425| [72878] Apache Cordova 3.5.0 cross site request forgery
5426| [72877] Apache Cordova 3.5.0 cross site request forgery
5427| [72876] Apache Cordova 3.5.0 cross site request forgery
5428| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
5429| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
5430| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
5431| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
5432| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5433| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5434| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
5435| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
5436| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
5437| [71629] Apache Axis2/C spoofing
5438| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
5439| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
5440| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
5441| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
5442| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
5443| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
5444| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
5445| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
5446| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
5447| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
5448| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
5449| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
5450| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
5451| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
5452| [70809] Apache POI up to 3.11 Crash denial of service
5453| [70808] Apache POI up to 3.10 unknown vulnerability
5454| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
5455| [70749] Apache Axis up to 1.4 getCN spoofing
5456| [70701] Apache Traffic Server up to 3.3.5 denial of service
5457| [70700] Apache OFBiz up to 12.04.03 cross site scripting
5458| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
5459| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
5460| [70661] Apache Subversion up to 1.6.17 denial of service
5461| [70660] Apache Subversion up to 1.6.17 spoofing
5462| [70659] Apache Subversion up to 1.6.17 spoofing
5463| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
5464| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
5465| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
5466| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
5467| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
5468| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
5469| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
5470| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
5471| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
5472| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
5473| [69846] Apache HBase up to 0.94.8 information disclosure
5474| [69783] Apache CouchDB up to 1.2.0 memory corruption
5475| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
5476| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
5477| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
5478| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
5479| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
5480| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
5481| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
5482| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
5483| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
5484| [69431] Apache Archiva up to 1.3.6 cross site scripting
5485| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
5486| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
5487| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
5488| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
5489| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
5490| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
5491| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
5492| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
5493| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
5494| [66739] Apache Camel up to 2.12.2 unknown vulnerability
5495| [66738] Apache Camel up to 2.12.2 unknown vulnerability
5496| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
5497| [66695] Apache CouchDB up to 1.2.0 cross site scripting
5498| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
5499| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
5500| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
5501| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
5502| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
5503| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
5504| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
5505| [66356] Apache Wicket up to 6.8.0 information disclosure
5506| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
5507| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
5508| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5509| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
5510| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
5511| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5512| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5513| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
5514| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
5515| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
5516| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
5517| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
5518| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
5519| [65668] Apache Solr 4.0.0 Updater denial of service
5520| [65665] Apache Solr up to 4.3.0 denial of service
5521| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
5522| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
5523| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
5524| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
5525| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
5526| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
5527| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
5528| [65410] Apache Struts 2.3.15.3 cross site scripting
5529| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
5530| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
5531| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
5532| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
5533| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
5534| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
5535| [65340] Apache Shindig 2.5.0 information disclosure
5536| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
5537| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
5538| [10826] Apache Struts 2 File privilege escalation
5539| [65204] Apache Camel up to 2.10.1 unknown vulnerability
5540| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
5541| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
5542| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
5543| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
5544| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
5545| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
5546| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
5547| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
5548| [64722] Apache XML Security for C++ Heap-based memory corruption
5549| [64719] Apache XML Security for C++ Heap-based memory corruption
5550| [64718] Apache XML Security for C++ verify denial of service
5551| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
5552| [64716] Apache XML Security for C++ spoofing
5553| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
5554| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
5555| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
5556| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
5557| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
5558| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
5559| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
5560| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
5561| [64485] Apache Struts up to 2.2.3.0 privilege escalation
5562| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
5563| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
5564| [64467] Apache Geronimo 3.0 memory corruption
5565| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
5566| [64457] Apache Struts up to 2.2.3.0 cross site scripting
5567| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
5568| [9184] Apache Qpid up to 0.20 SSL misconfiguration
5569| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
5570| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
5571| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
5572| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
5573| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
5574| [8873] Apache Struts 2.3.14 privilege escalation
5575| [8872] Apache Struts 2.3.14 privilege escalation
5576| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
5577| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
5578| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
5579| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
5580| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
5581| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5582| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5583| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
5584| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
5585| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
5586| [64006] Apache ActiveMQ up to 5.7.0 denial of service
5587| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
5588| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
5589| [8427] Apache Tomcat Session Transaction weak authentication
5590| [63960] Apache Maven 3.0.4 Default Configuration spoofing
5591| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
5592| [63750] Apache qpid up to 0.20 checkAvailable denial of service
5593| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
5594| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
5595| [63747] Apache Rave up to 0.20 User Account information disclosure
5596| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
5597| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
5598| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
5599| [7687] Apache CXF up to 2.7.2 Token weak authentication
5600| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5601| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5602| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
5603| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
5604| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
5605| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
5606| [63090] Apache Tomcat up to 4.1.24 denial of service
5607| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
5608| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
5609| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
5610| [62833] Apache CXF -/2.6.0 spoofing
5611| [62832] Apache Axis2 up to 1.6.2 spoofing
5612| [62831] Apache Axis up to 1.4 Java Message Service spoofing
5613| [62830] Apache Commons-httpclient 3.0 Payments spoofing
5614| [62826] Apache Libcloud up to 0.11.0 spoofing
5615| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
5616| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
5617| [62661] Apache Axis2 unknown vulnerability
5618| [62658] Apache Axis2 unknown vulnerability
5619| [62467] Apache Qpid up to 0.17 denial of service
5620| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
5621| [6301] Apache HTTP Server mod_pagespeed cross site scripting
5622| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
5623| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
5624| [62035] Apache Struts up to 2.3.4 denial of service
5625| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
5626| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
5627| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
5628| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
5629| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
5630| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
5631| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
5632| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
5633| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
5634| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
5635| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
5636| [61229] Apache Sling up to 2.1.1 denial of service
5637| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
5638| [61094] Apache Roller up to 5.0 cross site scripting
5639| [61093] Apache Roller up to 5.0 cross site request forgery
5640| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
5641| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
5642| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
5643| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
5644| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
5645| [60708] Apache Qpid 0.12 unknown vulnerability
5646| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
5647| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
5648| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
5649| [4882] Apache Wicket up to 1.5.4 directory traversal
5650| [4881] Apache Wicket up to 1.4.19 cross site scripting
5651| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
5652| [60352] Apache Struts up to 2.2.3 memory corruption
5653| [60153] Apache Portable Runtime up to 1.4.3 denial of service
5654| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
5655| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
5656| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
5657| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
5658| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
5659| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
5660| [4571] Apache Struts up to 2.3.1.2 privilege escalation
5661| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
5662| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
5663| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
5664| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
5665| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
5666| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
5667| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5668| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
5669| [59888] Apache Tomcat up to 6.0.6 denial of service
5670| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
5671| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
5672| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
5673| [59850] Apache Geronimo up to 2.2.1 denial of service
5674| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
5675| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
5676| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
5677| [58413] Apache Tomcat up to 6.0.10 spoofing
5678| [58381] Apache Wicket up to 1.4.17 cross site scripting
5679| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
5680| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
5681| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
5682| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
5683| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5684| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
5685| [57568] Apache Archiva up to 1.3.4 cross site scripting
5686| [57567] Apache Archiva up to 1.3.4 cross site request forgery
5687| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
5688| [4355] Apache HTTP Server APR apr_fnmatch denial of service
5689| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
5690| [57425] Apache Struts up to 2.2.1.1 cross site scripting
5691| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
5692| [57025] Apache Tomcat up to 7.0.11 information disclosure
5693| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
5694| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
5695| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5696| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
5697| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
5698| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
5699| [56512] Apache Continuum up to 1.4.0 cross site scripting
5700| [4285] Apache Tomcat 5.x JVM getLocale denial of service
5701| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
5702| [4283] Apache Tomcat 5.x ServletContect privilege escalation
5703| [56441] Apache Tomcat up to 7.0.6 denial of service
5704| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
5705| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
5706| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
5707| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
5708| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
5709| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
5710| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
5711| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
5712| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
5713| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
5714| [54693] Apache Traffic Server DNS Cache unknown vulnerability
5715| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
5716| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
5717| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5718| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5719| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5720| [54012] Apache Tomcat up to 6.0.10 denial of service
5721| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5722| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5723| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5724| [52894] Apache Tomcat up to 6.0.7 information disclosure
5725| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5726| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5727| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5728| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5729| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5730| [52584] Apache CouchDB up to 0.10.1 information disclosure
5731| [51757] Apache HTTP Server 2.0.44 cross site scripting
5732| [51756] Apache HTTP Server 2.0.44 spoofing
5733| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5734| [51690] Apache Tomcat up to 6.0 directory traversal
5735| [51689] Apache Tomcat up to 6.0 information disclosure
5736| [51688] Apache Tomcat up to 6.0 directory traversal
5737| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5738| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5739| [50626] Apache Solr 1.0.0 cross site scripting
5740| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5741| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5742| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5743| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5744| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5745| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5746| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5747| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5748| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5749| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5750| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5751| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5752| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5753| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
5754| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5755| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5756| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5757| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
5758| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
5759| [47214] Apachefriends xampp 1.6.8 spoofing
5760| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
5761| [47162] Apachefriends XAMPP 1.4.4 weak authentication
5762| [47065] Apache Tomcat 4.1.23 cross site scripting
5763| [46834] Apache Tomcat up to 5.5.20 cross site scripting
5764| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
5765| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
5766| [86625] Apache Struts directory traversal
5767| [44461] Apache Tomcat up to 5.5.0 information disclosure
5768| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
5769| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
5770| [43663] Apache Tomcat up to 6.0.16 directory traversal
5771| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
5772| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
5773| [43516] Apache Tomcat up to 4.1.20 directory traversal
5774| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5775| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5776| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5777| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5778| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5779| [40924] Apache Tomcat up to 6.0.15 information disclosure
5780| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5781| [40922] Apache Tomcat up to 6.0 information disclosure
5782| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5783| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5784| [40656] Apache Tomcat 5.5.20 information disclosure
5785| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5786| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5787| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5788| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5789| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5790| [40234] Apache Tomcat up to 6.0.15 directory traversal
5791| [40221] Apache HTTP Server 2.2.6 information disclosure
5792| [40027] David Castro Apache Authcas 0.4 sql injection
5793| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
5794| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5795| [3414] Apache Tomcat WebDAV Stored privilege escalation
5796| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5797| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5798| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5799| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5800| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5801| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5802| [38524] Apache Geronimo 2.0 unknown vulnerability
5803| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5804| [38331] Apache Tomcat 4.1.24 information disclosure
5805| [38330] Apache Tomcat 4.1.24 information disclosure
5806| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5807| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5808| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5809| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5810| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5811| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5812| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5813| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5814| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5815| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5816| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5817| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5818| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5819| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5820| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5821| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5822| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5823| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5824| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5825| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5826| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5827| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5828| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5829| [34252] Apache HTTP Server denial of service
5830| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5831| [33877] Apache Opentaps 0.9.3 cross site scripting
5832| [33876] Apache Open For Business Project unknown vulnerability
5833| [33875] Apache Open For Business Project cross site scripting
5834| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
5835| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5836|
5837| MITRE CVE - https://cve.mitre.org:
5838| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5839| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5840| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5841| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5842| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5843| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5844| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5845| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5846| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5847| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5848| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5849| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5850| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5851| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5852| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5853| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5854| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5855| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5856| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5857| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5858| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5859| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5860| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5861| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5862| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5863| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5864| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5865| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5866| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5867| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5868| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5869| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5870| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5871| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5872| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5873| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5874| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5875| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5876| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5877| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5878| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5879| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5880| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5881| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5882| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5883| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5884| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5885| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5886| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5887| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5888| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5889| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5890| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5891| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5892| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5893| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5894| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5895| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5896| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5897| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5898| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5899| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5900| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5901| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5902| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5903| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5904| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5905| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5906| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5907| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5908| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5909| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5910| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5911| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5912| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5913| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5914| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5915| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5916| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5917| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5918| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5919| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5920| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5921| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5922| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5923| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5924| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5925| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5926| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5927| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5928| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5929| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5930| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5931| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5932| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5933| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5934| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5935| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5936| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5937| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5938| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5939| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5940| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5941| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5942| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5943| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5944| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5945| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5946| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5947| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5948| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5949| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5950| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5951| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5952| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5953| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5954| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5955| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5956| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5957| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5958| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5959| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5960| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5961| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5962| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5963| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5964| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5965| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5966| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5967| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5968| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5969| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5970| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5971| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5972| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5973| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5974| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5975| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5976| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5977| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5978| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5979| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5980| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5981| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5982| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5983| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5984| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5985| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5986| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5987| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5988| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5989| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5990| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5991| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5992| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5993| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5994| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5995| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5996| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5997| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5998| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5999| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
6000| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
6001| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6002| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
6003| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
6004| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
6005| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
6006| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
6007| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
6008| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
6009| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
6010| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
6011| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
6012| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
6013| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
6014| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
6015| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
6016| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
6017| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6018| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
6019| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
6020| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
6021| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
6022| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
6023| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
6024| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
6025| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
6026| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
6027| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
6028| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
6029| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
6030| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
6031| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
6032| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
6033| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
6034| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
6035| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
6036| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
6037| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
6038| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
6039| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
6040| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
6041| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
6042| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
6043| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
6044| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
6045| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
6046| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
6047| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
6048| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
6049| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
6050| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
6051| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
6052| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
6053| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
6054| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
6055| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
6056| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
6057| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
6058| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6059| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
6060| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
6061| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
6062| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
6063| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
6064| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
6065| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
6066| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
6067| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
6068| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
6069| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
6070| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
6071| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
6072| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
6073| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
6074| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
6075| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
6076| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
6077| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
6078| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
6079| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
6080| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
6081| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
6082| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
6083| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
6084| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
6085| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
6086| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
6087| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
6088| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
6089| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
6090| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
6091| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
6092| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
6093| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
6094| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
6095| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
6096| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
6097| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
6098| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
6099| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
6100| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
6101| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
6102| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
6103| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
6104| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
6105| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
6106| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
6107| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6108| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
6109| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
6110| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
6111| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
6112| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
6113| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
6114| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
6115| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
6116| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
6117| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
6118| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
6119| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
6120| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
6121| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
6122| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
6123| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
6124| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
6125| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
6126| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
6127| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
6128| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
6129| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
6130| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
6131| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
6132| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
6133| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
6134| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
6135| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
6136| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
6137| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
6138| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
6139| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
6140| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
6141| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
6142| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
6143| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6144| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
6145| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
6146| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
6147| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
6148| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
6149| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
6150| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
6151| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
6152| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
6153| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
6154| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
6155| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
6156| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
6157| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6158| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
6159| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
6160| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
6161| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
6162| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
6163| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
6164| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
6165| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
6166| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
6167| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
6168| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
6169| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
6170| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
6171| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
6172| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
6173| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
6174| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
6175| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
6176| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
6177| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
6178| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
6179| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
6180| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
6181| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
6182| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
6183| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
6184| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
6185| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
6186| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
6187| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
6188| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
6189| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
6190| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6191| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
6192| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
6193| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
6194| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
6195| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
6196| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
6197| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
6198| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
6199| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
6200| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
6201| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
6202| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
6203| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
6204| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6205| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
6206| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
6207| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
6208| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
6209| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
6210| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
6211| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
6212| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
6213| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6214| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
6215| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
6216| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
6217| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
6218| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
6219| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6220| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
6221| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6222| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
6223| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
6224| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6225| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
6226| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
6227| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
6228| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
6229| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
6230| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
6231| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
6232| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
6233| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6234| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
6235| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
6236| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
6237| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
6238| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
6239| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
6240| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
6241| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
6242| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
6243| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
6244| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
6245| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
6246| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
6247| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
6248| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
6249| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
6250| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
6251| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
6252| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
6253| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
6254| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
6255| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
6256| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
6257| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
6258| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
6259| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
6260| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
6261| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
6262| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
6263| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
6264| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
6265| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
6266| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
6267| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
6268| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
6269| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
6270| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
6271| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
6272| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
6273| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
6274| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
6275| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
6276| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
6277| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
6278| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
6279| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
6280| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
6281| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
6282| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6283| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
6284| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
6285| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
6286| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
6287| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
6288| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
6289| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
6290| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
6291| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
6292| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
6293| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
6294| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
6295| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
6296| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
6297| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
6298| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
6299| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
6300| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
6301| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
6302| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
6303| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
6304| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
6305| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
6306| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
6307| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
6308| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
6309| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
6310| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
6311| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
6312| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
6313| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
6314| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
6315| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
6316| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
6317| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
6318| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
6319| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
6320| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
6321| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
6322| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
6323| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
6324| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
6325| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6326| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6327| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
6328| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
6329| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
6330| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
6331| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
6332| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
6333| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
6334| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
6335| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
6336| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
6337| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
6338| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
6339| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
6340| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
6341| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
6342| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
6343| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
6344| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
6345| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
6346| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
6347| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
6348| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
6349| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
6350| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
6351| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
6352| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
6353| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
6354| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
6355| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
6356| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
6357| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
6358| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
6359| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
6360| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
6361| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
6362| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
6363| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
6364| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
6365| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
6366| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
6367| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
6368| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
6369| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
6370| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
6371| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
6372| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6373| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
6374| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
6375| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
6376| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
6377| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
6378| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
6379| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
6380| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
6381| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
6382| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
6383| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
6384| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
6385| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
6386| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
6387| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
6388| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
6389| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
6390| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
6391| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
6392| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
6393| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
6394| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
6395| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
6396| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
6397| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
6398| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
6399| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
6400| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
6401| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
6402| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
6403| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
6404| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
6405| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
6406| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
6407| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
6408| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
6409| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
6410| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
6411| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
6412| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
6413| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
6414| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
6415| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
6416| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
6417| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
6418| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
6419| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
6420| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
6421| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
6422| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
6423| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
6424| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
6425| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
6426| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
6427| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
6428| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
6429| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
6430| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
6431| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
6432| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
6433| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
6434| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
6435| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
6436| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
6437| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
6438| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
6439| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
6440| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
6441| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
6442| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
6443| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
6444| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
6445| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
6446| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
6447|
6448| SecurityFocus - https://www.securityfocus.com/bid/:
6449| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
6450| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
6451| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
6452| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
6453| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
6454| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
6455| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
6456| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
6457| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
6458| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
6459| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
6460| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
6461| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
6462| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
6463| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
6464| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
6465| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
6466| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
6467| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
6468| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
6469| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
6470| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
6471| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
6472| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
6473| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
6474| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
6475| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
6476| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
6477| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
6478| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
6479| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
6480| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
6481| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
6482| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
6483| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
6484| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
6485| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
6486| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
6487| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
6488| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
6489| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
6490| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
6491| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
6492| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
6493| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
6494| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
6495| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
6496| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
6497| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
6498| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
6499| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
6500| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
6501| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
6502| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
6503| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
6504| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
6505| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
6506| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
6507| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
6508| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
6509| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
6510| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
6511| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
6512| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
6513| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
6514| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
6515| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
6516| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
6517| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
6518| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
6519| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
6520| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
6521| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
6522| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
6523| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
6524| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
6525| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
6526| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
6527| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
6528| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
6529| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
6530| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
6531| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
6532| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
6533| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
6534| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
6535| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
6536| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
6537| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
6538| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
6539| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
6540| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
6541| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
6542| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
6543| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
6544| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
6545| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
6546| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
6547| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
6548| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
6549| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
6550| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
6551| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
6552| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
6553| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
6554| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
6555| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
6556| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
6557| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
6558| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
6559| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
6560| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
6561| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
6562| [100447] Apache2Triad Multiple Security Vulnerabilities
6563| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
6564| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
6565| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
6566| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
6567| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
6568| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
6569| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
6570| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
6571| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
6572| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
6573| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
6574| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
6575| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
6576| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
6577| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
6578| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
6579| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
6580| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
6581| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
6582| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
6583| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
6584| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
6585| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
6586| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
6587| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
6588| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
6589| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
6590| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
6591| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
6592| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
6593| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
6594| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
6595| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
6596| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
6597| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
6598| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
6599| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
6600| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
6601| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
6602| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
6603| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
6604| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
6605| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
6606| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
6607| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
6608| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
6609| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
6610| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
6611| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
6612| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
6613| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
6614| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
6615| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
6616| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
6617| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
6618| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
6619| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
6620| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
6621| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
6622| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
6623| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
6624| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
6625| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
6626| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
6627| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
6628| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
6629| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
6630| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
