· 6 years ago · Aug 02, 2019, 12:32 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.logitem.co.jp ISP IDC Frontier Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 02 Aug 2019 08:34 JST
8City Unknown Postal Code Unknown
9IP Address 210.168.52.41 Latitude 35.69
10 Longitude 139.69
11=====================================================================================================================================
12#######################################################################################################################################
13> www.logitem.co.jp
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.logitem.co.jp
19Address: 210.168.52.41
20>
21#######################################################################################################################################
22[ JPRS database provides information on network administration. Its use is ]
23[ restricted to network administration purposes. For further information, ]
24[ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
25[ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
26
27Domain Information:
28a. [Domain Name] LOGITEM.CO.JP
29g. [Organization] Japan Logistic Systems Corp.
30l. [Organization Type] Corporation
31m. [Administrative Contact] HH5638JP
32n. [Technical Contact] HH5638JP
33p. [Name Server] ns01.logitem.co.jp
34p. [Name Server] ns03.logitem.co.jp
35s. [Signing Key]
36[State] Connected (2020/02/29)
37[Registered Date] 1997/02/10
38[Connected Date] 1997/03/21
39[Last Update] 2019/03/01 01:07:02 (JST)
40###############################################################################################################################
41[+] Target : www.logitem.co.jp
42
43[+] IP Address : 210.168.52.41
44
45[+] Headers :
46
47[+] Date : Thu, 01 Aug 2019 23:37:45 GMT
48[+] Server : Apache
49[+] Last-Modified : Thu, 27 Jun 2019 07:43:03 GMT
50[+] ETag : "80003-9bd6-58c494fd32938"
51[+] Accept-Ranges : bytes
52[+] Content-Length : 39894
53[+] Keep-Alive : timeout=15, max=100
54[+] Connection : Keep-Alive
55[+] Content-Type : text/html
56
57[+] SSL Certificate Information :
58
59[-] SSL is not Present on Target URL...Skipping...
60
61[+] Whois Lookup :
62
63[+] NIR : {'query': '210.168.52.41', 'raw': None, 'nets': [{'cidr': '210.168.52.0/24', 'name': 'Yahoo Japan Corporation', 'handle': 'SUBA-032-052', 'range': '210.168.52.1 - 210.168.52.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': ['ns01.idc.jp', 'ns02.idc.jp', 'ns03.idc.jp'], 'created': None, 'updated': '2012-12-04T23:43:17', 'contacts': {'admin': {'email': 'togo-op_all@idcf.jp', 'organization': 'Yahoo Japan Corporation', 'division': '', 'phone': '03-5312-7030', 'fax': '', 'updated': '2011-12-07T05:53:03'}, 'tech': {'name': 'Sato, Yoshikazu', 'email': 'y-sato@idcf.jp', 'reply_email': '', 'organization': 'Yahoo Japan Corporation', 'division': '', 'title': '', 'phone': '03-4354-0230', 'fax': '', 'updated': '2009-09-25T00:44:24'}}}]}
64[+] ASN Registry : apnic
65[+] ASN : 4694
66[+] ASN CIDR : 210.168.0.0/17
67[+] ASN Country Code : JP
68[+] ASN Date : 1997-08-04
69[+] ASN Description : IDCF IDC Frontier Inc., JP
70[+] cidr : 210.160.0.0/12
71[+] name : JPNIC-NET-JP
72[+] handle : JNIC1-AP
73[+] range : 210.160.0.0 - 210.175.255.255
74[+] description : Japan Network Information Center
75[+] country : JP
76[+] state : None
77[+] city : None
78[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
79Chiyoda-ku, Tokyo 101-0047, Japan
80[+] postal_code : None
81[+] emails : ['hostmaster@nic.ad.jp']
82[+] created : None
83[+] updated : None
84
85[+] Crawling Target...
86
87[+] Looking for robots.txt........[ Not Found ]
88[+] Looking for sitemap.xml.......[ Not Found ]
89[+] Extracting CSS Links..........[ 5 ]
90[+] Extracting Javascript Links...[ 5 ]
91[+] Extracting Internal Links.....[ 0 ]
92[+] Extracting External Links.....[ 5 ]
93[+] Extracting Images.............[ 26 ]
94
95[+] Total Links Extracted : 41
96
97[+] Dumping Links in /opt/FinalRecon/dumps/www.logitem.co.jp.dump
98[+] Completed!