6631| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
6632| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
6633| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
6634| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
6635| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
6636| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
6637| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
6638| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
6639| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
6640| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
6641| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
6642| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
6643| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
6644| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
6645| [95675] Apache Struts Remote Code Execution Vulnerability
6646| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
6647| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
6648| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
6649| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
6650| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
6651| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
6652| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
6653| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
6654| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
6655| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
6656| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
6657| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
6658| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
6659| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
6660| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
6661| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
6662| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
6663| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
6664| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
6665| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
6666| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
6667| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
6668| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
6669| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
6670| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
6671| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
6672| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
6673| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
6674| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
6675| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
6676| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
6677| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
6678| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
6679| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
6680| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
6681| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
6682| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
6683| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
6684| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
6685| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
6686| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
6687| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
6688| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
6689| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
6690| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
6691| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
6692| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
6693| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
6694| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
6695| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
6696| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
6697| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
6698| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
6699| [91736] Apache XML-RPC Multiple Security Vulnerabilities
6700| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
6701| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
6702| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
6703| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
6704| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
6705| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
6706| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
6707| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
6708| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
6709| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
6710| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
6711| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
6712| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
6713| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
6714| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
6715| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
6716| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
6717| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6718| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6719| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6720| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6721| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6722| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6723| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6724| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6725| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6726| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6727| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6728| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6729| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6730| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6731| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6732| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6733| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6734| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6735| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6736| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6737| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6738| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6739| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6740| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6741| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6742| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6743| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6744| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6745| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6746| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6747| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6748| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6749| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6750| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6751| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6752| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6753| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6754| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6755| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6756| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6757| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
6758| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
6759| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
6760| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
6761| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
6762| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
6763| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
6764| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
6765| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
6766| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
6767| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
6768| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
6769| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
6770| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
6771| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
6772| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
6773| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6774| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6775| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6776| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6777| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6778| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6779| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6780| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6781| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6782| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6783| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6784| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6785| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6786| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6787| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6788| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6789| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6790| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6791| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6792| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6793| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6794| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6795| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6796| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6797| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6798| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6799| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6800| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6801| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6802| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6803| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6804| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6805| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6806| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6807| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6808| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6809| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6810| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6811| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6812| [76933] Apache James Server Unspecified Command Execution Vulnerability
6813| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6814| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6815| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6816| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6817| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6818| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6819| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6820| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6821| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6822| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6823| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6824| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6825| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6826| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6827| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6828| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6829| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6830| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6831| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6832| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6833| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6834| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6835| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6836| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6837| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6838| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6839| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6840| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6841| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6842| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6843| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6844| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6845| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6846| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6847| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6848| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6849| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6850| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6851| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6852| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6853| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6854| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6855| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6856| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6857| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6858| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6859| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6860| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6861| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6862| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6863| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6864| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6865| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6866| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6867| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6868| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6869| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6870| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6871| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6872| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6873| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6874| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6875| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6876| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6877| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6878| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6879| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6880| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6881| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6882| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6883| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6884| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6885| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6886| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6887| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6888| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6889| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6890| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6891| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6892| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6893| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6894| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6895| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6896| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6897| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6898| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6899| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6900| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6901| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6902| [68229] Apache Harmony PRNG Entropy Weakness
6903| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6904| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6905| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6906| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6907| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6908| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6909| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6910| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6911| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6912| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6913| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6914| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6915| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6916| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6917| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6918| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6919| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6920| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6921| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6922| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6923| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6924| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6925| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6926| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6927| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6928| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6929| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6930| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6931| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6932| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6933| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6934| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6935| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6936| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6937| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6938| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6939| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6940| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6941| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6942| [64780] Apache CloudStack Unauthorized Access Vulnerability
6943| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6944| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6945| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6946| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6947| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6948| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6949| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6950| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6951| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6952| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6953| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6954| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6955| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6956| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6957| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6958| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6959| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6960| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6961| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6962| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6963| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6964| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6965| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6966| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6967| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6968| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6969| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6970| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6971| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6972| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6973| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6974| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6975| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6976| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6977| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6978| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6979| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6980| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6981| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6982| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6983| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6984| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6985| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6986| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6987| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6988| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6989| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6990| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6991| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6992| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6993| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6994| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6995| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6996| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6997| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6998| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6999| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
7000| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
7001| [59670] Apache VCL Multiple Input Validation Vulnerabilities
7002| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
7003| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
7004| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
7005| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
7006| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
7007| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
7008| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
7009| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
7010| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
7011| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
7012| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
7013| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
7014| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
7015| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
7016| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
7017| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
7018| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
7019| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
7020| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
7021| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
7022| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
7023| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
7024| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
7025| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
7026| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
7027| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
7028| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
7029| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
7030| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
7031| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
7032| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
7033| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
7034| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
7035| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
7036| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
7037| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
7038| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
7039| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
7040| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
7041| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
7042| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
7043| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
7044| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
7045| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
7046| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
7047| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
7048| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
7049| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
7050| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
7051| [54798] Apache Libcloud Man In The Middle Vulnerability
7052| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
7053| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
7054| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
7055| [54189] Apache Roller Cross Site Request Forgery Vulnerability
7056| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
7057| [53880] Apache CXF Child Policies Security Bypass Vulnerability
7058| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
7059| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
7060| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
7061| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
7062| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
7063| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
7064| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
7065| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7066| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
7067| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
7068| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
7069| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
7070| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
7071| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
7072| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
7073| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
7074| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
7075| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
7076| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
7077| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
7078| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
7079| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7080| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
7081| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
7082| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
7083| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
7084| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
7085| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
7086| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
7087| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7088| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
7089| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
7090| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
7091| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
7092| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
7093| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7094| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
7095| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
7096| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7097| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
7098| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
7099| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
7100| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
7101| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
7102| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
7103| [49290] Apache Wicket Cross Site Scripting Vulnerability
7104| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
7105| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
7106| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
7107| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
7108| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
7109| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
7110| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
7111| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
7112| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
7113| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
7114| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
7115| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
7116| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
7117| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
7118| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
7119| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
7120| [46953] Apache MPM-ITK Module Security Weakness
7121| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
7122| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
7123| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
7124| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
7125| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
7126| [46166] Apache Tomcat JVM Denial of Service Vulnerability
7127| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
7128| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7129| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
7130| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
7131| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
7132| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
7133| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
7134| [44616] Apache Shiro Directory Traversal Vulnerability
7135| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
7136| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
7137| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
7138| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
7139| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
7140| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7141| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
7142| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
7143| [42492] Apache CXF XML DTD Processing Security Vulnerability
7144| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
7145| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7146| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7147| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
7148| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
7149| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7150| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
7151| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
7152| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
7153| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7154| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7155| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
7156| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
7157| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
7158| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
7159| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
7160| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
7161| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
7162| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
7163| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
7164| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
7165| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
7166| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
7167| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
7168| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
7169| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
7170| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
7171| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
7172| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
7173| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
7174| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7175| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
7176| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
7177| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
7178| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
7179| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
7180| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
7181| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
7182| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
7183| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
7184| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
7185| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7186| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
7187| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
7188| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
7189| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
7190| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
7191| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
7192| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
7193| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7194| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
7195| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
7196| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7197| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
7198| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
7199| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
7200| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
7201| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
7202| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
7203| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
7204| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
7205| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
7206| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
7207| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
7208| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
7209| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
7210| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
7211| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
7212| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
7213| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
7214| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7215| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
7216| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7217| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
7218| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
7219| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
7220| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
7221| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
7222| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7223| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
7224| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
7225| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
7226| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
7227| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
7228| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
7229| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
7230| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
7231| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
7232| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
7233| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
7234| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
7235| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
7236| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
7237| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
7238| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
7239| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
7240| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
7241| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
7242| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
7243| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
7244| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
7245| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
7246| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7247| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
7248| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
7249| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
7250| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
7251| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
7252| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
7253| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
7254| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
7255| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
7256| [20527] Apache Mod_TCL Remote Format String Vulnerability
7257| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
7258| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
7259| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
7260| [19106] Apache Tomcat Information Disclosure Vulnerability
7261| [18138] Apache James SMTP Denial Of Service Vulnerability
7262| [17342] Apache Struts Multiple Remote Vulnerabilities
7263| [17095] Apache Log4Net Denial Of Service Vulnerability
7264| [16916] Apache mod_python FileSession Code Execution Vulnerability
7265| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
7266| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
7267| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
7268| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
7269| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
7270| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
7271| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
7272| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
7273| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
7274| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
7275| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
7276| [15177] PHP Apache 2 Local Denial of Service Vulnerability
7277| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
7278| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
7279| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
7280| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
7281| [14106] Apache HTTP Request Smuggling Vulnerability
7282| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
7283| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
7284| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
7285| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
7286| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
7287| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
7288| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
7289| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
7290| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
7291| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
7292| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
7293| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
7294| [11471] Apache mod_include Local Buffer Overflow Vulnerability
7295| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
7296| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
7297| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
7298| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
7299| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7300| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
7301| [11094] Apache mod_ssl Denial Of Service Vulnerability
7302| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
7303| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
7304| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
7305| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
7306| [10478] ClueCentral Apache Suexec Patch Security Weakness
7307| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
7308| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
7309| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
7310| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
7311| [9921] Apache Connection Blocking Denial Of Service Vulnerability
7312| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
7313| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
7314| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
7315| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
7316| [9733] Apache Cygwin Directory Traversal Vulnerability
7317| [9599] Apache mod_php Global Variables Information Disclosure Weakness
7318| [9590] Apache-SSL Client Certificate Forging Vulnerability
7319| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
7320| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
7321| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
7322| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
7323| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
7324| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
7325| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
7326| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
7327| [8898] Red Hat Apache Directory Index Default Configuration Error
7328| [8883] Apache Cocoon Directory Traversal Vulnerability
7329| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
7330| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
7331| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
7332| [8707] Apache htpasswd Password Entropy Weakness
7333| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
7334| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
7335| [8226] Apache HTTP Server Multiple Vulnerabilities
7336| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
7337| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
7338| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
7339| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
7340| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
7341| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
7342| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
7343| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
7344| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
7345| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
7346| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
7347| [7255] Apache Web Server File Descriptor Leakage Vulnerability
7348| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7349| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
7350| [6939] Apache Web Server ETag Header Information Disclosure Weakness
7351| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
7352| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
7353| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
7354| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
7355| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
7356| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
7357| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
7358| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
7359| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
7360| [6117] Apache mod_php File Descriptor Leakage Vulnerability
7361| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
7362| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
7363| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
7364| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
7365| [5992] Apache HTDigest Insecure Temporary File Vulnerability
7366| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
7367| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
7368| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
7369| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
7370| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
7371| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7372| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
7373| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
7374| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
7375| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
7376| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7377| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
7378| [5485] Apache 2.0 Path Disclosure Vulnerability
7379| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7380| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
7381| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
7382| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
7383| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
7384| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
7385| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
7386| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
7387| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
7388| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
7389| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
7390| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
7391| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
7392| [4437] Apache Error Message Cross-Site Scripting Vulnerability
7393| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
7394| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
7395| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
7396| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
7397| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
7398| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
7399| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
7400| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
7401| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
7402| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
7403| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
7404| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
7405| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
7406| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
7407| [3596] Apache Split-Logfile File Append Vulnerability
7408| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
7409| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
7410| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
7411| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
7412| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
7413| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
7414| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
7415| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
7416| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
7417| [3169] Apache Server Address Disclosure Vulnerability
7418| [3009] Apache Possible Directory Index Disclosure Vulnerability
7419| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
7420| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
7421| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
7422| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
7423| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
7424| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
7425| [2216] Apache Web Server DoS Vulnerability
7426| [2182] Apache /tmp File Race Vulnerability
7427| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
7428| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
7429| [1821] Apache mod_cookies Buffer Overflow Vulnerability
7430| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
7431| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
7432| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
7433| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
7434| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
7435| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
7436| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
7437| [1457] Apache::ASP source.asp Example Script Vulnerability
7438| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
7439| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
7440|
7441| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7442| [86258] Apache CloudStack text fields cross-site scripting
7443| [85983] Apache Subversion mod_dav_svn module denial of service
7444| [85875] Apache OFBiz UEL code execution
7445| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
7446| [85871] Apache HTTP Server mod_session_dbd unspecified
7447| [85756] Apache Struts OGNL expression command execution
7448| [85755] Apache Struts DefaultActionMapper class open redirect
7449| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
7450| [85574] Apache HTTP Server mod_dav denial of service
7451| [85573] Apache Struts Showcase App OGNL code execution
7452| [85496] Apache CXF denial of service
7453| [85423] Apache Geronimo RMI classloader code execution
7454| [85326] Apache Santuario XML Security for C++ buffer overflow
7455| [85323] Apache Santuario XML Security for Java spoofing
7456| [85319] Apache Qpid Python client SSL spoofing
7457| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
7458| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
7459| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
7460| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
7461| [84952] Apache Tomcat CVE-2012-3544 denial of service
7462| [84763] Apache Struts CVE-2013-2135 security bypass
7463| [84762] Apache Struts CVE-2013-2134 security bypass
7464| [84719] Apache Subversion CVE-2013-2088 command execution
7465| [84718] Apache Subversion CVE-2013-2112 denial of service
7466| [84717] Apache Subversion CVE-2013-1968 denial of service
7467| [84577] Apache Tomcat security bypass
7468| [84576] Apache Tomcat symlink
7469| [84543] Apache Struts CVE-2013-2115 security bypass
7470| [84542] Apache Struts CVE-2013-1966 security bypass
7471| [84154] Apache Tomcat session hijacking
7472| [84144] Apache Tomcat denial of service
7473| [84143] Apache Tomcat information disclosure
7474| [84111] Apache HTTP Server command execution
7475| [84043] Apache Virtual Computing Lab cross-site scripting
7476| [84042] Apache Virtual Computing Lab cross-site scripting
7477| [83782] Apache CloudStack information disclosure
7478| [83781] Apache CloudStack security bypass
7479| [83720] Apache ActiveMQ cross-site scripting
7480| [83719] Apache ActiveMQ denial of service
7481| [83718] Apache ActiveMQ denial of service
7482| [83263] Apache Subversion denial of service
7483| [83262] Apache Subversion denial of service
7484| [83261] Apache Subversion denial of service
7485| [83259] Apache Subversion denial of service
7486| [83035] Apache mod_ruid2 security bypass
7487| [82852] Apache Qpid federation_tag security bypass
7488| [82851] Apache Qpid qpid::framing::Buffer denial of service
7489| [82758] Apache Rave User RPC API information disclosure
7490| [82663] Apache Subversion svn_fs_file_length() denial of service
7491| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
7492| [82641] Apache Qpid AMQP denial of service
7493| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
7494| [82618] Apache Commons FileUpload symlink
7495| [82360] Apache HTTP Server manager interface cross-site scripting
7496| [82359] Apache HTTP Server hostnames cross-site scripting
7497| [82338] Apache Tomcat log/logdir information disclosure
7498| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
7499| [82268] Apache OpenJPA deserialization command execution
7500| [81981] Apache CXF UsernameTokens security bypass
7501| [81980] Apache CXF WS-Security security bypass
7502| [81398] Apache OFBiz cross-site scripting
7503| [81240] Apache CouchDB directory traversal
7504| [81226] Apache CouchDB JSONP code execution
7505| [81225] Apache CouchDB Futon user interface cross-site scripting
7506| [81211] Apache Axis2/C SSL spoofing
7507| [81167] Apache CloudStack DeployVM information disclosure
7508| [81166] Apache CloudStack AddHost API information disclosure
7509| [81165] Apache CloudStack createSSHKeyPair API information disclosure
7510| [80518] Apache Tomcat cross-site request forgery security bypass
7511| [80517] Apache Tomcat FormAuthenticator security bypass
7512| [80516] Apache Tomcat NIO denial of service
7513| [80408] Apache Tomcat replay-countermeasure security bypass
7514| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
7515| [80317] Apache Tomcat slowloris denial of service
7516| [79984] Apache Commons HttpClient SSL spoofing
7517| [79983] Apache CXF SSL spoofing
7518| [79830] Apache Axis2/Java SSL spoofing
7519| [79829] Apache Axis SSL spoofing
7520| [79809] Apache Tomcat DIGEST security bypass
7521| [79806] Apache Tomcat parseHeaders() denial of service
7522| [79540] Apache OFBiz unspecified
7523| [79487] Apache Axis2 SAML security bypass
7524| [79212] Apache Cloudstack code execution
7525| [78734] Apache CXF SOAP Action security bypass
7526| [78730] Apache Qpid broker denial of service
7527| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
7528| [78563] Apache mod_pagespeed module unspecified cross-site scripting
7529| [78562] Apache mod_pagespeed module security bypass
7530| [78454] Apache Axis2 security bypass
7531| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
7532| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
7533| [78321] Apache Wicket unspecified cross-site scripting
7534| [78183] Apache Struts parameters denial of service
7535| [78182] Apache Struts cross-site request forgery
7536| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
7537| [77987] mod_rpaf module for Apache denial of service
7538| [77958] Apache Struts skill name code execution
7539| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
7540| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
7541| [77568] Apache Qpid broker security bypass
7542| [77421] Apache Libcloud spoofing
7543| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
7544| [77046] Oracle Solaris Apache HTTP Server information disclosure
7545| [76837] Apache Hadoop information disclosure
7546| [76802] Apache Sling CopyFrom denial of service
7547| [76692] Apache Hadoop symlink
7548| [76535] Apache Roller console cross-site request forgery
7549| [76534] Apache Roller weblog cross-site scripting
7550| [76152] Apache CXF elements security bypass
7551| [76151] Apache CXF child policies security bypass
7552| [75983] MapServer for Windows Apache file include
7553| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
7554| [75558] Apache POI denial of service
7555| [75545] PHP apache_request_headers() buffer overflow
7556| [75302] Apache Qpid SASL security bypass
7557| [75211] Debian GNU/Linux apache 2 cross-site scripting
7558| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
7559| [74871] Apache OFBiz FlexibleStringExpander code execution
7560| [74870] Apache OFBiz multiple cross-site scripting
7561| [74750] Apache Hadoop unspecified spoofing
7562| [74319] Apache Struts XSLTResult.java file upload
7563| [74313] Apache Traffic Server header buffer overflow
7564| [74276] Apache Wicket directory traversal
7565| [74273] Apache Wicket unspecified cross-site scripting
7566| [74181] Apache HTTP Server mod_fcgid module denial of service
7567| [73690] Apache Struts OGNL code execution
7568| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
7569| [73100] Apache MyFaces in directory traversal
7570| [73096] Apache APR hash denial of service
7571| [73052] Apache Struts name cross-site scripting
7572| [73030] Apache CXF UsernameToken security bypass
7573| [72888] Apache Struts lastName cross-site scripting
7574| [72758] Apache HTTP Server httpOnly information disclosure
7575| [72757] Apache HTTP Server MPM denial of service
7576| [72585] Apache Struts ParameterInterceptor security bypass
7577| [72438] Apache Tomcat Digest security bypass
7578| [72437] Apache Tomcat Digest security bypass
7579| [72436] Apache Tomcat DIGEST security bypass
7580| [72425] Apache Tomcat parameter denial of service
7581| [72422] Apache Tomcat request object information disclosure
7582| [72377] Apache HTTP Server scoreboard security bypass
7583| [72345] Apache HTTP Server HTTP request denial of service
7584| [72229] Apache Struts ExceptionDelegator command execution
7585| [72089] Apache Struts ParameterInterceptor directory traversal
7586| [72088] Apache Struts CookieInterceptor command execution
7587| [72047] Apache Geronimo hash denial of service
7588| [72016] Apache Tomcat hash denial of service
7589| [71711] Apache Struts OGNL expression code execution
7590| [71654] Apache Struts interfaces security bypass
7591| [71620] Apache ActiveMQ failover denial of service
7592| [71617] Apache HTTP Server mod_proxy module information disclosure
7593| [71508] Apache MyFaces EL security bypass
7594| [71445] Apache HTTP Server mod_proxy security bypass
7595| [71203] Apache Tomcat servlets privilege escalation
7596| [71181] Apache HTTP Server ap_pregsub() denial of service
7597| [71093] Apache HTTP Server ap_pregsub() buffer overflow
7598| [70336] Apache HTTP Server mod_proxy information disclosure
7599| [69804] Apache HTTP Server mod_proxy_ajp denial of service
7600| [69472] Apache Tomcat AJP security bypass
7601| [69396] Apache HTTP Server ByteRange filter denial of service
7602| [69394] Apache Wicket multi window support cross-site scripting
7603| [69176] Apache Tomcat XML information disclosure
7604| [69161] Apache Tomcat jsvc information disclosure
7605| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
7606| [68541] Apache Tomcat sendfile information disclosure
7607| [68420] Apache XML Security denial of service
7608| [68238] Apache Tomcat JMX information disclosure
7609| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
7610| [67804] Apache Subversion control rules information disclosure
7611| [67803] Apache Subversion control rules denial of service
7612| [67802] Apache Subversion baselined denial of service
7613| [67672] Apache Archiva multiple cross-site scripting
7614| [67671] Apache Archiva multiple cross-site request forgery
7615| [67564] Apache APR apr_fnmatch() denial of service
7616| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
7617| [67515] Apache Tomcat annotations security bypass
7618| [67480] Apache Struts s:submit information disclosure
7619| [67414] Apache APR apr_fnmatch() denial of service
7620| [67356] Apache Struts javatemplates cross-site scripting
7621| [67354] Apache Struts Xwork cross-site scripting
7622| [66676] Apache Tomcat HTTP BIO information disclosure
7623| [66675] Apache Tomcat web.xml security bypass
7624| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
7625| [66241] Apache HttpComponents information disclosure
7626| [66154] Apache Tomcat ServletSecurity security bypass
7627| [65971] Apache Tomcat ServletSecurity security bypass
7628| [65876] Apache Subversion mod_dav_svn denial of service
7629| [65343] Apache Continuum unspecified cross-site scripting
7630| [65162] Apache Tomcat NIO connector denial of service
7631| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
7632| [65160] Apache Tomcat HTML Manager interface cross-site scripting
7633| [65159] Apache Tomcat ServletContect security bypass
7634| [65050] Apache CouchDB web-based administration UI cross-site scripting
7635| [64773] Oracle HTTP Server Apache Plugin unauthorized access
7636| [64473] Apache Subversion blame -g denial of service
7637| [64472] Apache Subversion walk() denial of service
7638| [64407] Apache Axis2 CVE-2010-0219 code execution
7639| [63926] Apache Archiva password privilege escalation
7640| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
7641| [63493] Apache Archiva credentials cross-site request forgery
7642| [63477] Apache Tomcat HttpOnly session hijacking
7643| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
7644| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
7645| [62959] Apache Shiro filters security bypass
7646| [62790] Apache Perl cgi module denial of service
7647| [62576] Apache Qpid exchange denial of service
7648| [62575] Apache Qpid AMQP denial of service
7649| [62354] Apache Qpid SSL denial of service
7650| [62235] Apache APR-util apr_brigade_split_line() denial of service
7651| [62181] Apache XML-RPC SAX Parser information disclosure
7652| [61721] Apache Traffic Server cache poisoning
7653| [61202] Apache Derby BUILTIN authentication functionality information disclosure
7654| [61186] Apache CouchDB Futon cross-site request forgery
7655| [61169] Apache CXF DTD denial of service
7656| [61070] Apache Jackrabbit search.jsp SQL injection
7657| [61006] Apache SLMS Quoting cross-site request forgery
7658| [60962] Apache Tomcat time cross-site scripting
7659| [60883] Apache mod_proxy_http information disclosure
7660| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
7661| [60264] Apache Tomcat Transfer-Encoding denial of service
7662| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
7663| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
7664| [59413] Apache mod_proxy_http timeout information disclosure
7665| [59058] Apache MyFaces unencrypted view state cross-site scripting
7666| [58827] Apache Axis2 xsd file include
7667| [58790] Apache Axis2 modules cross-site scripting
7668| [58299] Apache ActiveMQ queueBrowse cross-site scripting
7669| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
7670| [58056] Apache ActiveMQ .jsp source code disclosure
7671| [58055] Apache Tomcat realm name information disclosure
7672| [58046] Apache HTTP Server mod_auth_shadow security bypass
7673| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
7674| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
7675| [57429] Apache CouchDB algorithms information disclosure
7676| [57398] Apache ActiveMQ Web console cross-site request forgery
7677| [57397] Apache ActiveMQ createDestination.action cross-site scripting
7678| [56653] Apache HTTP Server DNS spoofing
7679| [56652] Apache HTTP Server DNS cross-site scripting
7680| [56625] Apache HTTP Server request header information disclosure
7681| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
7682| [56623] Apache HTTP Server mod_proxy_ajp denial of service
7683| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
7684| [55857] Apache Tomcat WAR files directory traversal
7685| [55856] Apache Tomcat autoDeploy attribute security bypass
7686| [55855] Apache Tomcat WAR directory traversal
7687| [55210] Intuit component for Joomla! Apache information disclosure
7688| [54533] Apache Tomcat 404 error page cross-site scripting
7689| [54182] Apache Tomcat admin default password
7690| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
7691| [53666] Apache HTTP Server Solaris pollset support denial of service
7692| [53650] Apache HTTP Server HTTP basic-auth module security bypass
7693| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
7694| [53041] mod_proxy_ftp module for Apache denial of service
7695| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
7696| [51953] Apache Tomcat Path Disclosure
7697| [51952] Apache Tomcat Path Traversal
7698| [51951] Apache stronghold-status Information Disclosure
7699| [51950] Apache stronghold-info Information Disclosure
7700| [51949] Apache PHP Source Code Disclosure
7701| [51948] Apache Multiviews Attack
7702| [51946] Apache JServ Environment Status Information Disclosure
7703| [51945] Apache error_log Information Disclosure
7704| [51944] Apache Default Installation Page Pattern Found
7705| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
7706| [51942] Apache AXIS XML External Entity File Retrieval
7707| [51941] Apache AXIS Sample Servlet Information Leak
7708| [51940] Apache access_log Information Disclosure
7709| [51626] Apache mod_deflate denial of service
7710| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
7711| [51365] Apache Tomcat RequestDispatcher security bypass
7712| [51273] Apache HTTP Server Incomplete Request denial of service
7713| [51195] Apache Tomcat XML information disclosure
7714| [50994] Apache APR-util xml/apr_xml.c denial of service
7715| [50993] Apache APR-util apr_brigade_vprintf denial of service
7716| [50964] Apache APR-util apr_strmatch_precompile() denial of service
7717| [50930] Apache Tomcat j_security_check information disclosure
7718| [50928] Apache Tomcat AJP denial of service
7719| [50884] Apache HTTP Server XML ENTITY denial of service
7720| [50808] Apache HTTP Server AllowOverride privilege escalation
7721| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7722| [50059] Apache mod_proxy_ajp information disclosure
7723| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7724| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7725| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7726| [49921] Apache ActiveMQ Web interface cross-site scripting
7727| [49898] Apache Geronimo Services/Repository directory traversal
7728| [49725] Apache Tomcat mod_jk module information disclosure
7729| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7730| [49712] Apache Struts unspecified cross-site scripting
7731| [49213] Apache Tomcat cal2.jsp cross-site scripting
7732| [48934] Apache Tomcat POST doRead method information disclosure
7733| [48211] Apache Tomcat header HTTP request smuggling
7734| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7735| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7736| [47709] Apache Roller "
7737| [47104] Novell Netware ApacheAdmin console security bypass
7738| [47086] Apache HTTP Server OS fingerprinting unspecified
7739| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7740| [45791] Apache Tomcat RemoteFilterValve security bypass
7741| [44435] Oracle WebLogic Apache Connector buffer overflow
7742| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7743| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7744| [44156] Apache Tomcat RequestDispatcher directory traversal
7745| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7746| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7747| [42987] Apache HTTP Server mod_proxy module denial of service
7748| [42915] Apache Tomcat JSP files path disclosure
7749| [42914] Apache Tomcat MS-DOS path disclosure
7750| [42892] Apache Tomcat unspecified unauthorized access
7751| [42816] Apache Tomcat Host Manager cross-site scripting
7752| [42303] Apache 403 error cross-site scripting
7753| [41618] Apache-SSL ExpandCert() authentication bypass
7754| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7755| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7756| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7757| [40562] Apache Geronimo init information disclosure
7758| [40478] Novell Web Manager webadmin-apache.conf security bypass
7759| [40411] Apache Tomcat exception handling information disclosure
7760| [40409] Apache Tomcat native (APR based) connector weak security
7761| [40403] Apache Tomcat quotes and %5C cookie information disclosure
7762| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
7763| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
7764| [39867] Apache HTTP Server mod_negotiation cross-site scripting
7765| [39804] Apache Tomcat SingleSignOn information disclosure
7766| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
7767| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
7768| [39608] Apache HTTP Server balancer manager cross-site request forgery
7769| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
7770| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
7771| [39472] Apache HTTP Server mod_status cross-site scripting
7772| [39201] Apache Tomcat JULI logging weak security
7773| [39158] Apache HTTP Server Windows SMB shares information disclosure
7774| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7775| [38951] Apache::AuthCAS Perl module cookie SQL injection
7776| [38800] Apache HTTP Server 413 error page cross-site scripting
7777| [38211] Apache Geronimo SQLLoginModule authentication bypass
7778| [37243] Apache Tomcat WebDAV directory traversal
7779| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7780| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7781| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7782| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7783| [36782] Apache Geronimo MEJB unauthorized access
7784| [36586] Apache HTTP Server UTF-7 cross-site scripting
7785| [36468] Apache Geronimo LoginModule security bypass
7786| [36467] Apache Tomcat functions.jsp cross-site scripting
7787| [36402] Apache Tomcat calendar cross-site request forgery
7788| [36354] Apache HTTP Server mod_proxy module denial of service
7789| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7790| [36336] Apache Derby lock table privilege escalation
7791| [36335] Apache Derby schema privilege escalation
7792| [36006] Apache Tomcat "
7793| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7794| [35999] Apache Tomcat \"
7795| [35795] Apache Tomcat CookieExample cross-site scripting
7796| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7797| [35384] Apache HTTP Server mod_cache module denial of service
7798| [35097] Apache HTTP Server mod_status module cross-site scripting
7799| [35095] Apache HTTP Server Prefork MPM module denial of service
7800| [34984] Apache HTTP Server recall_headers information disclosure
7801| [34966] Apache HTTP Server MPM content spoofing
7802| [34965] Apache HTTP Server MPM information disclosure
7803| [34963] Apache HTTP Server MPM multiple denial of service
7804| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7805| [34869] Apache Tomcat JSP example Web application cross-site scripting
7806| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7807| [34496] Apache Tomcat JK Connector security bypass
7808| [34377] Apache Tomcat hello.jsp cross-site scripting
7809| [34212] Apache Tomcat SSL configuration security bypass
7810| [34210] Apache Tomcat Accept-Language cross-site scripting
7811| [34209] Apache Tomcat calendar application cross-site scripting
7812| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7813| [34167] Apache Axis WSDL file path disclosure
7814| [34068] Apache Tomcat AJP connector information disclosure
7815| [33584] Apache HTTP Server suEXEC privilege escalation
7816| [32988] Apache Tomcat proxy module directory traversal
7817| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7818| [32708] Debian Apache tty privilege escalation
7819| [32441] ApacheStats extract() PHP call unspecified
7820| [32128] Apache Tomcat default account
7821| [31680] Apache Tomcat RequestParamExample cross-site scripting
7822| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7823| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7824| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7825| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7826| [29550] Apache mod_tcl set_var() format string
7827| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7828| [28357] Apache HTTP Server mod_alias script source information disclosure
7829| [28063] Apache mod_rewrite off-by-one buffer overflow
7830| [27902] Apache Tomcat URL information disclosure
7831| [26786] Apache James SMTP server denial of service
7832| [25680] libapache2 /tmp/svn file upload
7833| [25614] Apache Struts lookupMap cross-site scripting
7834| [25613] Apache Struts ActionForm denial of service
7835| [25612] Apache Struts isCancelled() security bypass
7836| [24965] Apache mod_python FileSession command execution
7837| [24716] Apache James spooler memory leak denial of service
7838| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7839| [24158] Apache Geronimo jsp-examples cross-site scripting
7840| [24030] Apache auth_ldap module multiple format strings
7841| [24008] Apache mod_ssl custom error message denial of service
7842| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7843| [23612] Apache mod_imap referer field cross-site scripting
7844| [23173] Apache Struts error message cross-site scripting
7845| [22942] Apache Tomcat directory listing denial of service
7846| [22858] Apache Multi-Processing Module code allows denial of service
7847| [22602] RHSA-2005:582 updates for Apache httpd not installed
7848| [22520] Apache mod-auth-shadow "
7849| [22466] ApacheTop symlink
7850| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7851| [22006] Apache HTTP Server byte-range filter denial of service
7852| [21567] Apache mod_ssl off-by-one buffer overflow
7853| [21195] Apache HTTP Server header HTTP request smuggling
7854| [20383] Apache HTTP Server htdigest buffer overflow
7855| [19681] Apache Tomcat AJP12 request denial of service
7856| [18993] Apache HTTP server check_forensic symlink attack
7857| [18790] Apache Tomcat Manager cross-site scripting
7858| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7859| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7860| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7861| [17961] Apache Web server ServerTokens has not been set
7862| [17930] Apache HTTP Server HTTP GET request denial of service
7863| [17785] Apache mod_include module buffer overflow
7864| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7865| [17473] Apache HTTP Server Satisfy directive allows access to resources
7866| [17413] Apache htpasswd buffer overflow
7867| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7868| [17382] Apache HTTP Server IPv6 apr_util denial of service
7869| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7870| [17273] Apache HTTP Server speculative mode denial of service
7871| [17200] Apache HTTP Server mod_ssl denial of service
7872| [16890] Apache HTTP Server server-info request has been detected
7873| [16889] Apache HTTP Server server-status request has been detected
7874| [16705] Apache mod_ssl format string attack
7875| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7876| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7877| [16230] Apache HTTP Server PHP denial of service
7878| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7879| [15958] Apache HTTP Server authentication modules memory corruption
7880| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7881| [15540] Apache HTTP Server socket starvation denial of service
7882| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7883| [15422] Apache HTTP Server mod_access information disclosure
7884| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7885| [15293] Apache for Cygwin "
7886| [15065] Apache-SSL has a default password
7887| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7888| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7889| [14751] Apache Mod_python output filter information disclosure
7890| [14125] Apache HTTP Server mod_userdir module information disclosure
7891| [14075] Apache HTTP Server mod_php file descriptor leak
7892| [13703] Apache HTTP Server account
7893| [13689] Apache HTTP Server configuration allows symlinks
7894| [13688] Apache HTTP Server configuration allows SSI
7895| [13687] Apache HTTP Server Server: header value
7896| [13685] Apache HTTP Server ServerTokens value
7897| [13684] Apache HTTP Server ServerSignature value
7898| [13672] Apache HTTP Server config allows directory autoindexing
7899| [13671] Apache HTTP Server default content
7900| [13670] Apache HTTP Server config file directive references outside content root
7901| [13668] Apache HTTP Server httpd not running in chroot environment
7902| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7903| [13664] Apache HTTP Server config file contains ScriptAlias entry
7904| [13663] Apache HTTP Server CGI support modules loaded
7905| [13661] Apache HTTP Server config file contains AddHandler entry
7906| [13660] Apache HTTP Server 500 error page not CGI script
7907| [13659] Apache HTTP Server 413 error page not CGI script
7908| [13658] Apache HTTP Server 403 error page not CGI script
7909| [13657] Apache HTTP Server 401 error page not CGI script
7910| [13552] Apache HTTP Server mod_cgid module information disclosure
7911| [13550] Apache GET request directory traversal
7912| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7913| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7914| [13429] Apache Tomcat non-HTTP request denial of service
7915| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7916| [13295] Apache weak password encryption
7917| [13254] Apache Tomcat .jsp cross-site scripting
7918| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7919| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7920| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7921| [12662] Apache HTTP Server rotatelogs denial of service
7922| [12554] Apache Tomcat stores password in plain text
7923| [12553] Apache HTTP Server redirects and subrequests denial of service
7924| [12552] Apache HTTP Server FTP proxy server denial of service
7925| [12551] Apache HTTP Server prefork MPM denial of service
7926| [12550] Apache HTTP Server weaker than expected encryption
7927| [12549] Apache HTTP Server type-map file denial of service
7928| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7929| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7930| [12091] Apache HTTP Server apr_password_validate denial of service
7931| [12090] Apache HTTP Server apr_psprintf code execution
7932| [11804] Apache HTTP Server mod_access_referer denial of service
7933| [11750] Apache HTTP Server could leak sensitive file descriptors
7934| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7935| [11703] Apache long slash path allows directory listing
7936| [11695] Apache HTTP Server LF (Line Feed) denial of service
7937| [11694] Apache HTTP Server filestat.c denial of service
7938| [11438] Apache HTTP Server MIME message boundaries information disclosure
7939| [11412] Apache HTTP Server error log terminal escape sequence injection
7940| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7941| [11195] Apache Tomcat web.xml could be used to read files
7942| [11194] Apache Tomcat URL appended with a null character could list directories
7943| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7944| [11126] Apache HTTP Server illegal character file disclosure
7945| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7946| [11124] Apache HTTP Server DOS device name denial of service
7947| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7948| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7949| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7950| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7951| [10499] Apache HTTP Server WebDAV HTTP POST view source
7952| [10457] Apache HTTP Server mod_ssl "
7953| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7954| [10414] Apache HTTP Server htdigest multiple buffer overflows
7955| [10413] Apache HTTP Server htdigest temporary file race condition
7956| [10412] Apache HTTP Server htpasswd temporary file race condition
7957| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7958| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7959| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7960| [10280] Apache HTTP Server shared memory scorecard overwrite
7961| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7962| [10241] Apache HTTP Server Host: header cross-site scripting
7963| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7964| [10208] Apache HTTP Server mod_dav denial of service
7965| [10206] HP VVOS Apache mod_ssl denial of service
7966| [10200] Apache HTTP Server stderr denial of service
7967| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7968| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7969| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7970| [10098] Slapper worm targets OpenSSL/Apache systems
7971| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7972| [9875] Apache HTTP Server .var file request could disclose installation path
7973| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7974| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7975| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7976| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7977| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7978| [9396] Apache Tomcat null character to threads denial of service
7979| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7980| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7981| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7982| [8932] Apache Tomcat example class information disclosure
7983| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7984| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7985| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7986| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7987| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7988| [8400] Apache HTTP Server mod_frontpage buffer overflows
7989| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7990| [8308] Apache "
7991| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7992| [8119] Apache and PHP OPTIONS request reveals "
7993| [8054] Apache is running on the system
7994| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7995| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7996| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7997| [7836] Apache HTTP Server log directory denial of service
7998| [7815] Apache for Windows "
7999| [7810] Apache HTTP request could result in unexpected behavior
8000| [7599] Apache Tomcat reveals installation path
8001| [7494] Apache "
8002| [7419] Apache Web Server could allow remote attackers to overwrite .log files
8003| [7363] Apache Web Server hidden HTTP requests
8004| [7249] Apache mod_proxy denial of service
8005| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
8006| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
8007| [7059] Apache "
8008| [7057] Apache "
8009| [7056] Apache "
8010| [7055] Apache "
8011| [7054] Apache "
8012| [6997] Apache Jakarta Tomcat error message may reveal information
8013| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
8014| [6970] Apache crafted HTTP request could reveal the internal IP address
8015| [6921] Apache long slash path allows directory listing
8016| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
8017| [6527] Apache Web Server for Windows and OS2 denial of service
8018| [6316] Apache Jakarta Tomcat may reveal JSP source code
8019| [6305] Apache Jakarta Tomcat directory traversal
8020| [5926] Linux Apache symbolic link
8021| [5659] Apache Web server discloses files when used with php script
8022| [5310] Apache mod_rewrite allows attacker to view arbitrary files
8023| [5204] Apache WebDAV directory listings
8024| [5197] Apache Web server reveals CGI script source code
8025| [5160] Apache Jakarta Tomcat default installation
8026| [5099] Trustix Secure Linux installs Apache with world writable access
8027| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
8028| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
8029| [4931] Apache source.asp example file allows users to write to files
8030| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
8031| [4205] Apache Jakarta Tomcat delivers file contents
8032| [2084] Apache on Debian by default serves the /usr/doc directory
8033| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
8034| [697] Apache HTTP server beck exploit
8035| [331] Apache cookies buffer overflow
8036|
8037| Exploit-DB - https://www.exploit-db.com:
8038| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
8039| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
8040| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
8041| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
8042| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
8043| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
8044| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
8045| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
8046| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
8047| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
8048| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
8049| [29859] Apache Roller OGNL Injection
8050| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
8051| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
8052| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
8053| [29290] Apache / PHP 5.x Remote Code Execution Exploit
8054| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
8055| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
8056| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
8057| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
8058| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
8059| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
8060| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
8061| [27096] Apache Geronimo 1.0 Error Page XSS
8062| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
8063| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
8064| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
8065| [25986] Plesk Apache Zeroday Remote Exploit
8066| [25980] Apache Struts includeParams Remote Code Execution
8067| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
8068| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
8069| [24874] Apache Struts ParametersInterceptor Remote Code Execution
8070| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
8071| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
8072| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
8073| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
8074| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
8075| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
8076| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
8077| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
8078| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
8079| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
8080| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
8081| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
8082| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
8083| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
8084| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
8085| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
8086| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
8087| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
8088| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
8089| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
8090| [21719] Apache 2.0 Path Disclosure Vulnerability
8091| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
8092| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
8093| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
8094| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
8095| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
8096| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
8097| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
8098| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
8099| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
8100| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
8101| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
8102| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
8103| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
8104| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
8105| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
8106| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
8107| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
8108| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
8109| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
8110| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
8111| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
8112| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
8113| [20558] Apache 1.2 Web Server DoS Vulnerability
8114| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
8115| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
8116| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
8117| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
8118| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
8119| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
8120| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
8121| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
8122| [19231] PHP apache_request_headers Function Buffer Overflow
8123| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
8124| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
8125| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
8126| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
8127| [18442] Apache httpOnly Cookie Disclosure
8128| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
8129| [18221] Apache HTTP Server Denial of Service
8130| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
8131| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
8132| [17691] Apache Struts < 2.2.0 - Remote Command Execution
8133| [16798] Apache mod_jk 1.2.20 Buffer Overflow
8134| [16782] Apache Win32 Chunked Encoding
8135| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
8136| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
8137| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
8138| [15319] Apache 2.2 (Windows) Local Denial of Service
8139| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
8140| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
8141| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
8142| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
8143| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
8144| [12330] Apache OFBiz - Multiple XSS
8145| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
8146| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
8147| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
8148| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
8149| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
8150| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
8151| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
8152| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
8153| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8154| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
8155| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
8156| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
8157| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
8158| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
8159| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
8160| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
8161| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
8162| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
8163| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
8164| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
8165| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
8166| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
8167| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
8168| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
8169| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
8170| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
8171| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
8172| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
8173| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
8174| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
8175| [466] htpasswd Apache 1.3.31 - Local Exploit
8176| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
8177| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
8178| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
8179| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
8180| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
8181| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
8182| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
8183| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
8184| [9] Apache HTTP Server 2.x Memory Leak Exploit
8185|
8186| OpenVAS (Nessus) - http://www.openvas.org:
8187| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
8188| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
8189| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
8190| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
8191| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
8192| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
8193| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
8194| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
8195| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
8196| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
8197| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
8198| [900571] Apache APR-Utils Version Detection
8199| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
8200| [900496] Apache Tiles Multiple XSS Vulnerability
8201| [900493] Apache Tiles Version Detection
8202| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
8203| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
8204| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
8205| [870175] RedHat Update for apache RHSA-2008:0004-01
8206| [864591] Fedora Update for apache-poi FEDORA-2012-10835
8207| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
8208| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
8209| [864250] Fedora Update for apache-poi FEDORA-2012-7683
8210| [864249] Fedora Update for apache-poi FEDORA-2012-7686
8211| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
8212| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
8213| [855821] Solaris Update for Apache 1.3 122912-19
8214| [855812] Solaris Update for Apache 1.3 122911-19
8215| [855737] Solaris Update for Apache 1.3 122911-17
8216| [855731] Solaris Update for Apache 1.3 122912-17
8217| [855695] Solaris Update for Apache 1.3 122911-16
8218| [855645] Solaris Update for Apache 1.3 122912-16
8219| [855587] Solaris Update for kernel update and Apache 108529-29
8220| [855566] Solaris Update for Apache 116973-07
8221| [855531] Solaris Update for Apache 116974-07
8222| [855524] Solaris Update for Apache 2 120544-14
8223| [855494] Solaris Update for Apache 1.3 122911-15
8224| [855478] Solaris Update for Apache Security 114145-11
8225| [855472] Solaris Update for Apache Security 113146-12
8226| [855179] Solaris Update for Apache 1.3 122912-15
8227| [855147] Solaris Update for kernel update and Apache 108528-29
8228| [855077] Solaris Update for Apache 2 120543-14
8229| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
8230| [850088] SuSE Update for apache2 SUSE-SA:2007:061
8231| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
8232| [841209] Ubuntu Update for apache2 USN-1627-1
8233| [840900] Ubuntu Update for apache2 USN-1368-1
8234| [840798] Ubuntu Update for apache2 USN-1259-1
8235| [840734] Ubuntu Update for apache2 USN-1199-1
8236| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
8237| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
8238| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
8239| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
8240| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
8241| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
8242| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
8243| [835253] HP-UX Update for Apache Web Server HPSBUX02645
8244| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
8245| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
8246| [835236] HP-UX Update for Apache with PHP HPSBUX02543
8247| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
8248| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
8249| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
8250| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
8251| [835188] HP-UX Update for Apache HPSBUX02308
8252| [835181] HP-UX Update for Apache With PHP HPSBUX02332
8253| [835180] HP-UX Update for Apache with PHP HPSBUX02342
8254| [835172] HP-UX Update for Apache HPSBUX02365
8255| [835168] HP-UX Update for Apache HPSBUX02313
8256| [835148] HP-UX Update for Apache HPSBUX01064
8257| [835139] HP-UX Update for Apache with PHP HPSBUX01090
8258| [835131] HP-UX Update for Apache HPSBUX00256
8259| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
8260| [835104] HP-UX Update for Apache HPSBUX00224
8261| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
8262| [835101] HP-UX Update for Apache HPSBUX01232
8263| [835080] HP-UX Update for Apache HPSBUX02273
8264| [835078] HP-UX Update for ApacheStrong HPSBUX00255
8265| [835044] HP-UX Update for Apache HPSBUX01019
8266| [835040] HP-UX Update for Apache PHP HPSBUX00207
8267| [835025] HP-UX Update for Apache HPSBUX00197
8268| [835023] HP-UX Update for Apache HPSBUX01022
8269| [835022] HP-UX Update for Apache HPSBUX02292
8270| [835005] HP-UX Update for Apache HPSBUX02262
8271| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
8272| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
8273| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
8274| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
8275| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
8276| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
8277| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
8278| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
8279| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
8280| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
8281| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
8282| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
8283| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
8284| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
8285| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
8286| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
8287| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
8288| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
8289| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
8290| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
8291| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
8292| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
8293| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
8294| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
8295| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
8296| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
8297| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
8298| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
8299| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
8300| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
8301| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
8302| [801942] Apache Archiva Multiple Vulnerabilities
8303| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
8304| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
8305| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
8306| [801284] Apache Derby Information Disclosure Vulnerability
8307| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
8308| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
8309| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
8310| [800680] Apache APR Version Detection
8311| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
8312| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
8313| [800677] Apache Roller Version Detection
8314| [800279] Apache mod_jk Module Version Detection
8315| [800278] Apache Struts Cross Site Scripting Vulnerability
8316| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
8317| [800276] Apache Struts Version Detection
8318| [800271] Apache Struts Directory Traversal Vulnerability
8319| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
8320| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
8321| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
8322| [103122] Apache Web Server ETag Header Information Disclosure Weakness
8323| [103074] Apache Continuum Cross Site Scripting Vulnerability
8324| [103073] Apache Continuum Detection
8325| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
8326| [101023] Apache Open For Business Weak Password security check
8327| [101020] Apache Open For Business HTML injection vulnerability
8328| [101019] Apache Open For Business service detection
8329| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
8330| [100923] Apache Archiva Detection
8331| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
8332| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
8333| [100813] Apache Axis2 Detection
8334| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
8335| [100795] Apache Derby Detection
8336| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
8337| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
8338| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
8339| [100514] Apache Multiple Security Vulnerabilities
8340| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
8341| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
8342| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
8343| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8344| [72626] Debian Security Advisory DSA 2579-1 (apache2)
8345| [72612] FreeBSD Ports: apache22
8346| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
8347| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
8348| [71512] FreeBSD Ports: apache
8349| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
8350| [71256] Debian Security Advisory DSA 2452-1 (apache2)
8351| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
8352| [70737] FreeBSD Ports: apache
8353| [70724] Debian Security Advisory DSA 2405-1 (apache2)
8354| [70600] FreeBSD Ports: apache
8355| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
8356| [70235] Debian Security Advisory DSA 2298-2 (apache2)
8357| [70233] Debian Security Advisory DSA 2298-1 (apache2)
8358| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
8359| [69338] Debian Security Advisory DSA 2202-1 (apache2)
8360| [67868] FreeBSD Ports: apache
8361| [66816] FreeBSD Ports: apache
8362| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
8363| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
8364| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
8365| [66081] SLES11: Security update for Apache 2
8366| [66074] SLES10: Security update for Apache 2
8367| [66070] SLES9: Security update for Apache 2
8368| [65998] SLES10: Security update for apache2-mod_python
8369| [65893] SLES10: Security update for Apache 2
8370| [65888] SLES10: Security update for Apache 2
8371| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
8372| [65510] SLES9: Security update for Apache 2
8373| [65472] SLES9: Security update for Apache
8374| [65467] SLES9: Security update for Apache
8375| [65450] SLES9: Security update for apache2
8376| [65390] SLES9: Security update for Apache2
8377| [65363] SLES9: Security update for Apache2
8378| [65309] SLES9: Security update for Apache and mod_ssl
8379| [65296] SLES9: Security update for webdav apache module
8380| [65283] SLES9: Security update for Apache2
8381| [65249] SLES9: Security update for Apache 2
8382| [65230] SLES9: Security update for Apache 2
8383| [65228] SLES9: Security update for Apache 2
8384| [65212] SLES9: Security update for apache2-mod_python
8385| [65209] SLES9: Security update for apache2-worker
8386| [65207] SLES9: Security update for Apache 2
8387| [65168] SLES9: Security update for apache2-mod_python
8388| [65142] SLES9: Security update for Apache2
8389| [65136] SLES9: Security update for Apache 2
8390| [65132] SLES9: Security update for apache
8391| [65131] SLES9: Security update for Apache 2 oes/CORE
8392| [65113] SLES9: Security update for apache2
8393| [65072] SLES9: Security update for apache and mod_ssl
8394| [65017] SLES9: Security update for Apache 2
8395| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
8396| [64783] FreeBSD Ports: apache
8397| [64774] Ubuntu USN-802-2 (apache2)
8398| [64653] Ubuntu USN-813-2 (apache2)
8399| [64559] Debian Security Advisory DSA 1834-2 (apache2)
8400| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
8401| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
8402| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
8403| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
8404| [64443] Ubuntu USN-802-1 (apache2)
8405| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
8406| [64423] Debian Security Advisory DSA 1834-1 (apache2)
8407| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
8408| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
8409| [64251] Debian Security Advisory DSA 1816-1 (apache2)
8410| [64201] Ubuntu USN-787-1 (apache2)
8411| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
8412| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
8413| [63565] FreeBSD Ports: apache
8414| [63562] Ubuntu USN-731-1 (apache2)
8415| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
8416| [61185] FreeBSD Ports: apache
8417| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
8418| [60387] Slackware Advisory SSA:2008-045-02 apache
8419| [58826] FreeBSD Ports: apache-tomcat
8420| [58825] FreeBSD Ports: apache-tomcat
8421| [58804] FreeBSD Ports: apache
8422| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
8423| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
8424| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
8425| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
8426| [57335] Debian Security Advisory DSA 1167-1 (apache)
8427| [57201] Debian Security Advisory DSA 1131-1 (apache)
8428| [57200] Debian Security Advisory DSA 1132-1 (apache2)
8429| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
8430| [57145] FreeBSD Ports: apache
8431| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
8432| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
8433| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
8434| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
8435| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
8436| [56067] FreeBSD Ports: apache
8437| [55803] Slackware Advisory SSA:2005-310-04 apache
8438| [55519] Debian Security Advisory DSA 839-1 (apachetop)
8439| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
8440| [55355] FreeBSD Ports: apache
8441| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
8442| [55261] Debian Security Advisory DSA 805-1 (apache2)
8443| [55259] Debian Security Advisory DSA 803-1 (apache)
8444| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
8445| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
8446| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
8447| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
8448| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
8449| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
8450| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
8451| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
8452| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
8453| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
8454| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
8455| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
8456| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
8457| [54439] FreeBSD Ports: apache
8458| [53931] Slackware Advisory SSA:2004-133-01 apache
8459| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
8460| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
8461| [53878] Slackware Advisory SSA:2003-308-01 apache security update
8462| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
8463| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
8464| [53848] Debian Security Advisory DSA 131-1 (apache)
8465| [53784] Debian Security Advisory DSA 021-1 (apache)
8466| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
8467| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
8468| [53735] Debian Security Advisory DSA 187-1 (apache)
8469| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
8470| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
8471| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
8472| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
8473| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
8474| [53282] Debian Security Advisory DSA 594-1 (apache)
8475| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
8476| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
8477| [53215] Debian Security Advisory DSA 525-1 (apache)
8478| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
8479| [52529] FreeBSD Ports: apache+ssl
8480| [52501] FreeBSD Ports: apache
8481| [52461] FreeBSD Ports: apache
8482| [52390] FreeBSD Ports: apache
8483| [52389] FreeBSD Ports: apache
8484| [52388] FreeBSD Ports: apache
8485| [52383] FreeBSD Ports: apache
8486| [52339] FreeBSD Ports: apache+mod_ssl
8487| [52331] FreeBSD Ports: apache
8488| [52329] FreeBSD Ports: ru-apache+mod_ssl
8489| [52314] FreeBSD Ports: apache
8490| [52310] FreeBSD Ports: apache
8491| [15588] Detect Apache HTTPS
8492| [15555] Apache mod_proxy content-length buffer overflow
8493| [15554] Apache mod_include priviledge escalation
8494| [14771] Apache <= 1.3.33 htpasswd local overflow
8495| [14177] Apache mod_access rule bypass
8496| [13644] Apache mod_rootme Backdoor
8497| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
8498| [12280] Apache Connection Blocking Denial of Service
8499| [12239] Apache Error Log Escape Sequence Injection
8500| [12123] Apache Tomcat source.jsp malformed request information disclosure
8501| [12085] Apache Tomcat servlet/JSP container default files
8502| [11438] Apache Tomcat Directory Listing and File disclosure
8503| [11204] Apache Tomcat Default Accounts
8504| [11092] Apache 2.0.39 Win32 directory traversal
8505| [11046] Apache Tomcat TroubleShooter Servlet Installed
8506| [11042] Apache Tomcat DOS Device Name XSS
8507| [11041] Apache Tomcat /servlet Cross Site Scripting
8508| [10938] Apache Remote Command Execution via .bat files
8509| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
8510| [10773] MacOS X Finder reveals contents of Apache Web files
8511| [10766] Apache UserDir Sensitive Information Disclosure
8512| [10756] MacOS X Finder reveals contents of Apache Web directories
8513| [10752] Apache Auth Module SQL Insertion Attack
8514| [10704] Apache Directory Listing
8515| [10678] Apache /server-info accessible
8516| [10677] Apache /server-status accessible
8517| [10440] Check for Apache Multiple / vulnerability
8518|
8519| SecurityTracker - https://www.securitytracker.com:
8520| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
8521| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
8522| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
8523| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
8524| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8525| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8526| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8527| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
8528| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
8529| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
8530| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8531| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
8532| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
8533| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
8534| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
8535| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
8536| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
8537| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
8538| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
8539| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
8540| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
8541| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
8542| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
8543| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8544| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
8545| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8546| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8547| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
8548| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
8549| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
8550| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
8551| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
8552| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
8553| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
8554| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
8555| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
8556| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
8557| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
8558| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
8559| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
8560| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
8561| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
8562| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
8563| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
8564| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
8565| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
8566| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8567| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
8568| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
8569| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
8570| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
8571| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
8572| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
8573| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
8574| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
8575| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
8576| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
8577| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
8578| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
8579| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
8580| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
8581| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
8582| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
8583| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
8584| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
8585| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
8586| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
8587| [1024096] Apache mod_proxy_http May Return Results for a Different Request
8588| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
8589| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
8590| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
8591| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
8592| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
8593| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
8594| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
8595| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
8596| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
8597| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
8598| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
8599| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
8600| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
8601| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8602| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
8603| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
8604| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
8605| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
8606| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
8607| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8608| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
8609| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
8610| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
8611| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
8612| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
8613| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
8614| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
8615| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
8616| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
8617| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
8618| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
8619| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
8620| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
8621| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
8622| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
8623| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
8624| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
8625| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
8626| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
8627| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
8628| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
8629| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
8630| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
8631| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
8632| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
8633| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
8634| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
8635| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
8636| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
8637| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
8638| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
8639| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
8640| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
8641| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
8642| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
8643| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
8644| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
8645| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
8646| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
8647| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
8648| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
8649| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
8650| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
8651| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
8652| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
8653| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
8654| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
8655| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
8656| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
8657| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
8658| [1008920] Apache mod_digest May Validate Replayed Client Responses
8659| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
8660| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
8661| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
8662| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
8663| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
8664| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
8665| [1008030] Apache mod_rewrite Contains a Buffer Overflow
8666| [1008029] Apache mod_alias Contains a Buffer Overflow
8667| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
8668| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
8669| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
8670| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
8671| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
8672| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
8673| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
8674| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
8675| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
8676| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
8677| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
8678| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
8679| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
8680| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
8681| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
8682| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
8683| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
8684| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
8685| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
8686| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
8687| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
8688| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
8689| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
8690| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
8691| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
8692| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
8693| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
8694| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
8695| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
8696| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
8697| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
8698| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
8699| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
8700| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
8701| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
8702| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
8703| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
8704| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
8705| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8706| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8707| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
8708| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
8709| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
8710| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
8711| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
8712| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
8713| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
8714| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
8715| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
8716| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
8717| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8718| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8719| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8720| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8721| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8722| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8723|
8724| OSVDB - http://www.osvdb.org:
8725| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8726| [96077] Apache CloudStack Global Settings Multiple Field XSS
8727| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8728| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8729| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8730| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8731| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8732| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8733| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8734| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8735| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8736| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8737| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8738| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8739| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8740| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8741| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8742| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8743| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8744| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8745| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8746| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8747| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8748| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8749| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8750| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8751| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8752| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8753| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8754| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8755| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8756| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8757| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
8758| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
8759| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
8760| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
8761| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
8762| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
8763| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
8764| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
8765| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
8766| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
8767| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
8768| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
8769| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
8770| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
8771| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
8772| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
8773| [94279] Apache Qpid CA Certificate Validation Bypass
8774| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8775| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8776| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8777| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8778| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8779| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8780| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8781| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8782| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8783| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8784| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8785| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8786| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8787| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8788| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8789| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8790| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8791| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8792| [93541] Apache Solr json.wrf Callback XSS
8793| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8794| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8795| [93520] Apache CloudStack Default SSL Key Weakness
8796| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8797| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8798| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8799| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8800| [93515] Apache HBase table.jsp name Parameter XSS
8801| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8802| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8803| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8804| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8805| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8806| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8807| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8808| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8809| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8810| [93252] Apache Tomcat FORM Authenticator Session Fixation
8811| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8812| [93171] Apache Sling HtmlResponse Error Message XSS
8813| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8814| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8815| [93168] Apache Click ErrorReport.java id Parameter XSS
8816| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8817| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8818| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8819| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8820| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8821| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8822| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8823| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8824| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8825| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8826| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8827| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8828| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8829| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8830| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8831| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8832| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8833| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8834| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8835| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8836| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8837| [93144] Apache Solr Admin Command Execution CSRF
8838| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8839| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8840| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8841| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8842| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8843| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8844| [92748] Apache CloudStack VM Console Access Restriction Bypass
8845| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8846| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8847| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8848| [92706] Apache ActiveMQ Debug Log Rendering XSS
8849| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8850| [92270] Apache Tomcat Unspecified CSRF
8851| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8852| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8853| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8854| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8855| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8856| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8857| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8858| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8859| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8860| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8861| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8862| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8863| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8864| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8865| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8866| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8867| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8868| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8869| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8870| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8871| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8872| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8873| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8874| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8875| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8876| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8877| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8878| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8879| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8880| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8881| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8882| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8883| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8884| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8885| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8886| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8887| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8888| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8889| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8890| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8891| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8892| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8893| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8894| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8895| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8896| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8897| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8898| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8899| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8900| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8901| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8902| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8903| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8904| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8905| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8906| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8907| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8908| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8909| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8910| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8911| [86901] Apache Tomcat Error Message Path Disclosure
8912| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8913| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8914| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8915| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8916| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8917| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8918| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8919| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8920| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8921| [85430] Apache mod_pagespeed Module Unspecified XSS
8922| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8923| [85249] Apache Wicket Unspecified XSS
8924| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8925| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8926| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8927| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8928| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8929| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8930| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8931| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8932| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8933| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8934| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8935| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8936| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8937| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8938| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8939| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8940| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8941| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8942| [83339] Apache Roller Blogger Roll Unspecified XSS
8943| [83270] Apache Roller Unspecified Admin Action CSRF
8944| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8945| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8946| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8947| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8948| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8949| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8950| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8951| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8952| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8953| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8954| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8955| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8956| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8957| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8958| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8959| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8960| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8961| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8962| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8963| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8964| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8965| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8966| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8967| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8968| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8969| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8970| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8971| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8972| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8973| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8974| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8975| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8976| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8977| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8978| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8979| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8980| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8981| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8982| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8983| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8984| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8985| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8986| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8987| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8988| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8989| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8990| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8991| [77593] Apache Struts Conversion Error OGNL Expression Injection
8992| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8993| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8994| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8995| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8996| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8997| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8998| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8999| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
9000| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
9001| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
9002| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
9003| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
9004| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
9005| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
9006| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
9007| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
9008| [74725] Apache Wicket Multi Window Support Unspecified XSS
9009| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
9010| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
9011| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
9012| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
9013| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
9014| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
9015| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
9016| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
9017| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
9018| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
9019| [73644] Apache XML Security Signature Key Parsing Overflow DoS
9020| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
9021| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
9022| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
9023| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
9024| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
9025| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
9026| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
9027| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
9028| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
9029| [73154] Apache Archiva Multiple Unspecified CSRF
9030| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
9031| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
9032| [72238] Apache Struts Action / Method Names <
9033| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
9034| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
9035| [71557] Apache Tomcat HTML Manager Multiple XSS
9036| [71075] Apache Archiva User Management Page XSS
9037| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
9038| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
9039| [70924] Apache Continuum Multiple Admin Function CSRF
9040| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
9041| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
9042| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
9043| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
9044| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
9045| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
9046| [69520] Apache Archiva Administrator Credential Manipulation CSRF
9047| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
9048| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
9049| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
9050| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
9051| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
9052| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
9053| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
9054| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
9055| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
9056| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
9057| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
9058| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
9059| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
9060| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
9061| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
9062| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
9063| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
9064| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
9065| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