99##################################################################################################################################
100[+] Starting At 2019-08-01 19:37:46.376945
101[+] Collecting Information On: http://www.logitem.co.jp/
102[#] Status: 200
103--------------------------------------------------
104[#] Web Server Detected: Apache
105[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
106- Date: Thu, 01 Aug 2019 23:37:48 GMT
107- Server: Apache
108- Last-Modified: Thu, 27 Jun 2019 07:43:03 GMT
109- ETag: "80003-9bd6-58c494fd32938"
110- Accept-Ranges: bytes
111- Content-Length: 39894
112- Keep-Alive: timeout=15, max=100
113- Connection: Keep-Alive
114- Content-Type: text/html
115--------------------------------------------------
116[#] Finding Location..!
117[#] message: invalid query
118[#] query: logitem.co.jp
119[#] status: fail
120--------------------------------------------------
121[x] Didn't Detect WAF Presence on: http://www.logitem.co.jp/
122--------------------------------------------------
123[#] Starting Reverse DNS
124[-] Failed ! Fail
125--------------------------------------------------
126[!] Scanning Open Port
127--------------------------------------------------
128[+] Collecting Information Disclosure!
129[#] Detecting sitemap.xml file
130[-] sitemap.xml file not Found!?
131[#] Detecting robots.txt file
132[-] robots.txt file not Found!?
133[#] Detecting GNU Mailman
134[-] GNU Mailman App Not Detected!?
135--------------------------------------------------
136[+] Crawling Url Parameter On: http://www.logitem.co.jp/
137--------------------------------------------------
138[#] Searching Html Form !
139[-] No Html Form Found!?
140--------------------------------------------------
141[!] Found 4 dom parameter
142[#] http://www.logitem.co.jp//service/center_re.html#h502
143[#] http://www.logitem.co.jp//service/center_re.html#h502
144[#] http://www.logitem.co.jp//service/center_re.html#h502
145[#] http://www.logitem.co.jp//#head
146--------------------------------------------------
147[!] 3 Internal Dynamic Parameter Discovered
148[+] http://www.logitem.co.jp//movie01.html?keepThis=true&TB_iframe=true&height=500&width=710
149[+] http://www.logitem.co.jp//movie02.html?keepThis=true&TB_iframe=true&height=500&width=710
150[+] http://www.logitem.co.jp//movie03.html?keepThis=true&TB_iframe=true&height=500&width=710
151--------------------------------------------------
152[!] 11 External Dynamic Parameter Discovered
153[#] http://www.irmovie.jp/nir2/?conts=logitem_201905_eCwh
154[#] http://www.irmovie.jp/nir/?conts=logitem_201805_My8n
155[#] http://www.irmovie.jp/nir/?conts=logitem_201711_s8f9
156[#] http://www.irmovie.jp/ir/?logitem201705
157[#] http://www.irmovie.jp/ir/?logitem201611
158[#] http://www.irmovie.jp/ir/?logitem201511
159[#] http://www.irmovie.jp/ir/?logitem201505
160[#] http://www.irmovie.jp/ir/?logitem201411
161[#] http://www.irmovie.jp/ir/?logitem201405
162[#] http://www.irmovie.jp/ir/?logitem201311
163[#] http://stocks.finance.yahoo.co.jp/stocks/detail/?code=9060
164--------------------------------------------------
165[!] 227 Internal links Discovered
166[+] http://www.logitem.co.jp//css/flexslider.css
167[+] http://www.logitem.co.jp//css/thickbox.css
168[+] http://www.logitem.co.jp//css/jquery.lightbox-0.5.css
169[+] http://www.logitem.co.jp//css/common.css
170[+] http://www.logitem.co.jp//css/main.css