9066| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
9067| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
9068| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
9069| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
9070| [65054] Apache ActiveMQ Jetty Error Handler XSS
9071| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
9072| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
9073| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
9074| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
9075| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
9076| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
9077| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
9078| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
9079| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
9080| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
9081| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
9082| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
9083| [63895] Apache HTTP Server mod_headers Unspecified Issue
9084| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
9085| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
9086| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
9087| [63140] Apache Thrift Service Malformed Data Remote DoS
9088| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
9089| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
9090| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
9091| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
9092| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
9093| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
9094| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
9095| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
9096| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
9097| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
9098| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
9099| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
9100| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
9101| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
9102| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
9103| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
9104| [60678] Apache Roller Comment Email Notification Manipulation DoS
9105| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
9106| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
9107| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
9108| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
9109| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
9110| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
9111| [60232] PHP on Apache php.exe Direct Request Remote DoS
9112| [60176] Apache Tomcat Windows Installer Admin Default Password
9113| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
9114| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
9115| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
9116| [59944] Apache Hadoop jobhistory.jsp XSS
9117| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
9118| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
9119| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
9120| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
9121| [59019] Apache mod_python Cookie Salting Weakness
9122| [59018] Apache Harmony Error Message Handling Overflow
9123| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
9124| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
9125| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
9126| [59010] Apache Solr get-file.jsp XSS
9127| [59009] Apache Solr action.jsp XSS
9128| [59008] Apache Solr analysis.jsp XSS
9129| [59007] Apache Solr schema.jsp Multiple Parameter XSS
9130| [59006] Apache Beehive select / checkbox Tag XSS
9131| [59005] Apache Beehive jpfScopeID Global Parameter XSS
9132| [59004] Apache Beehive Error Message XSS
9133| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
9134| [59002] Apache Jetspeed default-page.psml URI XSS
9135| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
9136| [59000] Apache CXF Unsigned Message Policy Bypass
9137| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
9138| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
9139| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
9140| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
9141| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
9142| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
9143| [58993] Apache Hadoop browseBlock.jsp XSS
9144| [58991] Apache Hadoop browseDirectory.jsp XSS
9145| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
9146| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
9147| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
9148| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
9149| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
9150| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
9151| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
9152| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
9153| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
9154| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
9155| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
9156| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
9157| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
9158| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
9159| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
9160| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
9161| [58974] Apache Sling /apps Script User Session Management Access Weakness
9162| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
9163| [58931] Apache Geronimo Cookie Parameters Validation Weakness
9164| [58930] Apache Xalan-C++ XPath Handling Remote DoS
9165| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
9166| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
9167| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
9168| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
9169| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
9170| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
9171| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
9172| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
9173| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
9174| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
9175| [58805] Apache Derby Unauthenticated Database / Admin Access
9176| [58804] Apache Wicket Header Contribution Unspecified Issue
9177| [58803] Apache Wicket Session Fixation
9178| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
9179| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
9180| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
9181| [58799] Apache Tapestry Logging Cleartext Password Disclosure
9182| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
9183| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
9184| [58796] Apache Jetspeed Unsalted Password Storage Weakness
9185| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
9186| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
9187| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
9188| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
9189| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
9190| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
9191| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
9192| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
9193| [58775] Apache JSPWiki preview.jsp action Parameter XSS
9194| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
9195| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
9196| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
9197| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
9198| [58770] Apache JSPWiki Group.jsp group Parameter XSS
9199| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
9200| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
9201| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
9202| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
9203| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
9204| [58763] Apache JSPWiki Include Tag Multiple Script XSS
9205| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
9206| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
9207| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
9208| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
9209| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
9210| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
9211| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
9212| [58755] Apache Harmony DRLVM Non-public Class Member Access
9213| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
9214| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
9215| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
9216| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
9217| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
9218| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
9219| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
9220| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
9221| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
9222| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
9223| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
9224| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
9225| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
9226| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
9227| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
9228| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
9229| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
9230| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
9231| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
9232| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
9233| [58725] Apache Tapestry Basic String ACL Bypass Weakness
9234| [58724] Apache Roller Logout Functionality Failure Session Persistence
9235| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
9236| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
9237| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
9238| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
9239| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
9240| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
9241| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
9242| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
9243| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
9244| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
9245| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
9246| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
9247| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
9248| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
9249| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
9250| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
9251| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
9252| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
9253| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
9254| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
9255| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
9256| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
9257| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
9258| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
9259| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
9260| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
9261| [58687] Apache Axis Invalid wsdl Request XSS
9262| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
9263| [58685] Apache Velocity Template Designer Privileged Code Execution
9264| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
9265| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
9266| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
9267| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
9268| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
9269| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
9270| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
9271| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
9272| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
9273| [58667] Apache Roller Database Cleartext Passwords Disclosure
9274| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
9275| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
9276| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
9277| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
9278| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
9279| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
9280| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
9281| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
9282| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
9283| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
9284| [56984] Apache Xerces2 Java Malformed XML Input DoS
9285| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
9286| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
9287| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
9288| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
9289| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
9290| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
9291| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
9292| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
9293| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
9294| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
9295| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
9296| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
9297| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
9298| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
9299| [55056] Apache Tomcat Cross-application TLD File Manipulation
9300| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
9301| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
9302| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
9303| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
9304| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
9305| [54589] Apache Jserv Nonexistent JSP Request XSS
9306| [54122] Apache Struts s:a / s:url Tag href Element XSS
9307| [54093] Apache ActiveMQ Web Console JMS Message XSS
9308| [53932] Apache Geronimo Multiple Admin Function CSRF
9309| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
9310| [53930] Apache Geronimo /console/portal/ URI XSS
9311| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
9312| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
9313| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
9314| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
9315| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
9316| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
9317| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
9318| [53380] Apache Struts Unspecified XSS
9319| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
9320| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
9321| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
9322| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
9323| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
9324| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
9325| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
9326| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
9327| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
9328| [51151] Apache Roller Search Function q Parameter XSS
9329| [50482] PHP with Apache php_value Order Unspecified Issue
9330| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
9331| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
9332| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
9333| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
9334| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
9335| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
9336| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
9337| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
9338| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
9339| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
9340| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
9341| [47096] Oracle Weblogic Apache Connector POST Request Overflow
9342| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
9343| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
9344| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
9345| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
9346| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
9347| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
9348| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
9349| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
9350| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
9351| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
9352| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
9353| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
9354| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
9355| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
9356| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
9357| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
9358| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
9359| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
9360| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
9361| [43452] Apache Tomcat HTTP Request Smuggling
9362| [43309] Apache Geronimo LoginModule Login Method Bypass
9363| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
9364| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
9365| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
9366| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
9367| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
9368| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
9369| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
9370| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
9371| [42091] Apache Maven Site Plugin Installation Permission Weakness
9372| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
9373| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
9374| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
9375| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
9376| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
9377| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
9378| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
9379| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
9380| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
9381| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
9382| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
9383| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
9384| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
9385| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
9386| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
9387| [40262] Apache HTTP Server mod_status refresh XSS
9388| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
9389| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
9390| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
9391| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
9392| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
9393| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
9394| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
9395| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
9396| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
9397| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
9398| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
9399| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
9400| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
9401| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
9402| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
9403| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
9404| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
9405| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
9406| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
9407| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
9408| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
9409| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
9410| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
9411| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
9412| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
9413| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
9414| [36080] Apache Tomcat JSP Examples Crafted URI XSS
9415| [36079] Apache Tomcat Manager Uploaded Filename XSS
9416| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
9417| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
9418| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
9419| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
9420| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
9421| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
9422| [34881] Apache Tomcat Malformed Accept-Language Header XSS
9423| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
9424| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
9425| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
9426| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
9427| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
9428| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
9429| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
9430| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
9431| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
9432| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
9433| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
9434| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
9435| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
9436| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
9437| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
9438| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
9439| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
9440| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
9441| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
9442| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
9443| [32724] Apache mod_python _filter_read Freed Memory Disclosure
9444| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
9445| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
9446| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
9447| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
9448| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
9449| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
9450| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
9451| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
9452| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
9453| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
9454| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
9455| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
9456| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
9457| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
9458| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
9459| [24365] Apache Struts Multiple Function Error Message XSS
9460| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
9461| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
9462| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
9463| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
9464| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
9465| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
9466| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
9467| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
9468| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
9469| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
9470| [22459] Apache Geronimo Error Page XSS
9471| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
9472| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
9473| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
9474| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
9475| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
9476| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
9477| [21021] Apache Struts Error Message XSS
9478| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
9479| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
9480| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
9481| [20439] Apache Tomcat Directory Listing Saturation DoS
9482| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
9483| [20285] Apache HTTP Server Log File Control Character Injection
9484| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
9485| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
9486| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
9487| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
9488| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
9489| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
9490| [19821] Apache Tomcat Malformed Post Request Information Disclosure
9491| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
9492| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
9493| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
9494| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
9495| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
9496| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
9497| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
9498| [18233] Apache HTTP Server htdigest user Variable Overfow
9499| [17738] Apache HTTP Server HTTP Request Smuggling
9500| [16586] Apache HTTP Server Win32 GET Overflow DoS
9501| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
9502| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
9503| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
9504| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
9505| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
9506| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
9507| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
9508| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
9509| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
9510| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
9511| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
9512| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
9513| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
9514| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
9515| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
9516| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
9517| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
9518| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
9519| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
9520| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
9521| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
9522| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
9523| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
9524| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
9525| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
9526| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
9527| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
9528| [13304] Apache Tomcat realPath.jsp Path Disclosure
9529| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
9530| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
9531| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
9532| [12848] Apache HTTP Server htdigest realm Variable Overflow
9533| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
9534| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
9535| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
9536| [12557] Apache HTTP Server prefork MPM accept Error DoS
9537| [12233] Apache Tomcat MS-DOS Device Name Request DoS
9538| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
9539| [12231] Apache Tomcat web.xml Arbitrary File Access
9540| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
9541| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
9542| [12178] Apache Jakarta Lucene results.jsp XSS
9543| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
9544| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
9545| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
9546| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
9547| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
9548| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
9549| [10471] Apache Xerces-C++ XML Parser DoS
9550| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
9551| [10068] Apache HTTP Server htpasswd Local Overflow
9552| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
9553| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
9554| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
9555| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
9556| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
9557| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
9558| [9717] Apache HTTP Server mod_cookies Cookie Overflow
9559| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
9560| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
9561| [9714] Apache Authentication Module Threaded MPM DoS
9562| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
9563| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
9564| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
9565| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
9566| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
9567| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
9568| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
9569| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
9570| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
9571| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
9572| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
9573| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
9574| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
9575| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
9576| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
9577| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
9578| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
9579| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
9580| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
9581| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
9582| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
9583| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
9584| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
9585| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
9586| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
9587| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
9588| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
9589| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
9590| [9208] Apache Tomcat .jsp Encoded Newline XSS
9591| [9204] Apache Tomcat ROOT Application XSS
9592| [9203] Apache Tomcat examples Application XSS
9593| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
9594| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
9595| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
9596| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
9597| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
9598| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
9599| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
9600| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
9601| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
9602| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
9603| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
9604| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
9605| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
9606| [7611] Apache HTTP Server mod_alias Local Overflow
9607| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
9608| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
9609| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
9610| [6882] Apache mod_python Malformed Query String Variant DoS
9611| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
9612| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
9613| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
9614| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
9615| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
9616| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
9617| [5526] Apache Tomcat Long .JSP URI Path Disclosure
9618| [5278] Apache Tomcat web.xml Restriction Bypass
9619| [5051] Apache Tomcat Null Character DoS
9620| [4973] Apache Tomcat servlet Mapping XSS
9621| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
9622| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
9623| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
9624| [4568] mod_survey For Apache ENV Tags SQL Injection
9625| [4553] Apache HTTP Server ApacheBench Overflow DoS
9626| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
9627| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
9628| [4383] Apache HTTP Server Socket Race Condition DoS
9629| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
9630| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
9631| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
9632| [4231] Apache Cocoon Error Page Server Path Disclosure
9633| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
9634| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
9635| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
9636| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
9637| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
9638| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
9639| [3322] mod_php for Apache HTTP Server Process Hijack
9640| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
9641| [2885] Apache mod_python Malformed Query String DoS
9642| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
9643| [2733] Apache HTTP Server mod_rewrite Local Overflow
9644| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
9645| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
9646| [2149] Apache::Gallery Privilege Escalation
9647| [2107] Apache HTTP Server mod_ssl Host: Header XSS
9648| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
9649| [1833] Apache HTTP Server Multiple Slash GET Request DoS
9650| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
9651| [872] Apache Tomcat Multiple Default Accounts
9652| [862] Apache HTTP Server SSI Error Page XSS
9653| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
9654| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
9655| [845] Apache Tomcat MSDOS Device XSS
9656| [844] Apache Tomcat Java Servlet Error Page XSS
9657| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
9658| [838] Apache HTTP Server Chunked Encoding Remote Overflow
9659| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
9660| [775] Apache mod_python Module Importing Privilege Function Execution
9661| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
9662| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
9663| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
9664| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
9665| [637] Apache HTTP Server UserDir Directive Username Enumeration
9666| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
9667| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
9668| [562] Apache HTTP Server mod_info /server-info Information Disclosure
9669| [561] Apache Web Servers mod_status /server-status Information Disclosure
9670| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
9671| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
9672| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
9673| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
9674| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
9675| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
9676| [376] Apache Tomcat contextAdmin Arbitrary File Access
9677| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
9678| [222] Apache HTTP Server test-cgi Arbitrary File Access
9679| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
9680| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
9681|_
9682111/tcp filtered rpcbind
9683443/tcp open ssl/http Apache httpd
9684|_http-server-header: Apache
9685| vulscan: VulDB - https://vuldb.com:
9686| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
9687| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
9688| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
9689| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
9690| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
9691| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
9692| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
9693| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
9694| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
9695| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
9696| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
9697| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
9698| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
9699| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
9700| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
9701| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
9702| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
9703| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
9704| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
9705| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
9706| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
9707| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
9708| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
9709| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
9710| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9711| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
9712| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
9713| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
9714| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
9715| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
9716| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
9717| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
9718| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9719| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9720| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
9721| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9722| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
9723| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
9724| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
9725| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
9726| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9727| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9728| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
9729| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
9730| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
9731| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9732| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9733| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
9734| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
9735| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9736| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9737| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
9738| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
9739| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
9740| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
9741| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
9742| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
9743| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
9744| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
9745| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
9746| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
9747| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9748| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9749| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
9750| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
9751| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9752| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
9753| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
9754| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
9755| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
9756| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
9757| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
9758| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
9759| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
9760| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
9761| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
9762| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
9763| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
9764| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
9765| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
9766| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
9767| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
9768| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
9769| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
9770| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
9771| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
9772| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
9773| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
9774| [136370] Apache Fineract up to 1.2.x sql injection
9775| [136369] Apache Fineract up to 1.2.x sql injection
9776| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
9777| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
9778| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
9779| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
9780| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
9781| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9782| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9783| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9784| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9785| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9786| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9787| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9788| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9789| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9790| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9791| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9792| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9793| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9794| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9795| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9796| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9797| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9798| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9799| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9800| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9801| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9802| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9803| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9804| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9805| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9806| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9807| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9808| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9809| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9810| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9811| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9812| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9813| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9814| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9815| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9816| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9817| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9818| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9819| [130629] Apache Guacamole Cookie Flag weak encryption
9820| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9821| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9822| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9823| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9824| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9825| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9826| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9827| [130123] Apache Airflow up to 1.8.2 information disclosure
9828| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9829| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9830| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9831| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9832| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9833| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9834| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9835| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9836| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9837| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9838| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9839| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9840| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9841| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9842| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9843| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9844| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9845| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9846| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9847| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9848| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9849| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9850| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9851| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9852| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9853| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9854| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9855| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9856| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9857| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9858| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9859| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9860| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9861| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9862| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9863| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9864| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9865| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9866| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9867| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9868| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9869| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9870| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9871| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9872| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9873| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9874| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9875| [127007] Apache Spark Request Code Execution
9876| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9877| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9878| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9879| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9880| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9881| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9882| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9883| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9884| [126346] Apache Tomcat Path privilege escalation
9885| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9886| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9887| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9888| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9889| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9890| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9891| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9892| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9893| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9894| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9895| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9896| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9897| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9898| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9899| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9900| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9901| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9902| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9903| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9904| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9905| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9906| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9907| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9908| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9909| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9910| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9911| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9912| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9913| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9914| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9915| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9916| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9917| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9918| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9919| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9920| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9921| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9922| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9923| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9924| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9925| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9926| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9927| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9928| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9929| [123197] Apache Sentry up to 2.0.0 privilege escalation
9930| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9931| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9932| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9933| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9934| [122800] Apache Spark 1.3.0 REST API weak authentication
9935| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9936| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9937| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9938| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9939| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9940| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9941| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9942| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9943| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9944| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9945| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9946| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9947| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9948| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9949| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9950| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9951| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9952| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9953| [121354] Apache CouchDB HTTP API Code Execution
9954| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9955| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9956| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9957| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9958| [120168] Apache CXF weak authentication
9959| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9960| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9961| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9962| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9963| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9964| [119306] Apache MXNet Network Interface privilege escalation
9965| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9966| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9967| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9968| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9969| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9970| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9971| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9972| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9973| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9974| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9975| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9976| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9977| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9978| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9979| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9980| [117115] Apache Tika up to 1.17 tika-server command injection
9981| [116929] Apache Fineract getReportType Parameter privilege escalation
9982| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9983| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9984| [116926] Apache Fineract REST Parameter privilege escalation
9985| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9986| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9987| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9988| [115883] Apache Hive up to 2.3.2 privilege escalation
9989| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9990| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9991| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9992| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9993| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9994| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9995| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9996| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9997| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9998| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9999| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
10000| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
10001| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
10002| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
10003| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
10004| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
10005| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
10006| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
10007| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
10008| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
10009| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
10010| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
10011| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
10012| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
10013| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
10014| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
10015| [113895] Apache Geode up to 1.3.x Code Execution
10016| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
10017| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
10018| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
10019| [113747] Apache Tomcat Servlets privilege escalation
10020| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
10021| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
10022| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
10023| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
10024| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
10025| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
10026| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
10027| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
10028| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
10029| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
10030| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
10031| [112885] Apache Allura up to 1.8.0 File information disclosure
10032| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
10033| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
10034| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
10035| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
10036| [112625] Apache POI up to 3.16 Loop denial of service
10037| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
10038| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
10039| [112339] Apache NiFi 1.5.0 Header privilege escalation
10040| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
10041| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
10042| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
10043| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
10044| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
10045| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
10046| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
10047| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
10048| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
10049| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
10050| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
10051| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
10052| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
10053| [112114] Oracle 9.1 Apache Log4j privilege escalation
10054| [112113] Oracle 9.1 Apache Log4j privilege escalation
10055| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
10056| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
10057| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
10058| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
10059| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
10060| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
10061| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
10062| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
10063| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
10064| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
10065| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
10066| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
10067| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
10068| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
10069| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
10070| [110701] Apache Fineract Query Parameter sql injection
10071| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
10072| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
10073| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
10074| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
10075| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
10076| [110106] Apache CXF Fediz Spring cross site request forgery
10077| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
10078| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
10079| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
10080| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
10081| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
10082| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
10083| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
10084| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
10085| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
10086| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
10087| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
10088| [108938] Apple macOS up to 10.13.1 apache denial of service
10089| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
10090| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
10091| [108935] Apple macOS up to 10.13.1 apache denial of service
10092| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
10093| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
10094| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
10095| [108931] Apple macOS up to 10.13.1 apache denial of service
10096| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
10097| [108929] Apple macOS up to 10.13.1 apache denial of service
10098| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
10099| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
10100| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
10101| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
10102| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
10103| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
10104| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
10105| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
10106| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
10107| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
10108| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
10109| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
10110| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
10111| [108782] Apache Xerces2 XML Service denial of service
10112| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
10113| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
10114| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
10115| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
10116| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
10117| [108629] Apache OFBiz up to 10.04.01 privilege escalation
10118| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
10119| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
10120| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
10121| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
10122| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
10123| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
10124| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
10125| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
10126| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
10127| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
10128| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
10129| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
10130| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
10131| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
10132| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
10133| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
10134| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
10135| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
10136| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
10137| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
10138| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
10139| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
10140| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
10141| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
10142| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
10143| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
10144| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
10145| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
10146| [107639] Apache NiFi 1.4.0 XML External Entity
10147| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
10148| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
10149| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
10150| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
10151| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
10152| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
10153| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
10154| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
10155| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
10156| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
10157| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
10158| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
10159| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
10160| [107197] Apache Xerces Jelly Parser XML File XML External Entity
10161| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
10162| [107084] Apache Struts up to 2.3.19 cross site scripting
10163| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
10164| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
10165| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
10166| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
10167| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
10168| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
10169| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
10170| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
10171| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
10172| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
10173| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
10174| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
10175| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
10176| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
10177| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
10178| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
10179| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
10180| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
10181| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
10182| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
10183| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
10184| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
10185| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
10186| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
10187| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
10188| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
10189| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
10190| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
10191| [105878] Apache Struts up to 2.3.24.0 privilege escalation
10192| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
10193| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
10194| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
10195| [105643] Apache Pony Mail up to 0.8b weak authentication
10196| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
10197| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
10198| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
10199| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
10200| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
10201| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
10202| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
10203| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
10204| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
10205| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
10206| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
10207| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
10208| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
10209| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
10210| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
10211| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
10212| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
10213| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
10214| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
10215| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
10216| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
10217| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
10218| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
10219| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
10220| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
10221| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
10222| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
10223| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
10224| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
10225| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
10226| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
10227| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
10228| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
10229| [103690] Apache OpenMeetings 1.0.0 sql injection
10230| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
10231| [103688] Apache OpenMeetings 1.0.0 weak encryption
10232| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
10233| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
10234| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
10235| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
10236| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
10237| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
10238| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
10239| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
10240| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
10241| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
10242| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
10243| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
10244| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
10245| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
10246| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
10247| [103352] Apache Solr Node weak authentication
10248| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
10249| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
10250| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
10251| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
10252| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
10253| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
10254| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
10255| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
10256| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
10257| [102536] Apache Ranger up to 0.6 Stored cross site scripting
10258| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
10259| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
10260| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
10261| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
10262| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
10263| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
10264| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
10265| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
10266| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
10267| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
10268| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
10269| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
10270| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
10271| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
10272| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
10273| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
10274| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
10275| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
10276| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
10277| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
10278| [99937] Apache Batik up to 1.8 privilege escalation
10279| [99936] Apache FOP up to 2.1 privilege escalation
10280| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
10281| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
10282| [99930] Apache Traffic Server up to 6.2.0 denial of service
10283| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
10284| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
10285| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
10286| [117569] Apache Hadoop up to 2.7.3 privilege escalation
10287| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
10288| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
10289| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
10290| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
10291| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
10292| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
10293| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
10294| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
10295| [99014] Apache Camel Jackson/JacksonXML privilege escalation
10296| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10297| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
10298| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10299| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
10300| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
10301| [98605] Apple macOS up to 10.12.3 Apache denial of service
10302| [98604] Apple macOS up to 10.12.3 Apache denial of service
10303| [98603] Apple macOS up to 10.12.3 Apache denial of service
10304| [98602] Apple macOS up to 10.12.3 Apache denial of service
10305| [98601] Apple macOS up to 10.12.3 Apache denial of service
10306| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
10307| [98405] Apache Hadoop up to 0.23.10 privilege escalation
10308| [98199] Apache Camel Validation XML External Entity
10309| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
10310| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
10311| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
10312| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
10313| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
10314| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
10315| [97081] Apache Tomcat HTTPS Request denial of service
10316| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
10317| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
10318| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
10319| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
10320| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
10321| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
10322| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
10323| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
10324| [95311] Apache Storm UI Daemon privilege escalation
10325| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
10326| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
10327| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
10328| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
10329| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
10330| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
10331| [94540] Apache Tika 1.9 tika-server File information disclosure
10332| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
10333| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
10334| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
10335| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
10336| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
10337| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
10338| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10339| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10340| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
10341| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
10342| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
10343| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
10344| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
10345| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
10346| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10347| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10348| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
10349| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
10350| [93532] Apache Commons Collections Library Java privilege escalation
10351| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
10352| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
10353| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
10354| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
10355| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
10356| [93098] Apache Commons FileUpload privilege escalation
10357| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
10358| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
10359| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
10360| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
10361| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
10362| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
10363| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
10364| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
10365| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
10366| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
10367| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
10368| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
10369| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
10370| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
10371| [92549] Apache Tomcat on Red Hat privilege escalation
10372| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
10373| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
10374| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
10375| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
10376| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
10377| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
10378| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
10379| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
10380| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
10381| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
10382| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
10383| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
10384| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
10385| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
10386| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
10387| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
10388| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
10389| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
10390| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
10391| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
10392| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
10393| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
10394| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
10395| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
10396| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
10397| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
10398| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
10399| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
10400| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
10401| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
10402| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
10403| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
10404| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
10405| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
10406| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
10407| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
10408| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
10409| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
10410| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
10411| [90263] Apache Archiva Header denial of service
10412| [90262] Apache Archiva Deserialize privilege escalation
10413| [90261] Apache Archiva XML DTD Connection privilege escalation
10414| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
10415| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
10416| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
10417| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
10418| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10419| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10420| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
10421| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
10422| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
10423| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
10424| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
10425| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
10426| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
10427| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
10428| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
10429| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
10430| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
10431| [87765] Apache James Server 2.3.2 Command privilege escalation
10432| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
10433| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
10434| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
10435| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
10436| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
10437| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
10438| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
10439| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
10440| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
10441| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10442| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10443| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
10444| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
10445| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
10446| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10447| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10448| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
10449| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
10450| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
10451| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
10452| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
10453| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
10454| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
10455| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
10456| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
10457| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
10458| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
10459| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
10460| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
10461| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
10462| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
10463| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
10464| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
10465| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
10466| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
10467| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
10468| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
10469| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
10470| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
10471| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
10472| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
10473| [82076] Apache Ranger up to 0.5.1 privilege escalation
10474| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
10475| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
10476| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
10477| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
10478| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
10479| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
10480| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
10481| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
10482| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
10483| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
10484| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
10485| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
10486| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10487| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10488| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
10489| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
10490| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
10491| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
10492| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
10493| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
10494| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
10495| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
10496| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
10497| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
10498| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
10499| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
10500| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
10501| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
10502| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
10503| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
10504| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
10505| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
10506| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
10507| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
10508| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
10509| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
10510| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
10511| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
10512| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
10513| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
10514| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
10515| [79791] Cisco Products Apache Commons Collections Library privilege escalation
10516| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10517| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10518| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
10519| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
10520| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
10521| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
10522| [78989] Apache Ambari up to 2.1.1 Open Redirect
10523| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
10524| [78987] Apache Ambari up to 2.0.x cross site scripting
10525| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
10526| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10527| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10528| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10529| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10530| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10531| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10532| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10533| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
10534| [77406] Apache Flex BlazeDS AMF Message XML External Entity
10535| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
10536| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
10537| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
10538| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
10539| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
10540| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
10541| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
10542| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
10543| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
10544| [76567] Apache Struts 2.3.20 unknown vulnerability
10545| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
10546| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
10547| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
10548| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
10549| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
10550| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
10551| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
10552| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
10553| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
10554| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
10555| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
10556| [74793] Apache Tomcat File Upload denial of service
10557| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
10558| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
10559| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
10560| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
10561| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
10562| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
10563| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
10564| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
10565| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
10566| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
10567| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
10568| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
10569| [74468] Apache Batik up to 1.6 denial of service
10570| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
10571| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
10572| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
10573| [74174] Apache WSS4J up to 2.0.0 privilege escalation
10574| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
10575| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
10576| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
10577| [73731] Apache XML Security unknown vulnerability
10578| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
10579| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
10580| [73593] Apache Traffic Server up to 5.1.0 denial of service
10581| [73511] Apache POI up to 3.10 Deadlock denial of service
10582| [73510] Apache Solr up to 4.3.0 cross site scripting
10583| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
10584| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
10585| [73173] Apache CloudStack Stack-Based unknown vulnerability
10586| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
10587| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
10588| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
10589| [72890] Apache Qpid 0.30 unknown vulnerability
10590| [72887] Apache Hive 0.13.0 File Permission privilege escalation
10591| [72878] Apache Cordova 3.5.0 cross site request forgery
10592| [72877] Apache Cordova 3.5.0 cross site request forgery
10593| [72876] Apache Cordova 3.5.0 cross site request forgery
10594| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
10595| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
10596| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
10597| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
10598| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10599| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10600| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
10601| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
10602| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
10603| [71629] Apache Axis2/C spoofing
10604| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
10605| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
10606| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
10607| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
10608| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
10609| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10610| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10611| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10612| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10613| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10614| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10615| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10616| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10617| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10618| [70809] Apache POI up to 3.11 Crash denial of service
10619| [70808] Apache POI up to 3.10 unknown vulnerability
10620| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10621| [70749] Apache Axis up to 1.4 getCN spoofing
10622| [70701] Apache Traffic Server up to 3.3.5 denial of service
10623| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10624| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10625| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10626| [70661] Apache Subversion up to 1.6.17 denial of service
10627| [70660] Apache Subversion up to 1.6.17 spoofing
10628| [70659] Apache Subversion up to 1.6.17 spoofing
10629| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10630| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10631| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10632| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10633| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10634| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10635| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10636| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10637| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10638| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10639| [69846] Apache HBase up to 0.94.8 information disclosure
10640| [69783] Apache CouchDB up to 1.2.0 memory corruption
10641| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10642| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
10643| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10644| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10645| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10646| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10647| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10648| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10649| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10650| [69431] Apache Archiva up to 1.3.6 cross site scripting
10651| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10652| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10653| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
10654| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10655| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10656| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10657| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10658| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10659| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10660| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10661| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10662| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10663| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10664| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10665| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10666| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10667| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10668| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10669| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10670| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10671| [66356] Apache Wicket up to 6.8.0 information disclosure
10672| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10673| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10674| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10675| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10676| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10677| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10678| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10679| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10680| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10681| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10682| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10683| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10684| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10685| [65668] Apache Solr 4.0.0 Updater denial of service
10686| [65665] Apache Solr up to 4.3.0 denial of service
10687| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10688| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10689| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10690| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10691| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10692| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10693| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10694| [65410] Apache Struts 2.3.15.3 cross site scripting
10695| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10696| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10697| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10698| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10699| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10700| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10701| [65340] Apache Shindig 2.5.0 information disclosure
10702| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10703| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10704| [10826] Apache Struts 2 File privilege escalation
10705| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10706| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10707| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10708| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10709| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
10710| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10711| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10712| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10713| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10714| [64722] Apache XML Security for C++ Heap-based memory corruption
10715| [64719] Apache XML Security for C++ Heap-based memory corruption
10716| [64718] Apache XML Security for C++ verify denial of service
10717| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10718| [64716] Apache XML Security for C++ spoofing
10719| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10720| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10721| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10722| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10723| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10724| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10725| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10726| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10727| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10728| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10729| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10730| [64467] Apache Geronimo 3.0 memory corruption
10731| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10732| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10733| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10734| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10735| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10736| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10737| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10738| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10739| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10740| [8873] Apache Struts 2.3.14 privilege escalation
10741| [8872] Apache Struts 2.3.14 privilege escalation
10742| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10743| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10744| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10745| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10746| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10747| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10748| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10749| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10750| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10751| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10752| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10753| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10754| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10755| [8427] Apache Tomcat Session Transaction weak authentication
10756| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10757| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10758| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10759| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10760| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10761| [63747] Apache Rave up to 0.20 User Account information disclosure
10762| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10763| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10764| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10765| [7687] Apache CXF up to 2.7.2 Token weak authentication
10766| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10767| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10768| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10769| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10770| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10771| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10772| [63090] Apache Tomcat up to 4.1.24 denial of service
10773| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10774| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10775| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10776| [62833] Apache CXF -/2.6.0 spoofing
10777| [62832] Apache Axis2 up to 1.6.2 spoofing
10778| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10779| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10780| [62826] Apache Libcloud up to 0.11.0 spoofing
10781| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10782| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10783| [62661] Apache Axis2 unknown vulnerability
10784| [62658] Apache Axis2 unknown vulnerability
10785| [62467] Apache Qpid up to 0.17 denial of service
10786| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10787| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10788| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10789| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10790| [62035] Apache Struts up to 2.3.4 denial of service
10791| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
10792| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10793| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10794| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10795| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10796| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10797| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10798| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10799| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10800| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10801| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10802| [61229] Apache Sling up to 2.1.1 denial of service
10803| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10804| [61094] Apache Roller up to 5.0 cross site scripting
10805| [61093] Apache Roller up to 5.0 cross site request forgery
10806| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10807| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10808| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
10809| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10810| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10811| [60708] Apache Qpid 0.12 unknown vulnerability
10812| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10813| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10814| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10815| [4882] Apache Wicket up to 1.5.4 directory traversal
10816| [4881] Apache Wicket up to 1.4.19 cross site scripting
10817| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10818| [60352] Apache Struts up to 2.2.3 memory corruption
10819| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10820| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10821| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10822| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10823| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10824| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10825| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10826| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10827| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10828| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10829| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10830| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10831| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10832| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10833| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10834| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10835| [59888] Apache Tomcat up to 6.0.6 denial of service
10836| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10837| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10838| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
10839| [59850] Apache Geronimo up to 2.2.1 denial of service
10840| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10841| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10842| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10843| [58413] Apache Tomcat up to 6.0.10 spoofing
10844| [58381] Apache Wicket up to 1.4.17 cross site scripting
10845| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10846| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10847| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10848| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10849| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10850| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10851| [57568] Apache Archiva up to 1.3.4 cross site scripting
10852| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10853| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10854| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10855| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10856| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10857| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10858| [57025] Apache Tomcat up to 7.0.11 information disclosure
10859| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10860| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10861| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10862| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10863| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10864| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10865| [56512] Apache Continuum up to 1.4.0 cross site scripting
10866| [4285] Apache Tomcat 5.x JVM getLocale denial of service
10867| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
10868| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10869| [56441] Apache Tomcat up to 7.0.6 denial of service
10870| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10871| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10872| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10873| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10874| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10875| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10876| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10877| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10878| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10879| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10880| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10881| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10882| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10883| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10884| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10885| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10886| [54012] Apache Tomcat up to 6.0.10 denial of service
10887| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10888| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10889| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10890| [52894] Apache Tomcat up to 6.0.7 information disclosure
10891| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10892| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10893| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10894| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10895| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10896| [52584] Apache CouchDB up to 0.10.1 information disclosure
10897| [51757] Apache HTTP Server 2.0.44 cross site scripting
10898| [51756] Apache HTTP Server 2.0.44 spoofing
10899| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10900| [51690] Apache Tomcat up to 6.0 directory traversal
10901| [51689] Apache Tomcat up to 6.0 information disclosure
10902| [51688] Apache Tomcat up to 6.0 directory traversal
10903| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10904| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10905| [50626] Apache Solr 1.0.0 cross site scripting
10906| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10907| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10908| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10909| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10910| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10911| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10912| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10913| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10914| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10915| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10916| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10917| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10918| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10919| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10920| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10921| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10922| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10923| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10924| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10925| [47214] Apachefriends xampp 1.6.8 spoofing
10926| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10927| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10928| [47065] Apache Tomcat 4.1.23 cross site scripting
10929| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10930| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10931| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10932| [86625] Apache Struts directory traversal
10933| [44461] Apache Tomcat up to 5.5.0 information disclosure
10934| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10935| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10936| [43663] Apache Tomcat up to 6.0.16 directory traversal
10937| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10938| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10939| [43516] Apache Tomcat up to 4.1.20 directory traversal
10940| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10941| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10942| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10943| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10944| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10945| [40924] Apache Tomcat up to 6.0.15 information disclosure
10946| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10947| [40922] Apache Tomcat up to 6.0 information disclosure
10948| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10949| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10950| [40656] Apache Tomcat 5.5.20 information disclosure
10951| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10952| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10953| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10954| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10955| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10956| [40234] Apache Tomcat up to 6.0.15 directory traversal
10957| [40221] Apache HTTP Server 2.2.6 information disclosure
10958| [40027] David Castro Apache Authcas 0.4 sql injection
10959| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
10960| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10961| [3414] Apache Tomcat WebDAV Stored privilege escalation
10962| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10963| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10964| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10965| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10966| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10967| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10968| [38524] Apache Geronimo 2.0 unknown vulnerability
10969| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10970| [38331] Apache Tomcat 4.1.24 information disclosure
10971| [38330] Apache Tomcat 4.1.24 information disclosure
10972| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10973| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10974| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10975| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10976| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10977| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10978| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10979| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10980| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10981| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10982| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10983| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10984| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10985| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10986| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10987| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10988| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10989| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10990| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10991| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10992| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10993| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10994| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10995| [34252] Apache HTTP Server denial of service
10996| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10997| [33877] Apache Opentaps 0.9.3 cross site scripting
10998| [33876] Apache Open For Business Project unknown vulnerability
10999| [33875] Apache Open For Business Project cross site scripting
11000| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
11001| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
11002|
11003| MITRE CVE - https://cve.mitre.org:
11004| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
11005| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
11006| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
11007| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
11008| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
11009| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
11010| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
11011| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
11012| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
11013| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
11014| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
11015| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
11016| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
11017| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
11018| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
11019| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
11020| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
11021| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
11022| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
11023| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
11024| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
11025| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
11026| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
11027| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
11028| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
11029| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
11030| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
11031| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
11032| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
11033| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
11034| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11035| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
11036| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
11037| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
11038| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
11039| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
11040| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
11041| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
11042| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
11043| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
11044| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
11045| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11046| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11047| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11048| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11049| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
11050| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
11051| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
11052| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
11053| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
11054| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
11055| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
11056| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
11057| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
11058| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
11059| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
11060| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
11061| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
11062| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
11063| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
11064| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
11065| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
11066| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
11067| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
11068| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11069| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
11070| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
11071| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
11072| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
11073| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
11074| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
11075| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
11076| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
11077| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
11078| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
11079| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
11080| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
11081| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
11082| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
11083| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
11084| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
11085| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
11086| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
11087| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
11088| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
11089| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
11090| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
11091| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
11092| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
11093| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
11094| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
11095| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
11096| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
11097| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
11098| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
11099| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
11100| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
11101| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
11102| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
11103| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
11104| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
11105| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
11106| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
11107| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
11108| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
11109| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
11110| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
11111| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
11112| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
11113| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
11114| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
11115| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
11116| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
11117| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
11118| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
11119| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
11120| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
11121| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
11122| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
11123| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
11124| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
11125| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
11126| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
11127| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
11128| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
11129| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
11130| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
11131| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
11132| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
11133| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
11134| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
11135| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
11136| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
11137| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
11138| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
11139| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
11140| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
11141| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
11142| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
11143| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
11144| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
11145| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
11146| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
11147| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
11148| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
11149| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
11150| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
11151| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
11152| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
11153| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
11154| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
11155| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
11156| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
11157| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
11158| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
11159| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
11160| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
11161| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
11162| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
11163| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
11164| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
11165| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
11166| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
11167| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11168| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
11169| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
11170| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
11171| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
11172| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
11173| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
11174| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
11175| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
11176| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
11177| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
11178| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
11179| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
11180| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
11181| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
11182| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
11183| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11184| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
11185| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
11186| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
11187| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
11188| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
11189| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
11190| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
11191| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
11192| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
11193| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
11194| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
11195| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
11196| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
11197| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
11198| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
11199| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
11200| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
11201| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
11202| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
11203| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
11204| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
11205| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
11206| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
11207| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
11208| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
11209| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
11210| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
11211| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
11212| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
11213| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
11214| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
11215| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
11216| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
11217| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
11218| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
11219| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
11220| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
11221| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
11222| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
11223| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
11224| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11225| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
11226| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
11227| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
11228| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
11229| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
11230| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
11231| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
11232| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
11233| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
11234| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
11235| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
11236| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
11237| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
11238| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
11239| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
11240| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
11241| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
11242| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
11243| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
11244| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
11245| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
11246| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
11247| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
11248| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
11249| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
11250| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
11251| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
11252| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
11253| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
11254| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
11255| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
11256| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
11257| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
11258| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
11259| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
11260| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
11261| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
11262| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
11263| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
11264| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
11265| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
11266| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
11267| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
11268| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
11269| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
11270| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
11271| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
11272| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
11273| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11274| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
11275| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
11276| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
11277| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
11278| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
11279| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
11280| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
11281| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
11282| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
11283| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
11284| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
11285| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
11286| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
11287| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
11288| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
11289| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
11290| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
11291| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
11292| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
11293| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
11294| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
11295| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
11296| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
11297| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11298| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11299| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
11300| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
11301| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
11302| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
11303| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
11304| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
11305| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
11306| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
11307| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
11308| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
11309| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11310| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11311| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
11312| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
11313| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
11314| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11315| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
11316| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
11317| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
11318| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
11319| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
11320| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
11321| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
11322| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
11323| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11324| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
11325| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
11326| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
11327| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
11328| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
11329| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
11330| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
11331| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
11332| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
11333| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
11334| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
11335| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
11336| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
11337| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
11338| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
11339| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
11340| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
11341| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
11342| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
11343| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
11344| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
11345| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
11346| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
11347| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
11348| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
11349| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
11350| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
11351| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11352| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11353| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
11354| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
11355| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
11356| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11357| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
11358| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
11359| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
11360| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
11361| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
11362| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
11363| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
11364| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
11365| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
11366| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
11367| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
11368| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
11369| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
11370| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11371| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11372| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
11373| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
11374| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
11375| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
11376| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
11377| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
11378| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
11379| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11380| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
11381| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11382| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
11383| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
11384| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
11385| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11386| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
11387| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11388| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
11389| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
11390| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11391| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
11392| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
11393| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
11394| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
11395| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
11396| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
11397| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
11398| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
11399| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11400| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
11401| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
11402| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
11403| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
11404| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
11405| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
11406| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
11407| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
11408| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
11409| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
11410| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
11411| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
11412| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
11413| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
11414| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
11415| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
11416| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
11417| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
11418| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
11419| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
11420| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
11421| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11422| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11423| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
11424| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
11425| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
11426| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
11427| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
11428| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
11429| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
11430| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
11431| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
11432| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
11433| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
11434| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
11435| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
11436| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
11437| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
11438| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
11439| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
11440| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
11441| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
11442| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
11443| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
11444| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
11445| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
11446| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11447| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11448| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11449| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
11450| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
11451| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
11452| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
11453| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
11454| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
11455| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
11456| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
11457| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
11458| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
11459| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
11460| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
11461| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
11462| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
11463| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
11464| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11465| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11466| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
11467| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
11468| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
11469| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
11470| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
11471| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
11472| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
11473| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
11474| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
11475| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
11476| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
11477| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
11478| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
11479| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
11480| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
11481| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
11482| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
11483| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
11484| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
11485| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
11486| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
11487| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
11488| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
11489| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
11490| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
11491| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11492| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11493| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
11494| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
11495| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
11496| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
11497| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
11498| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
11499| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
11500| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
11501| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
11502| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
11503| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
11504| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
11505| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
11506| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
11507| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
11508| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
11509| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
11510| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
11511| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
11512| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
11513| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
11514| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
11515| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
11516| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
11517| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
11518| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
11519| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
11520| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
11521| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
11522| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
11523| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
11524| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
11525| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
11526| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
11527| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
11528| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
11529| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
11530| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
11531| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
11532| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
11533| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
11534| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
11535| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
11536| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
11537| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
11538| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11539| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
11540| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
11541| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
11542| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
11543| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
11544| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
11545| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
11546| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
11547| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
11548| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
11549| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
11550| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
11551| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
11552| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
11553| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
11554| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
11555| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
11556| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
11557| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
11558| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
11559| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
11560| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
11561| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
11562| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
11563| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
11564| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
11565| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
11566| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
11567| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
11568| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
11569| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
11570| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
11571| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
11572| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
11573| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
11574| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
11575| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
11576| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
11577| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
11578| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
11579| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
11580| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
11581| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
11582| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
11583| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
11584| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
11585| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
11586| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
11587| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
11588| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
11589| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
11590| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
11591| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
11592| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
11593| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
11594| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
11595| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
11596| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
11597| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
11598| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
11599| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
11600| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11601| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
11602| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11603| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11604| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11605| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11606| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11607| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11608| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11609| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11610| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11611| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11612| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11613|
11614| SecurityFocus - https://www.securityfocus.com/bid/:
11615| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11616| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11617| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11618| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11619| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11620| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11621| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11622| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11623| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11624| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11625| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11626| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11627| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11628| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11629| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11630| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11631| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11632| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11633| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11634| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11635| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11636| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11637| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11638| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11639| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11640| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11641| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11642| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11643| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11644| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11645| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11646| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11647| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11648| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11649| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11650| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11651| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11652| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11653| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11654| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11655| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11656| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11657| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11658| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11659| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11660| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11661| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11662| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11663| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11664| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11665| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11666| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11667| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11668| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11669| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11670| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11671| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11672| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11673| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11674| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
11675| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11676| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11677| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11678| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11679| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11680| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11681| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11682| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11683| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11684| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11685| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11686| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11687| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11688| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11689| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11690| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11691| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11692| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11693| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11694| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11695| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11696| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11697| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11698| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
11699| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11700| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11701| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11702| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11703| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11704| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11705| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11706| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11707| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11708| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11709| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11710| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11711| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11712| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11713| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11714| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11715| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11716| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11717| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11718| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11719| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11720| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11721| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11722| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11723| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11724| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11725| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11726| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11727| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11728| [100447] Apache2Triad Multiple Security Vulnerabilities
11729| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11730| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11731| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11732| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11733| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11734| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11735| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11736| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11737| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11738| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11739| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11740| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11741| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11742| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11743| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11744| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11745| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11746| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11747| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11748| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11749| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11750| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11751| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11752| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11753| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11754| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11755| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11756| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11757| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11758| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11759| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11760| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11761| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11762| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11763| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11764| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11765| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11766| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11767| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11768| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11769| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11770| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11771| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11772| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11773| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11774| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11775| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11776| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11777| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11778| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11779| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11780| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11781| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11782| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11783| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11784| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11785| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11786| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11787| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11788| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11789| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11790| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11791| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11792| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11793| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11794| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11795| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11796| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11797| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11798| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11799| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11800| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11801| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11802| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11803| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11804| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11805| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11806| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11807| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11808| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11809| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11810| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11811| [95675] Apache Struts Remote Code Execution Vulnerability
11812| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11813| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11814| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11815| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11816| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11817| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11818| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11819| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11820| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11821| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11822| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11823| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11824| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11825| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11826| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11827| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11828| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11829| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11830| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11831| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11832| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11833| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11834| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11835| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11836| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11837| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11838| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11839| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11840| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11841| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11842| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11843| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11844| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11845| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11846| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11847| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11848| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11849| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11850| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11851| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11852| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11853| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11854| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11855| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11856| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11857| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11858| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11859| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11860| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11861| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11862| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11863| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11864| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11865| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11866| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11867| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11868| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11869| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11870| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11871| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11872| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11873| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11874| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11875| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11876| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11877| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11878| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11879| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11880| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11881| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11882| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11883| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11884| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11885| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11886| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11887| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11888| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11889| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11890| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11891| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11892| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11893| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11894| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11895| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11896| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11897| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11898| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11899| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11900| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11901| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11902| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11903| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11904| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11905| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11906| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11907| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11908| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11909| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11910| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11911| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11912| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11913| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11914| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11915| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11916| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11917| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11918| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11919| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11920| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11921| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11922| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11923| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11924| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11925| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11926| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11927| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11928| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11929| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11930| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11931| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11932| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11933| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11934| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11935| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11936| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11937| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11938| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11939| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11940| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11941| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11942| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11943| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11944| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11945| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11946| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11947| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11948| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11949| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11950| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11951| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11952| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11953| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11954| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11955| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11956| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11957| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11958| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11959| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11960| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11961| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11962| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11963| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11964| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11965| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11966| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11967| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11968| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11969| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11970| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11971| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11972| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11973| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11974| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11975| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11976| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11977| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11978| [76933] Apache James Server Unspecified Command Execution Vulnerability
11979| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11980| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11981| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11982| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11983| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11984| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11985| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11986| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11987| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11988| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11989| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11990| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11991| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11992| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11993| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11994| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11995| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11996| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11997| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11998| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11999| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
12000| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
12001| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
12002| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
12003| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
12004| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
12005| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
12006| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
12007| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
12008| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
12009| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
12010| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
12011| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
12012| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
12013| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
12014| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
12015| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
12016| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
12017| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
12018| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
12019| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
12020| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
12021| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
12022| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
12023| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
12024| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
12025| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
12026| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
12027| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
12028| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
12029| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
12030| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
12031| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
12032| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
12033| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
12034| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
12035| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
12036| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
12037| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
12038| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
12039| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
12040| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
12041| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
12042| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
12043| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
12044| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
12045| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
12046| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
12047| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
12048| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
12049| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
12050| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
12051| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
12052| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
12053| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
12054| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
12055| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
12056| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
12057| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
12058| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
12059| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
12060| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
12061| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
12062| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
12063| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
12064| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
12065| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
12066| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
12067| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
12068| [68229] Apache Harmony PRNG Entropy Weakness
12069| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
12070| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
12071| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
12072| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
12073| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
12074| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
12075| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
12076| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
12077| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
12078| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
12079| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
12080| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
12081| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
12082| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
12083| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
12084| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
12085| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
12086| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
12087| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
12088| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
12089| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
12090| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
12091| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
12092| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
12093| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
12094| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
12095| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
12096| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
12097| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
12098| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
12099| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
12100| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
12101| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
12102| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
12103| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
12104| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
12105| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
12106| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
12107| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
12108| [64780] Apache CloudStack Unauthorized Access Vulnerability
12109| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
12110| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
12111| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
12112| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
12113| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
12114| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
12115| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
12116| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
12117| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
12118| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
12119| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
12120| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12121| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
12122| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
12123| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
12124| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
12125| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
12126| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
12127| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
12128| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
12129| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
12130| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
12131| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
12132| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
12133| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
12134| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
12135| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
12136| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
12137| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
12138| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
12139| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
12140| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
12141| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
12142| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
12143| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
12144| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
12145| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
12146| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
12147| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
12148| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
12149| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
12150| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
12151| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
12152| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
12153| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
12154| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
12155| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
12156| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
12157| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
12158| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
12159| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
12160| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
12161| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
12162| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
12163| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
12164| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
12165| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
12166| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
12167| [59670] Apache VCL Multiple Input Validation Vulnerabilities
12168| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
12169| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
12170| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
12171| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
12172| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
12173| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
12174| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
12175| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
12176| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
12177| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
12178| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
12179| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
12180| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
12181| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
12182| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
12183| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
12184| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
12185| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
12186| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
12187| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
12188| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
12189| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
12190| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
12191| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
12192| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
12193| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
12194| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
12195| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
12196| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
12197| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
12198| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
12199| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
12200| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
12201| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
12202| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
12203| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
12204| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
12205| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
12206| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
12207| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
12208| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
12209| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
12210| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
12211| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
12212| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
12213| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
12214| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
12215| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
12216| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
12217| [54798] Apache Libcloud Man In The Middle Vulnerability
12218| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
12219| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
12220| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
12221| [54189] Apache Roller Cross Site Request Forgery Vulnerability
12222| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
12223| [53880] Apache CXF Child Policies Security Bypass Vulnerability
12224| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
12225| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
12226| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
12227| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
12228| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
12229| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
12230| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
12231| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12232| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
12233| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
12234| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
12235| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
12236| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
12237| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
12238| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
12239| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
12240| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
12241| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
12242| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
12243| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
12244| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12245| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12246| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
12247| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
12248| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
12249| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
12250| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
12251| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
12252| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
12253| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12254| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
12255| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
12256| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
12257| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
12258| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12259| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12260| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
12261| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
12262| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12263| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
12264| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
12265| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
12266| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
12267| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
12268| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
12269| [49290] Apache Wicket Cross Site Scripting Vulnerability
12270| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
12271| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
12272| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
12273| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
12274| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
12275| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
12276| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
12277| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12278| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
12279| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
12280| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
12281| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
12282| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
12283| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
12284| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
12285| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
12286| [46953] Apache MPM-ITK Module Security Weakness
12287| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
12288| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
12289| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
12290| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
12291| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
12292| [46166] Apache Tomcat JVM Denial of Service Vulnerability
12293| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
12294| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12295| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
12296| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
12297| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
12298| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
12299| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
12300| [44616] Apache Shiro Directory Traversal Vulnerability
12301| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
12302| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
12303| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
12304| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
12305| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
12306| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12307| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
12308| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
12309| [42492] Apache CXF XML DTD Processing Security Vulnerability
12310| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
12311| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12312| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12313| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
12314| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
12315| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12316| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
12317| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
12318| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
12319| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12320| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12321| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
12322| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
12323| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12324| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
12325| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
12326| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
12327| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
12328| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
12329| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
12330| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
12331| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
12332| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
12333| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
12334| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
12335| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
12336| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
12337| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
12338| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
12339| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
12340| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12341| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
12342| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
12343| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
12344| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
12345| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12346| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
12347| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
12348| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
12349| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
12350| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
12351| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12352| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12353| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
12354| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
12355| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
12356| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
12357| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
12358| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
12359| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12360| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
12361| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
12362| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12363| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
12364| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
12365| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
12366| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
12367| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
12368| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
12369| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
12370| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12371| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
12372| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
12373| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
12374| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
12375| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
12376| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
12377| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
12378| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
12379| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
12380| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12381| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
12382| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12383| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
12384| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
12385| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
12386| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
12387| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
12388| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12389| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
12390| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
12391| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
12392| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
12393| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
12394| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
12395| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
12396| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
12397| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
12398| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
12399| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
12400| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
12401| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
12402| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
12403| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
12404| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
12405| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
12406| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
12407| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
12408| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
12409| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
12410| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
12411| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
12412| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12413| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
12414| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
12415| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
12416| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
12417| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
12418| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
12419| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
12420| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
12421| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
12422| [20527] Apache Mod_TCL Remote Format String Vulnerability
12423| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
12424| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
12425| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
12426| [19106] Apache Tomcat Information Disclosure Vulnerability
12427| [18138] Apache James SMTP Denial Of Service Vulnerability
12428| [17342] Apache Struts Multiple Remote Vulnerabilities
12429| [17095] Apache Log4Net Denial Of Service Vulnerability
12430| [16916] Apache mod_python FileSession Code Execution Vulnerability
12431| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
12432| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
12433| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
12434| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
12435| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
12436| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
12437| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
12438| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
12439| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
12440| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
12441| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
12442| [15177] PHP Apache 2 Local Denial of Service Vulnerability
12443| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
12444| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
12445| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
12446| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
12447| [14106] Apache HTTP Request Smuggling Vulnerability
12448| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
12449| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
12450| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
12451| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
12452| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
12453| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
12454| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
12455| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
12456| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
12457| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
12458| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
12459| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
12460| [11471] Apache mod_include Local Buffer Overflow Vulnerability
12461| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
12462| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
12463| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
12464| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
12465| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12466| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
12467| [11094] Apache mod_ssl Denial Of Service Vulnerability
12468| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
12469| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
12470| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
12471| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
12472| [10478] ClueCentral Apache Suexec Patch Security Weakness
12473| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
12474| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
12475| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
12476| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
12477| [9921] Apache Connection Blocking Denial Of Service Vulnerability
12478| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
12479| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
12480| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
12481| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
12482| [9733] Apache Cygwin Directory Traversal Vulnerability
12483| [9599] Apache mod_php Global Variables Information Disclosure Weakness
12484| [9590] Apache-SSL Client Certificate Forging Vulnerability
12485| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
12486| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
12487| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
12488| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
12489| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
12490| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
12491| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
12492| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
12493| [8898] Red Hat Apache Directory Index Default Configuration Error
12494| [8883] Apache Cocoon Directory Traversal Vulnerability
12495| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
12496| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
12497| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
12498| [8707] Apache htpasswd Password Entropy Weakness
12499| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
12500| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
12501| [8226] Apache HTTP Server Multiple Vulnerabilities
12502| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
12503| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
12504| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
12505| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
12506| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
12507| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
12508| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
12509| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
12510| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
12511| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
12512| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
12513| [7255] Apache Web Server File Descriptor Leakage Vulnerability
12514| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12515| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
12516| [6939] Apache Web Server ETag Header Information Disclosure Weakness
12517| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
12518| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
12519| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
12520| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
12521| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
12522| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
12523| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
12524| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
12525| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
12526| [6117] Apache mod_php File Descriptor Leakage Vulnerability
12527| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
12528| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
12529| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
12530| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
12531| [5992] Apache HTDigest Insecure Temporary File Vulnerability
12532| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
12533| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
12534| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
12535| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
12536| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
12537| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12538| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
12539| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
12540| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
12541| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
12542| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12543| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
12544| [5485] Apache 2.0 Path Disclosure Vulnerability
12545| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12546| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
12547| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
12548| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
12549| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
12550| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
12551| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
12552| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
12553| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
12554| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
12555| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
12556| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
12557| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
12558| [4437] Apache Error Message Cross-Site Scripting Vulnerability
12559| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
12560| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
12561| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
12562| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
12563| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
12564| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
12565| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
12566| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
12567| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
12568| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
12569| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
12570| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
12571| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
12572| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
12573| [3596] Apache Split-Logfile File Append Vulnerability
12574| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
12575| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
12576| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
12577| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
12578| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
12579| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
12580| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
12581| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
12582| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
12583| [3169] Apache Server Address Disclosure Vulnerability
12584| [3009] Apache Possible Directory Index Disclosure Vulnerability
12585| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
12586| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
12587| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
12588| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
12589| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
12590| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
12591| [2216] Apache Web Server DoS Vulnerability
12592| [2182] Apache /tmp File Race Vulnerability
12593| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
12594| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
12595| [1821] Apache mod_cookies Buffer Overflow Vulnerability
12596| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
12597| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
12598| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
12599| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
12600| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
12601| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12602| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12603| [1457] Apache::ASP source.asp Example Script Vulnerability
12604| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12605| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12606|
12607| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12608| [86258] Apache CloudStack text fields cross-site scripting
12609| [85983] Apache Subversion mod_dav_svn module denial of service
12610| [85875] Apache OFBiz UEL code execution
12611| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12612| [85871] Apache HTTP Server mod_session_dbd unspecified
12613| [85756] Apache Struts OGNL expression command execution
12614| [85755] Apache Struts DefaultActionMapper class open redirect
12615| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12616| [85574] Apache HTTP Server mod_dav denial of service
12617| [85573] Apache Struts Showcase App OGNL code execution
12618| [85496] Apache CXF denial of service
12619| [85423] Apache Geronimo RMI classloader code execution
12620| [85326] Apache Santuario XML Security for C++ buffer overflow
12621| [85323] Apache Santuario XML Security for Java spoofing
12622| [85319] Apache Qpid Python client SSL spoofing
12623| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12624| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12625| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12626| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12627| [84952] Apache Tomcat CVE-2012-3544 denial of service
12628| [84763] Apache Struts CVE-2013-2135 security bypass
12629| [84762] Apache Struts CVE-2013-2134 security bypass
12630| [84719] Apache Subversion CVE-2013-2088 command execution
12631| [84718] Apache Subversion CVE-2013-2112 denial of service
12632| [84717] Apache Subversion CVE-2013-1968 denial of service
12633| [84577] Apache Tomcat security bypass
12634| [84576] Apache Tomcat symlink
12635| [84543] Apache Struts CVE-2013-2115 security bypass
12636| [84542] Apache Struts CVE-2013-1966 security bypass
12637| [84154] Apache Tomcat session hijacking
12638| [84144] Apache Tomcat denial of service
12639| [84143] Apache Tomcat information disclosure
12640| [84111] Apache HTTP Server command execution
12641| [84043] Apache Virtual Computing Lab cross-site scripting
12642| [84042] Apache Virtual Computing Lab cross-site scripting
12643| [83782] Apache CloudStack information disclosure
12644| [83781] Apache CloudStack security bypass
12645| [83720] Apache ActiveMQ cross-site scripting
12646| [83719] Apache ActiveMQ denial of service
12647| [83718] Apache ActiveMQ denial of service
12648| [83263] Apache Subversion denial of service
12649| [83262] Apache Subversion denial of service
12650| [83261] Apache Subversion denial of service
12651| [83259] Apache Subversion denial of service
12652| [83035] Apache mod_ruid2 security bypass
12653| [82852] Apache Qpid federation_tag security bypass
12654| [82851] Apache Qpid qpid::framing::Buffer denial of service
12655| [82758] Apache Rave User RPC API information disclosure
12656| [82663] Apache Subversion svn_fs_file_length() denial of service
12657| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12658| [82641] Apache Qpid AMQP denial of service
12659| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
12660| [82618] Apache Commons FileUpload symlink
12661| [82360] Apache HTTP Server manager interface cross-site scripting
12662| [82359] Apache HTTP Server hostnames cross-site scripting
12663| [82338] Apache Tomcat log/logdir information disclosure
12664| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12665| [82268] Apache OpenJPA deserialization command execution
12666| [81981] Apache CXF UsernameTokens security bypass
12667| [81980] Apache CXF WS-Security security bypass
12668| [81398] Apache OFBiz cross-site scripting
12669| [81240] Apache CouchDB directory traversal
12670| [81226] Apache CouchDB JSONP code execution
12671| [81225] Apache CouchDB Futon user interface cross-site scripting
12672| [81211] Apache Axis2/C SSL spoofing
12673| [81167] Apache CloudStack DeployVM information disclosure
12674| [81166] Apache CloudStack AddHost API information disclosure
12675| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12676| [80518] Apache Tomcat cross-site request forgery security bypass
12677| [80517] Apache Tomcat FormAuthenticator security bypass
12678| [80516] Apache Tomcat NIO denial of service
12679| [80408] Apache Tomcat replay-countermeasure security bypass
12680| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12681| [80317] Apache Tomcat slowloris denial of service
12682| [79984] Apache Commons HttpClient SSL spoofing
12683| [79983] Apache CXF SSL spoofing
12684| [79830] Apache Axis2/Java SSL spoofing
12685| [79829] Apache Axis SSL spoofing
12686| [79809] Apache Tomcat DIGEST security bypass
12687| [79806] Apache Tomcat parseHeaders() denial of service
12688| [79540] Apache OFBiz unspecified
12689| [79487] Apache Axis2 SAML security bypass
12690| [79212] Apache Cloudstack code execution
12691| [78734] Apache CXF SOAP Action security bypass
12692| [78730] Apache Qpid broker denial of service
12693| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12694| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12695| [78562] Apache mod_pagespeed module security bypass
12696| [78454] Apache Axis2 security bypass
12697| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12698| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12699| [78321] Apache Wicket unspecified cross-site scripting
12700| [78183] Apache Struts parameters denial of service
12701| [78182] Apache Struts cross-site request forgery
12702| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12703| [77987] mod_rpaf module for Apache denial of service
12704| [77958] Apache Struts skill name code execution
12705| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12706| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12707| [77568] Apache Qpid broker security bypass
12708| [77421] Apache Libcloud spoofing
12709| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12710| [77046] Oracle Solaris Apache HTTP Server information disclosure
12711| [76837] Apache Hadoop information disclosure
12712| [76802] Apache Sling CopyFrom denial of service
12713| [76692] Apache Hadoop symlink
12714| [76535] Apache Roller console cross-site request forgery
12715| [76534] Apache Roller weblog cross-site scripting
12716| [76152] Apache CXF elements security bypass
12717| [76151] Apache CXF child policies security bypass
12718| [75983] MapServer for Windows Apache file include
12719| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12720| [75558] Apache POI denial of service
12721| [75545] PHP apache_request_headers() buffer overflow
12722| [75302] Apache Qpid SASL security bypass
12723| [75211] Debian GNU/Linux apache 2 cross-site scripting
12724| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12725| [74871] Apache OFBiz FlexibleStringExpander code execution
12726| [74870] Apache OFBiz multiple cross-site scripting
12727| [74750] Apache Hadoop unspecified spoofing
12728| [74319] Apache Struts XSLTResult.java file upload
12729| [74313] Apache Traffic Server header buffer overflow
12730| [74276] Apache Wicket directory traversal
12731| [74273] Apache Wicket unspecified cross-site scripting
12732| [74181] Apache HTTP Server mod_fcgid module denial of service
12733| [73690] Apache Struts OGNL code execution
12734| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12735| [73100] Apache MyFaces in directory traversal
12736| [73096] Apache APR hash denial of service
12737| [73052] Apache Struts name cross-site scripting
12738| [73030] Apache CXF UsernameToken security bypass
12739| [72888] Apache Struts lastName cross-site scripting
12740| [72758] Apache HTTP Server httpOnly information disclosure
12741| [72757] Apache HTTP Server MPM denial of service
12742| [72585] Apache Struts ParameterInterceptor security bypass
12743| [72438] Apache Tomcat Digest security bypass
12744| [72437] Apache Tomcat Digest security bypass
12745| [72436] Apache Tomcat DIGEST security bypass
12746| [72425] Apache Tomcat parameter denial of service
12747| [72422] Apache Tomcat request object information disclosure
12748| [72377] Apache HTTP Server scoreboard security bypass
12749| [72345] Apache HTTP Server HTTP request denial of service
12750| [72229] Apache Struts ExceptionDelegator command execution
12751| [72089] Apache Struts ParameterInterceptor directory traversal
12752| [72088] Apache Struts CookieInterceptor command execution
12753| [72047] Apache Geronimo hash denial of service
12754| [72016] Apache Tomcat hash denial of service
12755| [71711] Apache Struts OGNL expression code execution
12756| [71654] Apache Struts interfaces security bypass
12757| [71620] Apache ActiveMQ failover denial of service
12758| [71617] Apache HTTP Server mod_proxy module information disclosure
12759| [71508] Apache MyFaces EL security bypass
12760| [71445] Apache HTTP Server mod_proxy security bypass
12761| [71203] Apache Tomcat servlets privilege escalation
12762| [71181] Apache HTTP Server ap_pregsub() denial of service
12763| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12764| [70336] Apache HTTP Server mod_proxy information disclosure
12765| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12766| [69472] Apache Tomcat AJP security bypass
12767| [69396] Apache HTTP Server ByteRange filter denial of service
12768| [69394] Apache Wicket multi window support cross-site scripting
12769| [69176] Apache Tomcat XML information disclosure
12770| [69161] Apache Tomcat jsvc information disclosure
12771| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12772| [68541] Apache Tomcat sendfile information disclosure
12773| [68420] Apache XML Security denial of service
12774| [68238] Apache Tomcat JMX information disclosure
12775| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12776| [67804] Apache Subversion control rules information disclosure
12777| [67803] Apache Subversion control rules denial of service
12778| [67802] Apache Subversion baselined denial of service
12779| [67672] Apache Archiva multiple cross-site scripting
12780| [67671] Apache Archiva multiple cross-site request forgery
12781| [67564] Apache APR apr_fnmatch() denial of service
12782| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12783| [67515] Apache Tomcat annotations security bypass
12784| [67480] Apache Struts s:submit information disclosure
12785| [67414] Apache APR apr_fnmatch() denial of service
12786| [67356] Apache Struts javatemplates cross-site scripting
12787| [67354] Apache Struts Xwork cross-site scripting
12788| [66676] Apache Tomcat HTTP BIO information disclosure
12789| [66675] Apache Tomcat web.xml security bypass
12790| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12791| [66241] Apache HttpComponents information disclosure
12792| [66154] Apache Tomcat ServletSecurity security bypass
12793| [65971] Apache Tomcat ServletSecurity security bypass
12794| [65876] Apache Subversion mod_dav_svn denial of service
12795| [65343] Apache Continuum unspecified cross-site scripting
12796| [65162] Apache Tomcat NIO connector denial of service
12797| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12798| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12799| [65159] Apache Tomcat ServletContect security bypass
12800| [65050] Apache CouchDB web-based administration UI cross-site scripting
12801| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12802| [64473] Apache Subversion blame -g denial of service
12803| [64472] Apache Subversion walk() denial of service
12804| [64407] Apache Axis2 CVE-2010-0219 code execution
12805| [63926] Apache Archiva password privilege escalation
12806| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12807| [63493] Apache Archiva credentials cross-site request forgery
12808| [63477] Apache Tomcat HttpOnly session hijacking
12809| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12810| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12811| [62959] Apache Shiro filters security bypass
12812| [62790] Apache Perl cgi module denial of service
12813| [62576] Apache Qpid exchange denial of service
12814| [62575] Apache Qpid AMQP denial of service
12815| [62354] Apache Qpid SSL denial of service
12816| [62235] Apache APR-util apr_brigade_split_line() denial of service
12817| [62181] Apache XML-RPC SAX Parser information disclosure
12818| [61721] Apache Traffic Server cache poisoning
12819| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12820| [61186] Apache CouchDB Futon cross-site request forgery
12821| [61169] Apache CXF DTD denial of service
12822| [61070] Apache Jackrabbit search.jsp SQL injection
12823| [61006] Apache SLMS Quoting cross-site request forgery
12824| [60962] Apache Tomcat time cross-site scripting
12825| [60883] Apache mod_proxy_http information disclosure
12826| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12827| [60264] Apache Tomcat Transfer-Encoding denial of service
12828| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12829| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12830| [59413] Apache mod_proxy_http timeout information disclosure
12831| [59058] Apache MyFaces unencrypted view state cross-site scripting
12832| [58827] Apache Axis2 xsd file include
12833| [58790] Apache Axis2 modules cross-site scripting
12834| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12835| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12836| [58056] Apache ActiveMQ .jsp source code disclosure
12837| [58055] Apache Tomcat realm name information disclosure
12838| [58046] Apache HTTP Server mod_auth_shadow security bypass
12839| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12840| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12841| [57429] Apache CouchDB algorithms information disclosure
12842| [57398] Apache ActiveMQ Web console cross-site request forgery
12843| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12844| [56653] Apache HTTP Server DNS spoofing
12845| [56652] Apache HTTP Server DNS cross-site scripting
12846| [56625] Apache HTTP Server request header information disclosure
12847| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12848| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12849| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12850| [55857] Apache Tomcat WAR files directory traversal
12851| [55856] Apache Tomcat autoDeploy attribute security bypass
12852| [55855] Apache Tomcat WAR directory traversal
12853| [55210] Intuit component for Joomla! Apache information disclosure
12854| [54533] Apache Tomcat 404 error page cross-site scripting
12855| [54182] Apache Tomcat admin default password
12856| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12857| [53666] Apache HTTP Server Solaris pollset support denial of service
12858| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12859| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12860| [53041] mod_proxy_ftp module for Apache denial of service
12861| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12862| [51953] Apache Tomcat Path Disclosure
12863| [51952] Apache Tomcat Path Traversal
12864| [51951] Apache stronghold-status Information Disclosure
12865| [51950] Apache stronghold-info Information Disclosure
12866| [51949] Apache PHP Source Code Disclosure
12867| [51948] Apache Multiviews Attack
12868| [51946] Apache JServ Environment Status Information Disclosure
12869| [51945] Apache error_log Information Disclosure
12870| [51944] Apache Default Installation Page Pattern Found
12871| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12872| [51942] Apache AXIS XML External Entity File Retrieval
12873| [51941] Apache AXIS Sample Servlet Information Leak
12874| [51940] Apache access_log Information Disclosure
12875| [51626] Apache mod_deflate denial of service
12876| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12877| [51365] Apache Tomcat RequestDispatcher security bypass
12878| [51273] Apache HTTP Server Incomplete Request denial of service
12879| [51195] Apache Tomcat XML information disclosure
12880| [50994] Apache APR-util xml/apr_xml.c denial of service
12881| [50993] Apache APR-util apr_brigade_vprintf denial of service
12882| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12883| [50930] Apache Tomcat j_security_check information disclosure
12884| [50928] Apache Tomcat AJP denial of service
12885| [50884] Apache HTTP Server XML ENTITY denial of service
12886| [50808] Apache HTTP Server AllowOverride privilege escalation
12887| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12888| [50059] Apache mod_proxy_ajp information disclosure
12889| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12890| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12891| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12892| [49921] Apache ActiveMQ Web interface cross-site scripting
12893| [49898] Apache Geronimo Services/Repository directory traversal
12894| [49725] Apache Tomcat mod_jk module information disclosure
12895| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12896| [49712] Apache Struts unspecified cross-site scripting
12897| [49213] Apache Tomcat cal2.jsp cross-site scripting
12898| [48934] Apache Tomcat POST doRead method information disclosure
12899| [48211] Apache Tomcat header HTTP request smuggling
12900| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12901| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12902| [47709] Apache Roller "
12903| [47104] Novell Netware ApacheAdmin console security bypass
12904| [47086] Apache HTTP Server OS fingerprinting unspecified
12905| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12906| [45791] Apache Tomcat RemoteFilterValve security bypass
12907| [44435] Oracle WebLogic Apache Connector buffer overflow
12908| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12909| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12910| [44156] Apache Tomcat RequestDispatcher directory traversal
12911| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12912| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12913| [42987] Apache HTTP Server mod_proxy module denial of service
12914| [42915] Apache Tomcat JSP files path disclosure
12915| [42914] Apache Tomcat MS-DOS path disclosure
12916| [42892] Apache Tomcat unspecified unauthorized access
12917| [42816] Apache Tomcat Host Manager cross-site scripting
12918| [42303] Apache 403 error cross-site scripting
12919| [41618] Apache-SSL ExpandCert() authentication bypass
12920| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12921| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12922| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12923| [40562] Apache Geronimo init information disclosure
12924| [40478] Novell Web Manager webadmin-apache.conf security bypass
12925| [40411] Apache Tomcat exception handling information disclosure
12926| [40409] Apache Tomcat native (APR based) connector weak security
12927| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12928| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12929| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12930| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12931| [39804] Apache Tomcat SingleSignOn information disclosure
12932| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12933| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12934| [39608] Apache HTTP Server balancer manager cross-site request forgery
12935| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12936| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12937| [39472] Apache HTTP Server mod_status cross-site scripting
12938| [39201] Apache Tomcat JULI logging weak security
12939| [39158] Apache HTTP Server Windows SMB shares information disclosure
12940| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12941| [38951] Apache::AuthCAS Perl module cookie SQL injection
12942| [38800] Apache HTTP Server 413 error page cross-site scripting
12943| [38211] Apache Geronimo SQLLoginModule authentication bypass
12944| [37243] Apache Tomcat WebDAV directory traversal
12945| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12946| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12947| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12948| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12949| [36782] Apache Geronimo MEJB unauthorized access
12950| [36586] Apache HTTP Server UTF-7 cross-site scripting
12951| [36468] Apache Geronimo LoginModule security bypass
12952| [36467] Apache Tomcat functions.jsp cross-site scripting
12953| [36402] Apache Tomcat calendar cross-site request forgery
12954| [36354] Apache HTTP Server mod_proxy module denial of service
12955| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12956| [36336] Apache Derby lock table privilege escalation
12957| [36335] Apache Derby schema privilege escalation
12958| [36006] Apache Tomcat "
12959| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12960| [35999] Apache Tomcat \"
12961| [35795] Apache Tomcat CookieExample cross-site scripting
12962| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12963| [35384] Apache HTTP Server mod_cache module denial of service
12964| [35097] Apache HTTP Server mod_status module cross-site scripting
12965| [35095] Apache HTTP Server Prefork MPM module denial of service
12966| [34984] Apache HTTP Server recall_headers information disclosure
12967| [34966] Apache HTTP Server MPM content spoofing
12968| [34965] Apache HTTP Server MPM information disclosure
12969| [34963] Apache HTTP Server MPM multiple denial of service
12970| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12971| [34869] Apache Tomcat JSP example Web application cross-site scripting
12972| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12973| [34496] Apache Tomcat JK Connector security bypass
12974| [34377] Apache Tomcat hello.jsp cross-site scripting
12975| [34212] Apache Tomcat SSL configuration security bypass
12976| [34210] Apache Tomcat Accept-Language cross-site scripting
12977| [34209] Apache Tomcat calendar application cross-site scripting
12978| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12979| [34167] Apache Axis WSDL file path disclosure
12980| [34068] Apache Tomcat AJP connector information disclosure
12981| [33584] Apache HTTP Server suEXEC privilege escalation
12982| [32988] Apache Tomcat proxy module directory traversal
12983| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12984| [32708] Debian Apache tty privilege escalation
12985| [32441] ApacheStats extract() PHP call unspecified
12986| [32128] Apache Tomcat default account
12987| [31680] Apache Tomcat RequestParamExample cross-site scripting
12988| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12989| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12990| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12991| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12992| [29550] Apache mod_tcl set_var() format string
12993| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12994| [28357] Apache HTTP Server mod_alias script source information disclosure
12995| [28063] Apache mod_rewrite off-by-one buffer overflow
12996| [27902] Apache Tomcat URL information disclosure
12997| [26786] Apache James SMTP server denial of service
12998| [25680] libapache2 /tmp/svn file upload
12999| [25614] Apache Struts lookupMap cross-site scripting
13000| [25613] Apache Struts ActionForm denial of service
13001| [25612] Apache Struts isCancelled() security bypass
13002| [24965] Apache mod_python FileSession command execution
13003| [24716] Apache James spooler memory leak denial of service
13004| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
13005| [24158] Apache Geronimo jsp-examples cross-site scripting
13006| [24030] Apache auth_ldap module multiple format strings
13007| [24008] Apache mod_ssl custom error message denial of service
13008| [24003] Apache mod_auth_pgsql module multiple syslog format strings
13009| [23612] Apache mod_imap referer field cross-site scripting
13010| [23173] Apache Struts error message cross-site scripting
13011| [22942] Apache Tomcat directory listing denial of service
13012| [22858] Apache Multi-Processing Module code allows denial of service
13013| [22602] RHSA-2005:582 updates for Apache httpd not installed
13014| [22520] Apache mod-auth-shadow "
13015| [22466] ApacheTop symlink
13016| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
13017| [22006] Apache HTTP Server byte-range filter denial of service
13018| [21567] Apache mod_ssl off-by-one buffer overflow
13019| [21195] Apache HTTP Server header HTTP request smuggling
13020| [20383] Apache HTTP Server htdigest buffer overflow
13021| [19681] Apache Tomcat AJP12 request denial of service
13022| [18993] Apache HTTP server check_forensic symlink attack
13023| [18790] Apache Tomcat Manager cross-site scripting
13024| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
13025| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
13026| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
13027| [17961] Apache Web server ServerTokens has not been set
13028| [17930] Apache HTTP Server HTTP GET request denial of service
13029| [17785] Apache mod_include module buffer overflow
13030| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
13031| [17473] Apache HTTP Server Satisfy directive allows access to resources
13032| [17413] Apache htpasswd buffer overflow
13033| [17384] Apache HTTP Server environment variable configuration file buffer overflow
13034| [17382] Apache HTTP Server IPv6 apr_util denial of service
13035| [17366] Apache HTTP Server mod_dav module LOCK denial of service
13036| [17273] Apache HTTP Server speculative mode denial of service
13037| [17200] Apache HTTP Server mod_ssl denial of service
13038| [16890] Apache HTTP Server server-info request has been detected
13039| [16889] Apache HTTP Server server-status request has been detected
13040| [16705] Apache mod_ssl format string attack
13041| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
13042| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
13043| [16230] Apache HTTP Server PHP denial of service
13044| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
13045| [15958] Apache HTTP Server authentication modules memory corruption
13046| [15547] Apache HTTP Server mod_disk_cache local information disclosure
13047| [15540] Apache HTTP Server socket starvation denial of service
13048| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
13049| [15422] Apache HTTP Server mod_access information disclosure
13050| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
13051| [15293] Apache for Cygwin "
13052| [15065] Apache-SSL has a default password
13053| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
13054| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
13055| [14751] Apache Mod_python output filter information disclosure
13056| [14125] Apache HTTP Server mod_userdir module information disclosure
13057| [14075] Apache HTTP Server mod_php file descriptor leak
13058| [13703] Apache HTTP Server account
13059| [13689] Apache HTTP Server configuration allows symlinks
13060| [13688] Apache HTTP Server configuration allows SSI
13061| [13687] Apache HTTP Server Server: header value
13062| [13685] Apache HTTP Server ServerTokens value
13063| [13684] Apache HTTP Server ServerSignature value
13064| [13672] Apache HTTP Server config allows directory autoindexing
13065| [13671] Apache HTTP Server default content
13066| [13670] Apache HTTP Server config file directive references outside content root
13067| [13668] Apache HTTP Server httpd not running in chroot environment
13068| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
13069| [13664] Apache HTTP Server config file contains ScriptAlias entry
13070| [13663] Apache HTTP Server CGI support modules loaded
13071| [13661] Apache HTTP Server config file contains AddHandler entry
13072| [13660] Apache HTTP Server 500 error page not CGI script
13073| [13659] Apache HTTP Server 413 error page not CGI script
13074| [13658] Apache HTTP Server 403 error page not CGI script
13075| [13657] Apache HTTP Server 401 error page not CGI script
13076| [13552] Apache HTTP Server mod_cgid module information disclosure
13077| [13550] Apache GET request directory traversal
13078| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
13079| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
13080| [13429] Apache Tomcat non-HTTP request denial of service
13081| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
13082| [13295] Apache weak password encryption
13083| [13254] Apache Tomcat .jsp cross-site scripting
13084| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
13085| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
13086| [12681] Apache HTTP Server mod_proxy could allow mail relaying
13087| [12662] Apache HTTP Server rotatelogs denial of service
13088| [12554] Apache Tomcat stores password in plain text
13089| [12553] Apache HTTP Server redirects and subrequests denial of service
13090| [12552] Apache HTTP Server FTP proxy server denial of service
13091| [12551] Apache HTTP Server prefork MPM denial of service
13092| [12550] Apache HTTP Server weaker than expected encryption
13093| [12549] Apache HTTP Server type-map file denial of service
13094| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
13095| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
13096| [12091] Apache HTTP Server apr_password_validate denial of service
13097| [12090] Apache HTTP Server apr_psprintf code execution
13098| [11804] Apache HTTP Server mod_access_referer denial of service
13099| [11750] Apache HTTP Server could leak sensitive file descriptors
13100| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
13101| [11703] Apache long slash path allows directory listing
13102| [11695] Apache HTTP Server LF (Line Feed) denial of service
13103| [11694] Apache HTTP Server filestat.c denial of service
13104| [11438] Apache HTTP Server MIME message boundaries information disclosure
13105| [11412] Apache HTTP Server error log terminal escape sequence injection
13106| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
13107| [11195] Apache Tomcat web.xml could be used to read files
13108| [11194] Apache Tomcat URL appended with a null character could list directories
13109| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
13110| [11126] Apache HTTP Server illegal character file disclosure
13111| [11125] Apache HTTP Server DOS device name HTTP POST code execution
13112| [11124] Apache HTTP Server DOS device name denial of service
13113| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
13114| [10938] Apache HTTP Server printenv test CGI cross-site scripting
13115| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
13116| [10575] Apache mod_php module could allow an attacker to take over the httpd process
13117| [10499] Apache HTTP Server WebDAV HTTP POST view source
13118| [10457] Apache HTTP Server mod_ssl "
13119| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
13120| [10414] Apache HTTP Server htdigest multiple buffer overflows
13121| [10413] Apache HTTP Server htdigest temporary file race condition
13122| [10412] Apache HTTP Server htpasswd temporary file race condition
13123| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
13124| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
13125| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
13126| [10280] Apache HTTP Server shared memory scorecard overwrite
13127| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
13128| [10241] Apache HTTP Server Host: header cross-site scripting
13129| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
13130| [10208] Apache HTTP Server mod_dav denial of service
13131| [10206] HP VVOS Apache mod_ssl denial of service
13132| [10200] Apache HTTP Server stderr denial of service
13133| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
13134| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
13135| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
13136| [10098] Slapper worm targets OpenSSL/Apache systems
13137| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
13138| [9875] Apache HTTP Server .var file request could disclose installation path
13139| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
13140| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
13141| [9623] Apache HTTP Server ap_log_rerror() path disclosure
13142| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
13143| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
13144| [9396] Apache Tomcat null character to threads denial of service
13145| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
13146| [9249] Apache HTTP Server chunked encoding heap buffer overflow
13147| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
13148| [8932] Apache Tomcat example class information disclosure
13149| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
13150| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
13151| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
13152| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
13153| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
13154| [8400] Apache HTTP Server mod_frontpage buffer overflows
13155| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
13156| [8308] Apache "
13157| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
13158| [8119] Apache and PHP OPTIONS request reveals "
13159| [8054] Apache is running on the system
13160| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
13161| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
13162| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
13163| [7836] Apache HTTP Server log directory denial of service
13164| [7815] Apache for Windows "
13165| [7810] Apache HTTP request could result in unexpected behavior
13166| [7599] Apache Tomcat reveals installation path
13167| [7494] Apache "
13168| [7419] Apache Web Server could allow remote attackers to overwrite .log files
13169| [7363] Apache Web Server hidden HTTP requests
13170| [7249] Apache mod_proxy denial of service
13171| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
13172| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
13173| [7059] Apache "
13174| [7057] Apache "
13175| [7056] Apache "
13176| [7055] Apache "
13177| [7054] Apache "
13178| [6997] Apache Jakarta Tomcat error message may reveal information
13179| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
13180| [6970] Apache crafted HTTP request could reveal the internal IP address
13181| [6921] Apache long slash path allows directory listing
13182| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
13183| [6527] Apache Web Server for Windows and OS2 denial of service
13184| [6316] Apache Jakarta Tomcat may reveal JSP source code
13185| [6305] Apache Jakarta Tomcat directory traversal
13186| [5926] Linux Apache symbolic link
13187| [5659] Apache Web server discloses files when used with php script
13188| [5310] Apache mod_rewrite allows attacker to view arbitrary files
13189| [5204] Apache WebDAV directory listings
13190| [5197] Apache Web server reveals CGI script source code
13191| [5160] Apache Jakarta Tomcat default installation
13192| [5099] Trustix Secure Linux installs Apache with world writable access
13193| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
13194| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
13195| [4931] Apache source.asp example file allows users to write to files
13196| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
13197| [4205] Apache Jakarta Tomcat delivers file contents
13198| [2084] Apache on Debian by default serves the /usr/doc directory
13199| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
13200| [697] Apache HTTP server beck exploit
13201| [331] Apache cookies buffer overflow
13202|
13203| Exploit-DB - https://www.exploit-db.com:
13204| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
13205| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
13206| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
13207| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
13208| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
13209| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
13210| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
13211| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
13212| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
13213| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
13214| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
13215| [29859] Apache Roller OGNL Injection
13216| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
13217| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
13218| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
13219| [29290] Apache / PHP 5.x Remote Code Execution Exploit
13220| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
13221| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
13222| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
13223| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
13224| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
13225| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
13226| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
13227| [27096] Apache Geronimo 1.0 Error Page XSS
13228| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
13229| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
13230| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
13231| [25986] Plesk Apache Zeroday Remote Exploit
13232| [25980] Apache Struts includeParams Remote Code Execution
13233| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
13234| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
13235| [24874] Apache Struts ParametersInterceptor Remote Code Execution
13236| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
13237| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
13238| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
13239| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
13240| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
13241| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
13242| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
13243| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
13244| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
13245| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
13246| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
13247| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
13248| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
13249| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
13250| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
13251| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
13252| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
13253| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
13254| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
13255| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
13256| [21719] Apache 2.0 Path Disclosure Vulnerability
13257| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
13258| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
13259| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
13260| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
13261| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
13262| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
13263| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
13264| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
13265| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
13266| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
13267| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
13268| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
13269| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
13270| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
13271| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
13272| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
13273| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
13274| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
13275| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
13276| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
13277| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
13278| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
13279| [20558] Apache 1.2 Web Server DoS Vulnerability
13280| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
13281| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
13282| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
13283| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
13284| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
13285| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
13286| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
13287| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
13288| [19231] PHP apache_request_headers Function Buffer Overflow
13289| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
13290| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
13291| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
13292| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
13293| [18442] Apache httpOnly Cookie Disclosure
13294| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
13295| [18221] Apache HTTP Server Denial of Service
13296| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
13297| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
13298| [17691] Apache Struts < 2.2.0 - Remote Command Execution
13299| [16798] Apache mod_jk 1.2.20 Buffer Overflow
13300| [16782] Apache Win32 Chunked Encoding
13301| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
13302| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
13303| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
13304| [15319] Apache 2.2 (Windows) Local Denial of Service
13305| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
13306| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13307| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
13308| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
13309| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
13310| [12330] Apache OFBiz - Multiple XSS
13311| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
13312| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
13313| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
13314| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
13315| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
13316| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
13317| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
13318| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
13319| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13320| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
13321| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
13322| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
13323| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13324| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
13325| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
13326| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
13327| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
13328| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
13329| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
13330| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
13331| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
13332| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
13333| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
13334| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
13335| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
13336| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
13337| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
13338| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
13339| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
13340| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
13341| [466] htpasswd Apache 1.3.31 - Local Exploit
13342| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
13343| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
13344| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
13345| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
13346| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
13347| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
13348| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
13349| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
13350| [9] Apache HTTP Server 2.x Memory Leak Exploit
13351|
13352| OpenVAS (Nessus) - http://www.openvas.org:
13353| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
13354| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
13355| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
13356| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
13357| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
13358| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
13359| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
13360| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
13361| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
13362| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
13363| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
13364| [900571] Apache APR-Utils Version Detection
13365| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
13366| [900496] Apache Tiles Multiple XSS Vulnerability
13367| [900493] Apache Tiles Version Detection
13368| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
13369| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
13370| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
13371| [870175] RedHat Update for apache RHSA-2008:0004-01
13372| [864591] Fedora Update for apache-poi FEDORA-2012-10835
13373| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
13374| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
13375| [864250] Fedora Update for apache-poi FEDORA-2012-7683
13376| [864249] Fedora Update for apache-poi FEDORA-2012-7686
13377| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
13378| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
13379| [855821] Solaris Update for Apache 1.3 122912-19
13380| [855812] Solaris Update for Apache 1.3 122911-19
13381| [855737] Solaris Update for Apache 1.3 122911-17
13382| [855731] Solaris Update for Apache 1.3 122912-17
13383| [855695] Solaris Update for Apache 1.3 122911-16
13384| [855645] Solaris Update for Apache 1.3 122912-16
13385| [855587] Solaris Update for kernel update and Apache 108529-29
13386| [855566] Solaris Update for Apache 116973-07
13387| [855531] Solaris Update for Apache 116974-07
13388| [855524] Solaris Update for Apache 2 120544-14
13389| [855494] Solaris Update for Apache 1.3 122911-15
13390| [855478] Solaris Update for Apache Security 114145-11
13391| [855472] Solaris Update for Apache Security 113146-12
13392| [855179] Solaris Update for Apache 1.3 122912-15
13393| [855147] Solaris Update for kernel update and Apache 108528-29
13394| [855077] Solaris Update for Apache 2 120543-14
13395| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
13396| [850088] SuSE Update for apache2 SUSE-SA:2007:061
13397| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
13398| [841209] Ubuntu Update for apache2 USN-1627-1
13399| [840900] Ubuntu Update for apache2 USN-1368-1
13400| [840798] Ubuntu Update for apache2 USN-1259-1
13401| [840734] Ubuntu Update for apache2 USN-1199-1
13402| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
13403| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
13404| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
13405| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
13406| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
13407| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
13408| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
13409| [835253] HP-UX Update for Apache Web Server HPSBUX02645
13410| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
13411| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
13412| [835236] HP-UX Update for Apache with PHP HPSBUX02543
13413| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
13414| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
13415| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
13416| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
13417| [835188] HP-UX Update for Apache HPSBUX02308
13418| [835181] HP-UX Update for Apache With PHP HPSBUX02332
13419| [835180] HP-UX Update for Apache with PHP HPSBUX02342
13420| [835172] HP-UX Update for Apache HPSBUX02365
13421| [835168] HP-UX Update for Apache HPSBUX02313
13422| [835148] HP-UX Update for Apache HPSBUX01064
13423| [835139] HP-UX Update for Apache with PHP HPSBUX01090
13424| [835131] HP-UX Update for Apache HPSBUX00256
13425| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
13426| [835104] HP-UX Update for Apache HPSBUX00224
13427| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
13428| [835101] HP-UX Update for Apache HPSBUX01232
13429| [835080] HP-UX Update for Apache HPSBUX02273
13430| [835078] HP-UX Update for ApacheStrong HPSBUX00255
13431| [835044] HP-UX Update for Apache HPSBUX01019
13432| [835040] HP-UX Update for Apache PHP HPSBUX00207
13433| [835025] HP-UX Update for Apache HPSBUX00197
13434| [835023] HP-UX Update for Apache HPSBUX01022
13435| [835022] HP-UX Update for Apache HPSBUX02292
13436| [835005] HP-UX Update for Apache HPSBUX02262
13437| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
13438| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
13439| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
13440| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
13441| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
13442| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
13443| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
13444| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
13445| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
13446| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
13447| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
13448| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
13449| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
13450| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
13451| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
13452| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
13453| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
13454| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
13455| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
13456| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
13457| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
13458| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
13459| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
13460| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
13461| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
13462| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
13463| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
13464| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
13465| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
13466| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
13467| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
13468| [801942] Apache Archiva Multiple Vulnerabilities
13469| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
13470| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
13471| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
13472| [801284] Apache Derby Information Disclosure Vulnerability
13473| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
13474| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
13475| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
13476| [800680] Apache APR Version Detection
13477| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
13478| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
13479| [800677] Apache Roller Version Detection
13480| [800279] Apache mod_jk Module Version Detection
13481| [800278] Apache Struts Cross Site Scripting Vulnerability
13482| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
13483| [800276] Apache Struts Version Detection
13484| [800271] Apache Struts Directory Traversal Vulnerability
13485| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
13486| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
13487| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
13488| [103122] Apache Web Server ETag Header Information Disclosure Weakness
13489| [103074] Apache Continuum Cross Site Scripting Vulnerability
13490| [103073] Apache Continuum Detection
13491| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
13492| [101023] Apache Open For Business Weak Password security check
13493| [101020] Apache Open For Business HTML injection vulnerability
13494| [101019] Apache Open For Business service detection
13495| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
13496| [100923] Apache Archiva Detection
13497| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
13498| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
13499| [100813] Apache Axis2 Detection
13500| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
13501| [100795] Apache Derby Detection
13502| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
13503| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
13504| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
13505| [100514] Apache Multiple Security Vulnerabilities
13506| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
13507| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
13508| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
13509| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13510| [72626] Debian Security Advisory DSA 2579-1 (apache2)
13511| [72612] FreeBSD Ports: apache22
13512| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
13513| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
13514| [71512] FreeBSD Ports: apache
13515| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
13516| [71256] Debian Security Advisory DSA 2452-1 (apache2)
13517| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
13518| [70737] FreeBSD Ports: apache
13519| [70724] Debian Security Advisory DSA 2405-1 (apache2)
13520| [70600] FreeBSD Ports: apache
13521| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
13522| [70235] Debian Security Advisory DSA 2298-2 (apache2)
13523| [70233] Debian Security Advisory DSA 2298-1 (apache2)
13524| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
13525| [69338] Debian Security Advisory DSA 2202-1 (apache2)
13526| [67868] FreeBSD Ports: apache
13527| [66816] FreeBSD Ports: apache
13528| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
13529| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
13530| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
13531| [66081] SLES11: Security update for Apache 2
13532| [66074] SLES10: Security update for Apache 2
13533| [66070] SLES9: Security update for Apache 2
13534| [65998] SLES10: Security update for apache2-mod_python
13535| [65893] SLES10: Security update for Apache 2
13536| [65888] SLES10: Security update for Apache 2
13537| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
13538| [65510] SLES9: Security update for Apache 2
13539| [65472] SLES9: Security update for Apache
13540| [65467] SLES9: Security update for Apache
13541| [65450] SLES9: Security update for apache2
13542| [65390] SLES9: Security update for Apache2
13543| [65363] SLES9: Security update for Apache2
13544| [65309] SLES9: Security update for Apache and mod_ssl
13545| [65296] SLES9: Security update for webdav apache module
13546| [65283] SLES9: Security update for Apache2
13547| [65249] SLES9: Security update for Apache 2
13548| [65230] SLES9: Security update for Apache 2
13549| [65228] SLES9: Security update for Apache 2
13550| [65212] SLES9: Security update for apache2-mod_python
13551| [65209] SLES9: Security update for apache2-worker
13552| [65207] SLES9: Security update for Apache 2
13553| [65168] SLES9: Security update for apache2-mod_python
13554| [65142] SLES9: Security update for Apache2
13555| [65136] SLES9: Security update for Apache 2
13556| [65132] SLES9: Security update for apache
13557| [65131] SLES9: Security update for Apache 2 oes/CORE
13558| [65113] SLES9: Security update for apache2
13559| [65072] SLES9: Security update for apache and mod_ssl
13560| [65017] SLES9: Security update for Apache 2
13561| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
13562| [64783] FreeBSD Ports: apache
13563| [64774] Ubuntu USN-802-2 (apache2)
13564| [64653] Ubuntu USN-813-2 (apache2)
13565| [64559] Debian Security Advisory DSA 1834-2 (apache2)
13566| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
13567| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
13568| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
13569| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
13570| [64443] Ubuntu USN-802-1 (apache2)
13571| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
13572| [64423] Debian Security Advisory DSA 1834-1 (apache2)
13573| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
13574| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
13575| [64251] Debian Security Advisory DSA 1816-1 (apache2)
13576| [64201] Ubuntu USN-787-1 (apache2)
13577| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
13578| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
13579| [63565] FreeBSD Ports: apache
13580| [63562] Ubuntu USN-731-1 (apache2)
13581| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
13582| [61185] FreeBSD Ports: apache
13583| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
13584| [60387] Slackware Advisory SSA:2008-045-02 apache
13585| [58826] FreeBSD Ports: apache-tomcat
13586| [58825] FreeBSD Ports: apache-tomcat
13587| [58804] FreeBSD Ports: apache
13588| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
13589| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
13590| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
13591| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
13592| [57335] Debian Security Advisory DSA 1167-1 (apache)
13593| [57201] Debian Security Advisory DSA 1131-1 (apache)
13594| [57200] Debian Security Advisory DSA 1132-1 (apache2)
13595| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
13596| [57145] FreeBSD Ports: apache
13597| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
13598| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
13599| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
13600| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
13601| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
13602| [56067] FreeBSD Ports: apache
13603| [55803] Slackware Advisory SSA:2005-310-04 apache
13604| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13605| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13606| [55355] FreeBSD Ports: apache
13607| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13608| [55261] Debian Security Advisory DSA 805-1 (apache2)
13609| [55259] Debian Security Advisory DSA 803-1 (apache)
13610| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13611| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13612| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13613| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13614| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13615| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13616| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13617| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13618| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13619| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13620| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13621| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13622| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13623| [54439] FreeBSD Ports: apache
13624| [53931] Slackware Advisory SSA:2004-133-01 apache
13625| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
13626| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
13627| [53878] Slackware Advisory SSA:2003-308-01 apache security update
13628| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13629| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13630| [53848] Debian Security Advisory DSA 131-1 (apache)
13631| [53784] Debian Security Advisory DSA 021-1 (apache)
13632| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13633| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13634| [53735] Debian Security Advisory DSA 187-1 (apache)
13635| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13636| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13637| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13638| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13639| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13640| [53282] Debian Security Advisory DSA 594-1 (apache)
13641| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13642| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13643| [53215] Debian Security Advisory DSA 525-1 (apache)
13644| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13645| [52529] FreeBSD Ports: apache+ssl
13646| [52501] FreeBSD Ports: apache
13647| [52461] FreeBSD Ports: apache
13648| [52390] FreeBSD Ports: apache
13649| [52389] FreeBSD Ports: apache
13650| [52388] FreeBSD Ports: apache
13651| [52383] FreeBSD Ports: apache
13652| [52339] FreeBSD Ports: apache+mod_ssl
13653| [52331] FreeBSD Ports: apache
13654| [52329] FreeBSD Ports: ru-apache+mod_ssl
13655| [52314] FreeBSD Ports: apache
13656| [52310] FreeBSD Ports: apache
13657| [15588] Detect Apache HTTPS
13658| [15555] Apache mod_proxy content-length buffer overflow
13659| [15554] Apache mod_include priviledge escalation
13660| [14771] Apache <= 1.3.33 htpasswd local overflow
13661| [14177] Apache mod_access rule bypass
13662| [13644] Apache mod_rootme Backdoor
13663| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13664| [12280] Apache Connection Blocking Denial of Service
13665| [12239] Apache Error Log Escape Sequence Injection
13666| [12123] Apache Tomcat source.jsp malformed request information disclosure
13667| [12085] Apache Tomcat servlet/JSP container default files
13668| [11438] Apache Tomcat Directory Listing and File disclosure
13669| [11204] Apache Tomcat Default Accounts
13670| [11092] Apache 2.0.39 Win32 directory traversal
13671| [11046] Apache Tomcat TroubleShooter Servlet Installed
13672| [11042] Apache Tomcat DOS Device Name XSS
13673| [11041] Apache Tomcat /servlet Cross Site Scripting
13674| [10938] Apache Remote Command Execution via .bat files
13675| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13676| [10773] MacOS X Finder reveals contents of Apache Web files
13677| [10766] Apache UserDir Sensitive Information Disclosure
13678| [10756] MacOS X Finder reveals contents of Apache Web directories
13679| [10752] Apache Auth Module SQL Insertion Attack
13680| [10704] Apache Directory Listing
13681| [10678] Apache /server-info accessible
13682| [10677] Apache /server-status accessible
13683| [10440] Check for Apache Multiple / vulnerability
13684|
13685| SecurityTracker - https://www.securitytracker.com:
13686| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13687| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13688| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13689| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13690| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13691| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13692| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13693| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13694| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13695| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13696| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13697| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13698| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13699| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13700| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13701| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13702| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13703| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13704| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13705| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13706| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13707| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13708| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13709| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13710| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13711| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13712| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13713| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13714| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13715| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13716| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13717| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13718| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13719| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13720| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13721| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13722| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13723| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13724| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13725| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13726| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13727| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13728| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13729| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13730| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13731| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13732| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13733| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13734| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13735| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13736| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13737| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13738| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13739| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13740| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13741| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13742| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13743| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13744| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13745| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13746| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13747| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13748| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13749| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13750| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13751| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13752| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13753| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13754| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13755| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13756| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13757| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13758| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13759| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13760| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13761| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13762| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13763| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13764| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13765| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13766| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13767| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13768| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13769| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13770| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13771| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13772| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13773| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13774| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13775| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13776| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13777| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13778| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13779| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13780| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13781| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13782| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13783| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13784| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13785| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13786| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13787| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13788| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13789| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13790| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13791| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13792| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13793| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13794| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13795| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13796| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13797| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13798| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13799| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13800| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13801| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13802| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13803| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13804| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13805| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13806| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13807| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13808| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13809| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13810| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13811| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13812| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13813| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13814| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13815| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13816| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13817| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13818| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13819| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13820| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13821| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13822| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13823| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13824| [1008920] Apache mod_digest May Validate Replayed Client Responses
13825| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13826| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13827| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13828| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13829| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13830| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13831| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13832| [1008029] Apache mod_alias Contains a Buffer Overflow
13833| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13834| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13835| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13836| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13837| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13838| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13839| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13840| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13841| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13842| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13843| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13844| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13845| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13846| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13847| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13848| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13849| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13850| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13851| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13852| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13853| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13854| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13855| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13856| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13857| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13858| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13859| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13860| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13861| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13862| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13863| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13864| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13865| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13866| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13867| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13868| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13869| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13870| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13871| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13872| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13873| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13874| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13875| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13876| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13877| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13878| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13879| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13880| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13881| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13882| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13883| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13884| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13885| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13886| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13887| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13888| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13889|
13890| OSVDB - http://www.osvdb.org:
13891| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13892| [96077] Apache CloudStack Global Settings Multiple Field XSS
13893| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13894| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13895| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13896| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13897| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13898| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13899| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13900| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13901| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13902| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13903| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13904| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13905| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13906| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13907| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13908| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13909| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13910| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13911| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13912| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13913| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13914| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13915| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13916| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13917| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13918| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13919| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13920| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13921| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13922| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13923| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13924| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13925| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13926| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13927| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13928| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13929| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13930| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13931| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13932| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13933| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13934| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13935| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13936| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13937| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13938| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13939| [94279] Apache Qpid CA Certificate Validation Bypass
13940| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13941| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13942| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13943| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13944| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13945| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13946| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13947| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13948| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13949| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13950| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13951| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13952| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13953| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13954| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13955| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13956| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13957| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13958| [93541] Apache Solr json.wrf Callback XSS
13959| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13960| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13961| [93520] Apache CloudStack Default SSL Key Weakness
13962| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13963| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13964| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13965| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13966| [93515] Apache HBase table.jsp name Parameter XSS
13967| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13968| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13969| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13970| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13971| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13972| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13973| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13974| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13975| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13976| [93252] Apache Tomcat FORM Authenticator Session Fixation
13977| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13978| [93171] Apache Sling HtmlResponse Error Message XSS
13979| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13980| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13981| [93168] Apache Click ErrorReport.java id Parameter XSS
13982| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13983| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13984| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13985| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13986| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13987| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13988| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13989| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13990| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13991| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13992| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13993| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13994| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13995| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13996| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13997| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13998| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13999| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
14000| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
14001| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
14002| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
14003| [93144] Apache Solr Admin Command Execution CSRF
14004| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
14005| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
14006| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
14007| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
14008| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
14009| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
14010| [92748] Apache CloudStack VM Console Access Restriction Bypass
14011| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
14012| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
14013| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
14014| [92706] Apache ActiveMQ Debug Log Rendering XSS
14015| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
14016| [92270] Apache Tomcat Unspecified CSRF
14017| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
14018| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
14019| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
14020| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
14021| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
14022| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
14023| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
14024| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
14025| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
14026| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
14027| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
14028| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
14029| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
14030| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
14031| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
14032| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
14033| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
14034| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
14035| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
14036| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
14037| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
14038| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
14039| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
14040| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
14041| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
14042| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
14043| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
14044| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
14045| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
14046| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
14047| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
14048| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
14049| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
14050| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
14051| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
14052| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
14053| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
14054| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
14055| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
14056| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
14057| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
14058| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
14059| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
14060| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
14061| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
14062| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
14063| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
14064| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
14065| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
14066| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
14067| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
14068| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
14069| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
14070| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
14071| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
14072| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
14073| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
14074| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
14075| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
14076| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
14077| [86901] Apache Tomcat Error Message Path Disclosure
14078| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
14079| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
14080| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
14081| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
14082| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
14083| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
14084| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
14085| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
14086| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
14087| [85430] Apache mod_pagespeed Module Unspecified XSS
14088| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
14089| [85249] Apache Wicket Unspecified XSS
14090| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
14091| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
14092| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
14093| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
14094| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
14095| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
14096| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
14097| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
14098| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
14099| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
14100| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
14101| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
14102| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
14103| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
14104| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
14105| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
14106| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
14107| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
14108| [83339] Apache Roller Blogger Roll Unspecified XSS
14109| [83270] Apache Roller Unspecified Admin Action CSRF
14110| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
14111| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
14112| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
14113| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
14114| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
14115| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
14116| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
14117| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
14118| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
14119| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
14120| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
14121| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
14122| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
14123| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
14124| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
14125| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
14126| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
14127| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
14128| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
14129| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
14130| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
14131| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
14132| [80300] Apache Wicket wicket:pageMapName Parameter XSS
14133| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
14134| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
14135| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
14136| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
14137| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
14138| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
14139| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
14140| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
14141| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
14142| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
14143| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
14144| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
14145| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
14146| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
14147| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
14148| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
14149| [78331] Apache Tomcat Request Object Recycling Information Disclosure
14150| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
14151| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
14152| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
14153| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
14154| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
14155| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
14156| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
14157| [77593] Apache Struts Conversion Error OGNL Expression Injection
14158| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
14159| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
14160| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
14161| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
14162| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
14163| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
14164| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
14165| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
14166| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
14167| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
14168| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
14169| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
14170| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
14171| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
14172| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
14173| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
14174| [74725] Apache Wicket Multi Window Support Unspecified XSS
14175| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
14176| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
14177| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
14178| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
14179| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
14180| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
14181| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
14182| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
14183| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
14184| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
14185| [73644] Apache XML Security Signature Key Parsing Overflow DoS
14186| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
14187| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
14188| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
14189| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
14190| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
14191| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
14192| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
14193| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
14194| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
14195| [73154] Apache Archiva Multiple Unspecified CSRF
14196| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
14197| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
14198| [72238] Apache Struts Action / Method Names <
14199| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
14200| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
14201| [71557] Apache Tomcat HTML Manager Multiple XSS
14202| [71075] Apache Archiva User Management Page XSS
14203| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
14204| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
14205| [70924] Apache Continuum Multiple Admin Function CSRF
14206| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
14207| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
14208| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
14209| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
14210| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
14211| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
14212| [69520] Apache Archiva Administrator Credential Manipulation CSRF
14213| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
14214| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
14215| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
14216| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
14217| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
14218| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
14219| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
14220| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
14221| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
14222| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
14223| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
14224| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
14225| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
14226| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
14227| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
14228| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
14229| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
14230| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
14231| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
14232| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
14233| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
14234| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
14235| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
14236| [65054] Apache ActiveMQ Jetty Error Handler XSS
14237| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
14238| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
14239| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
14240| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
14241| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
14242| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
14243| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
14244| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
14245| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
14246| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
14247| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
14248| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
14249| [63895] Apache HTTP Server mod_headers Unspecified Issue
14250| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
14251| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
14252| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
14253| [63140] Apache Thrift Service Malformed Data Remote DoS
14254| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
14255| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
14256| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
14257| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
14258| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
14259| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
14260| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
14261| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
14262| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
14263| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
14264| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
14265| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
14266| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
14267| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
14268| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
14269| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
14270| [60678] Apache Roller Comment Email Notification Manipulation DoS
14271| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
14272| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
14273| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
14274| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
14275| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
14276| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
14277| [60232] PHP on Apache php.exe Direct Request Remote DoS
14278| [60176] Apache Tomcat Windows Installer Admin Default Password
14279| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
14280| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
14281| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
14282| [59944] Apache Hadoop jobhistory.jsp XSS
14283| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
14284| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
14285| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
14286| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
14287| [59019] Apache mod_python Cookie Salting Weakness
14288| [59018] Apache Harmony Error Message Handling Overflow
14289| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
14290| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
14291| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
14292| [59010] Apache Solr get-file.jsp XSS
14293| [59009] Apache Solr action.jsp XSS
14294| [59008] Apache Solr analysis.jsp XSS
14295| [59007] Apache Solr schema.jsp Multiple Parameter XSS
14296| [59006] Apache Beehive select / checkbox Tag XSS
14297| [59005] Apache Beehive jpfScopeID Global Parameter XSS
14298| [59004] Apache Beehive Error Message XSS
14299| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
14300| [59002] Apache Jetspeed default-page.psml URI XSS
14301| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
14302| [59000] Apache CXF Unsigned Message Policy Bypass
14303| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
14304| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
14305| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
14306| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
14307| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
14308| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
14309| [58993] Apache Hadoop browseBlock.jsp XSS
14310| [58991] Apache Hadoop browseDirectory.jsp XSS
14311| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
14312| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
14313| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
14314| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
14315| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
14316| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
14317| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
14318| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
14319| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
14320| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
14321| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
14322| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
14323| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
14324| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
14325| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
14326| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
14327| [58974] Apache Sling /apps Script User Session Management Access Weakness
14328| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
14329| [58931] Apache Geronimo Cookie Parameters Validation Weakness
14330| [58930] Apache Xalan-C++ XPath Handling Remote DoS
14331| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
14332| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
14333| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
14334| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
14335| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
14336| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
14337| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
14338| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
14339| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
14340| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
14341| [58805] Apache Derby Unauthenticated Database / Admin Access
14342| [58804] Apache Wicket Header Contribution Unspecified Issue
14343| [58803] Apache Wicket Session Fixation
14344| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
14345| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
14346| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
14347| [58799] Apache Tapestry Logging Cleartext Password Disclosure
14348| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
14349| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
14350| [58796] Apache Jetspeed Unsalted Password Storage Weakness
14351| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
14352| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
14353| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
14354| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
14355| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
14356| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
14357| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
14358| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
14359| [58775] Apache JSPWiki preview.jsp action Parameter XSS
14360| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14361| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
14362| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
14363| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
14364| [58770] Apache JSPWiki Group.jsp group Parameter XSS
14365| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
14366| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
14367| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
14368| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
14369| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14370| [58763] Apache JSPWiki Include Tag Multiple Script XSS
14371| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
14372| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
14373| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
14374| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
14375| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
14376| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
14377| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
14378| [58755] Apache Harmony DRLVM Non-public Class Member Access
14379| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
14380| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
14381| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
14382| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
14383| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
14384| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
14385| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
14386| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
14387| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
14388| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
14389| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
14390| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
14391| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
14392| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
14393| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
14394| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
14395| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
14396| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
14397| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
14398| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
14399| [58725] Apache Tapestry Basic String ACL Bypass Weakness
14400| [58724] Apache Roller Logout Functionality Failure Session Persistence
14401| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
14402| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
14403| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
14404| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
14405| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
14406| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
14407| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
14408| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
14409| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
14410| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
14411| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
14412| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
14413| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
14414| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
14415| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
14416| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
14417| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
14418| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
14419| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
14420| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
14421| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
14422| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
14423| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
14424| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
14425| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
14426| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
14427| [58687] Apache Axis Invalid wsdl Request XSS
14428| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
14429| [58685] Apache Velocity Template Designer Privileged Code Execution
14430| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
14431| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
14432| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
14433| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
14434| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
14435| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
14436| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
14437| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
14438| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
14439| [58667] Apache Roller Database Cleartext Passwords Disclosure
14440| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
14441| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
14442| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
14443| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
14444| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
14445| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
14446| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
14447| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
14448| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
14449| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
14450| [56984] Apache Xerces2 Java Malformed XML Input DoS
14451| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
14452| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
14453| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
14454| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
14455| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
14456| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
14457| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
14458| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
14459| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
14460| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
14461| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
14462| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
14463| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
14464| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
14465| [55056] Apache Tomcat Cross-application TLD File Manipulation
14466| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
14467| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
14468| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
14469| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
14470| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
14471| [54589] Apache Jserv Nonexistent JSP Request XSS
14472| [54122] Apache Struts s:a / s:url Tag href Element XSS
14473| [54093] Apache ActiveMQ Web Console JMS Message XSS
14474| [53932] Apache Geronimo Multiple Admin Function CSRF
14475| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
14476| [53930] Apache Geronimo /console/portal/ URI XSS
14477| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
14478| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
14479| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
14480| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
14481| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
14482| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
14483| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
14484| [53380] Apache Struts Unspecified XSS
14485| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
14486| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
14487| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
14488| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
14489| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
14490| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
14491| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
14492| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
14493| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
14494| [51151] Apache Roller Search Function q Parameter XSS
14495| [50482] PHP with Apache php_value Order Unspecified Issue
14496| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
14497| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
14498| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
14499| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
14500| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
14501| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
14502| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
14503| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
14504| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
14505| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
14506| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
14507| [47096] Oracle Weblogic Apache Connector POST Request Overflow
14508| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
14509| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
14510| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
14511| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
14512| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
14513| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
14514| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
14515| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
14516| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
14517| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
14518| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
14519| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
14520| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
14521| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
14522| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
14523| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
14524| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
14525| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
14526| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
14527| [43452] Apache Tomcat HTTP Request Smuggling
14528| [43309] Apache Geronimo LoginModule Login Method Bypass
14529| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
14530| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
14531| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
14532| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
14533| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
14534| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
14535| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
14536| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
14537| [42091] Apache Maven Site Plugin Installation Permission Weakness
14538| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
14539| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
14540| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
14541| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
14542| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
14543| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
14544| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
14545| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
14546| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
14547| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
14548| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
14549| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
14550| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
14551| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
14552| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
14553| [40262] Apache HTTP Server mod_status refresh XSS
14554| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
14555| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
14556| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
14557| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
14558| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
14559| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
14560| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
14561| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
14562| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
14563| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
14564| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
14565| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
14566| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
14567| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
14568| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
14569| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
14570| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
14571| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
14572| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
14573| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
14574| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
14575| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
14576| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
14577| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
14578| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
14579| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
14580| [36080] Apache Tomcat JSP Examples Crafted URI XSS
14581| [36079] Apache Tomcat Manager Uploaded Filename XSS
14582| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
14583| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
14584| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
14585| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
14586| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
14587| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
14588| [34881] Apache Tomcat Malformed Accept-Language Header XSS
14589| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
14590| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
14591| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14592| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
14593| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
14594| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
14595| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
14596| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
14597| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
14598| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
14599| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
14600| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
14601| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
14602| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14603| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14604| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14605| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14606| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14607| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14608| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14609| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14610| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14611| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14612| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14613| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14614| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14615| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14616| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14617| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14618| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14619| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14620| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14621| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14622| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14623| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14624| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14625| [24365] Apache Struts Multiple Function Error Message XSS
14626| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14627| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14628| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14629| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14630| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14631| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14632| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14633| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14634| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14635| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14636| [22459] Apache Geronimo Error Page XSS
14637| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14638| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14639| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14640| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14641| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14642| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14643| [21021] Apache Struts Error Message XSS
14644| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14645| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14646| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14647| [20439] Apache Tomcat Directory Listing Saturation DoS
14648| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14649| [20285] Apache HTTP Server Log File Control Character Injection
14650| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14651| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14652| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14653| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14654| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14655| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14656| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14657| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14658| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14659| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14660| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14661| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14662| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14663| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14664| [18233] Apache HTTP Server htdigest user Variable Overfow
14665| [17738] Apache HTTP Server HTTP Request Smuggling
14666| [16586] Apache HTTP Server Win32 GET Overflow DoS
14667| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14668| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14669| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14670| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14671| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14672| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14673| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14674| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14675| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14676| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14677| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14678| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14679| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14680| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14681| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14682| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14683| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14684| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14685| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14686| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14687| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14688| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14689| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14690| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14691| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14692| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14693| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14694| [13304] Apache Tomcat realPath.jsp Path Disclosure
14695| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14696| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14697| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14698| [12848] Apache HTTP Server htdigest realm Variable Overflow
14699| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14700| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14701| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14702| [12557] Apache HTTP Server prefork MPM accept Error DoS
14703| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14704| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14705| [12231] Apache Tomcat web.xml Arbitrary File Access
14706| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14707| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14708| [12178] Apache Jakarta Lucene results.jsp XSS
14709| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14710| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14711| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14712| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14713| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14714| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14715| [10471] Apache Xerces-C++ XML Parser DoS
14716| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14717| [10068] Apache HTTP Server htpasswd Local Overflow
14718| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14719| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14720| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14721| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14722| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14723| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14724| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14725| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14726| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14727| [9714] Apache Authentication Module Threaded MPM DoS
14728| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14729| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14730| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14731| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14732| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14733| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14734| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14735| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14736| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14737| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14738| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14739| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14740| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14741| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14742| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14743| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14744| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14745| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14746| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14747| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14748| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14749| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14750| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14751| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14752| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14753| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14754| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14755| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14756| [9208] Apache Tomcat .jsp Encoded Newline XSS
14757| [9204] Apache Tomcat ROOT Application XSS
14758| [9203] Apache Tomcat examples Application XSS
14759| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14760| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14761| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14762| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14763| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14764| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14765| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14766| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14767| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14768| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14769| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14770| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14771| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14772| [7611] Apache HTTP Server mod_alias Local Overflow
14773| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14774| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14775| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14776| [6882] Apache mod_python Malformed Query String Variant DoS
14777| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14778| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14779| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14780| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14781| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14782| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14783| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14784| [5278] Apache Tomcat web.xml Restriction Bypass
14785| [5051] Apache Tomcat Null Character DoS
14786| [4973] Apache Tomcat servlet Mapping XSS
14787| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14788| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14789| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14790| [4568] mod_survey For Apache ENV Tags SQL Injection
14791| [4553] Apache HTTP Server ApacheBench Overflow DoS
14792| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14793| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14794| [4383] Apache HTTP Server Socket Race Condition DoS
14795| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14796| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14797| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14798| [4231] Apache Cocoon Error Page Server Path Disclosure
14799| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14800| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14801| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14802| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14803| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14804| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14805| [3322] mod_php for Apache HTTP Server Process Hijack
14806| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14807| [2885] Apache mod_python Malformed Query String DoS
14808| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14809| [2733] Apache HTTP Server mod_rewrite Local Overflow
14810| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14811| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14812| [2149] Apache::Gallery Privilege Escalation
14813| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14814| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14815| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14816| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14817| [872] Apache Tomcat Multiple Default Accounts
14818| [862] Apache HTTP Server SSI Error Page XSS
14819| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14820| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14821| [845] Apache Tomcat MSDOS Device XSS
14822| [844] Apache Tomcat Java Servlet Error Page XSS
14823| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14824| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14825| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14826| [775] Apache mod_python Module Importing Privilege Function Execution
14827| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14828| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14829| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14830| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14831| [637] Apache HTTP Server UserDir Directive Username Enumeration
14832| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14833| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14834| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14835| [561] Apache Web Servers mod_status /server-status Information Disclosure
14836| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14837| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14838| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14839| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14840| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14841| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14842| [376] Apache Tomcat contextAdmin Arbitrary File Access
14843| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14844| [222] Apache HTTP Server test-cgi Arbitrary File Access
14845| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14846| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14847|_
14848587/tcp open smtp Postfix smtpd
14849| vulscan: VulDB - https://vuldb.com:
14850| [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability
14851| [98314] PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status denial of service
14852| [71720] Postfix up to 2.3.0 backup.php pacrypt sql injection
14853| [12746] Postfix Admin 2.3.6 functions.inc.php sql injection
14854| [57422] Postfix memory corruption
14855| [56843] Postfix up to 2.7.2 Cleartext weak encryption
14856|
14857| MITRE CVE - https://cve.mitre.org:
14858| [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
14859| [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
14860| [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
14861| [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
14862| [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
14863| [CVE-2008-4977] ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
14864| [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
14865| [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
14866| [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
14867| [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
14868| [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
14869| [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
14870| [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
14871| [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
14872| [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
14873| [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
14874| [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
14875| [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
14876| [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
14877| [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
14878|
14879| SecurityFocus - https://www.securityfocus.com/bid/:
14880| [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability
14881| [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities
14882| [67250] Postfix Arbitrary Content Security Bypass Vulnerability
14883| [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability
14884| [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability
14885| [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
14886| [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
14887| [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
14888| [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
14889| [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
14890| [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
14891| [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability
14892| [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability
14893| [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability
14894| [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability
14895| [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability
14896| [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
14897| [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
14898| [8361] Postfix Connection Proxying Vulnerability
14899| [8333] Multiple Postfix Denial of Service Vulnerabilities
14900| [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability
14901| [3637] SuSEConfig.postfix chroot File Ownership Vulnerability
14902| [3544] Postfix SMTP Log Denial Of Service Vulnerability
14903| [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
14904|
14905| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14906| [72752] Postfix Admin multiple parameters SQL injection
14907| [72751] PostfixAdmin multiple parameters cross-site scripting
14908| [67359] Postfix Cyrus SASL library in the SMTP server code execution
14909| [55970] SUSE Linux Enterprise postfix security bypass
14910| [53425] Postfix in Debian and Ubuntu pid symlink
14911| [45876] Apple Mac OS X Postfix configuration file weak security
14912| [44865] Postfix file descriptor denial of service
14913| [44461] Postfix email information disclosure
14914| [44460] Postfix symlink code execution
14915| [22655] RHSA-2005:152 updates for postfix not installed
14916| [19218] Postfix IPv6 mail relay
14917| [18435] SQLgrey Postfix greylisting service SQL injection
14918| [18353] Postfix CRAM-MD5 authentication replay attack
14919| [17998] SQLgrey Postfix greylisting service SQL injection
14920| [17595] Apple Mac OS postfix SMTPD AUTH denial of service
14921| [12816] Postfix MAIL FROM or RCPT TO denial of service
14922| [12815] Postfix could be used as a distributed denial of service tool
14923| [7568] Postfix SMTP log denial of service
14924| [4905] Cyrus with postfix and procmail integration could allow remote command execution
14925|
14926| Exploit-DB - https://www.exploit-db.com:
14927| [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
14928| [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2)
14929| [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1)
14930| [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow
14931| [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow
14932| [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
14933| [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
14934| [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit
14935|
14936| OpenVAS (Nessus) - http://www.openvas.org:
14937| [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
14938| [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64
14939| [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64
14940| [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64
14941| [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64
14942| [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386
14943| [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386
14944| [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386
14945| [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386
14946| [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386
14947| [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64
14948| [870658] RedHat Update for postfix RHSA-2011:0423-01
14949| [870440] RedHat Update for postfix RHSA-2011:0843-01
14950| [870418] RedHat Update for postfix RHSA-2011:0422-01
14951| [870021] RedHat Update for postfix RHSA-2008:0839-01
14952| [863100] Fedora Update for postfix FEDORA-2011-6777
14953| [863097] Fedora Update for postfix FEDORA-2011-6771
14954| [862950] Fedora Update for postfix FEDORA-2011-3394
14955| [862938] Fedora Update for postfix FEDORA-2011-3355
14956| [860510] Fedora Update for postfix FEDORA-2008-8593
14957| [860419] Fedora Update for postfix FEDORA-2008-8595
14958| [850126] SuSE Update for postfix SUSE-SA:2010:011
14959| [850031] SuSE Update for postfix SUSE-SA:2008:040
14960| [840658] Ubuntu Update for postfix USN-1131-1
14961| [840648] Ubuntu Update for postfix USN-1113-1
14962| [840227] Ubuntu Update for postfix vulnerabilities USN-642-1
14963| [840190] Ubuntu Update for postfix vulnerability USN-636-1
14964| [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix)
14965| [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix)
14966| [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix)
14967| [830075] Mandriva Update for postfix MDKA-2007:079 (postfix)
14968| [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
14969| [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix)
14970| [70744] FreeBSD Ports: postfixadmin
14971| [69770] FreeBSD Ports: postfix, postfix-base
14972| [69733] Debian Security Advisory DSA 2233-1 (postfix)
14973| [69363] FreeBSD Ports: postfix, postfix-base
14974| [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix)
14975| [65957] SLES10: Security update for Postfix
14976| [65911] SLES10: Security update for Postfix
14977| [65353] SLES9: Security update for Postfix
14978| [65350] SLES9: Security update for postfix
14979| [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix)
14980| [61646] Gentoo Security Advisory GLSA 200809-09 (postfix)
14981| [61445] Gentoo Security Advisory GLSA 200808-12 (postfix)
14982| [61435] Debian Security Advisory DSA 1629-2 (postfix)
14983| [61434] Debian Security Advisory DSA 1629-1 (postfix)
14984| [60836] FreeBSD Ports: postfix-policyd-weight
14985| [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd)
14986| [53833] Debian Security Advisory DSA 093-1 (postfix)
14987| [53652] Debian Security Advisory DSA 363-1 (postfix)
14988|
14989| SecurityTracker - https://www.securitytracker.com:
14990| [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service
14991| [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands
14992| [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service
14993| [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges
14994| [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail
14995| [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
14996| [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts
14997| [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System
14998| [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
14999|
15000| OSVDB - http://www.osvdb.org:
15001| [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation
15002| [78567] Postfix Admin backup.php Unspecified SQL Injection
15003| [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection
15004| [78565] Postfix Admin create-domain.php Unspecified SQL Injection
15005| [78564] Postfix Admin Unspecified XSS
15006| [78563] Postfix Admin edit-alias.php Unspecified XSS
15007| [78562] Postfix Admin create-alias.php Unspecified XSS
15008| [78561] Postfix Admin create-domain.php Unspecified XSS
15009| [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS
15010| [78559] Postfix Admin templates/menu.php domain Parameter XSS
15011| [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption
15012| [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection
15013| [68340] Artica postfix.events.php Unrestricted Access Information Disclosure
15014| [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass
15015| [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite
15016| [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite
15017| [48973] Apple Mac OS X Postfix Network Access Configuration Weakness
15018| [48108] Postfix epoll File Descriptor Leak Local DoS
15019| [47659] Postfix Cross-user Filename Local Mail Interception
15020| [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append
15021| [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
15022| [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow
15023| [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
15024| [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
15025| [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection
15026| [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
15027| [11571] SQLgrey Postfix greylisting Email Address SQL Injection
15028| [10545] Postfix Multiple Mail Header SMTP listener DoS
15029| [10544] Postfix Malformed Envelope Address nqmgr DoS
15030| [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
15031| [6551] Postfix Bounce Scan / Packet Amplification DDoS
15032| [1991] Postfix SMTP Log DoS
15033|_
150341030/tcp filtered iad1
150355666/tcp filtered nrpe
15036Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
15037#####################################################################################################################################
15038 Anonymous JTSEC #OpDomesticTerrorism Full Recon #5