171[+] http://www.logitem.co.jp//index.html
172[+] http://www.logitem.co.jp//company/index.html
173[+] http://www.logitem.co.jp//service/index.html
174[+] http://www.logitem.co.jp//branch/index.html
175[+] http://www.logitem.co.jp//group/index.html
176[+] http://www.logitem.co.jp//ir/index.html
177[+] http://www.logitem.co.jp//recruit/index.html
178[+] http://www.logitem.co.jp//index.html
179[+] http://www.logitem.co.jp//info/sitemap.html
180[+] http://www.logitem.co.jp//info/index.html
181[+] http://www.logitem.co.jp//branch/index.html
182[+] http://www.logitem.co.jp//en/
183[+] http://www.logitem.co.jp//news/pdf/20190627.pdf
184[+] http://www.logitem.co.jp//news/pdf/20190515-01.pdf
185[+] http://www.logitem.co.jp//news/pdf/20190315.pdf
186[+] http://www.logitem.co.jp//news/pdf/20190219.pdf
187[+] http://www.logitem.co.jp//news/pdf/20181126.pdf
188[+] http://www.logitem.co.jp//news/pdf/20180628.pdf
189[+] http://www.logitem.co.jp//news/pdf/20180514-04.pdf
190[+] http://www.logitem.co.jp//news/pdf/20180514-03.pdf
191[+] http://www.logitem.co.jp//news/pdf/20180418.pdf
192[+] http://www.logitem.co.jp//news/pdf/20180426.pdf
193[+] http://www.logitem.co.jp//news/pdf/20180308.pdf
194[+] http://www.logitem.co.jp//news/pdf/20171219-01.pdf
195[+] http://www.logitem.co.jp//news/pdf/20171114-01.pdf
196[+] http://www.logitem.co.jp//news/pdf/20171031-01.pdf
197[+] http://www.logitem.co.jp//news/pdf/20171031-02.pdf
198[+] http://www.logitem.co.jp//news/pdf/20170629.pdf
199[+] http://www.logitem.co.jp//news/pdf/20170515.pdf
200[+] http://www.logitem.co.jp//news/pdf/20170314.pdf
201[+] http://www.logitem.co.jp//news/pdf/20170119.pdf
202[+] http://www.logitem.co.jp//news/pdf/20160721.pdf
203[+] http://www.logitem.co.jp//news/pdf/20160629.pdf
204[+] http://www.logitem.co.jp//news/pdf/20160614.pdf
205[+] http://www.logitem.co.jp//news/pdf/20160516.pdf
206[+] http://www.logitem.co.jp//news/pdf/20150930.pdf
207[+] http://www.logitem.co.jp//news/pdf/20150603.pdf
208[+] http://www.logitem.co.jp//news/pdf/20150428.pdf
209[+] http://www.logitem.co.jp//news/pdf/20151030-1.pdf
210[+] http://www.logitem.co.jp//news/pdf/20150626.pdf
211[+] http://www.logitem.co.jp//news/pdf/20150515.pdf
212[+] http://www.logitem.co.jp//news/pdf/20150313.pdf
213[+] http://www.logitem.co.jp//news/pdf/20150130.pdf
214[+] http://www.logitem.co.jp//news/pdf/20140925.pdf
215[+] http://www.logitem.co.jp//news/pdf/20140916-3.pdf
216[+] http://www.logitem.co.jp//news/pdf/20140916-2.pdf
217[+] http://www.logitem.co.jp//news/pdf/20140617.pdf
218[+] http://www.logitem.co.jp//news/pdf/20140916-1.pdf
219[+] http://www.logitem.co.jp//news/pdf/20140627.pdf
220[+] http://www.logitem.co.jp//news/pdf/20140515-2.pdf
221[+] http://www.logitem.co.jp//news/pdf/20140523.pdf
222[+] http://www.logitem.co.jp//news/pdf/20140515-1.pdf
223[+] http://www.logitem.co.jp//news/pdf/20140325.pdf
224[+] http://www.logitem.co.jp//news/pdf/20140314.pdf
225[+] http://www.logitem.co.jp//news/pdf/20140204.pdf
226[+] http://www.logitem.co.jp//news/pdf/20130913.pdf
227[+] http://www.logitem.co.jp/en/
228[+] http://www.logitem.co.jp//news/pdf/20130626.pdf
229[+] http://www.logitem.co.jp//news/pdf/20130605.pdf
230[+] http://www.logitem.co.jp//news/pdf/20130515.pdf
231[+] http://www.logitem.co.jp//news/pdf/20130214.pdf
232[+] http://www.logitem.co.jp//news/pdf/20130130.pdf
233[+] http://www.logitem.co.jp//news/pdf/20121220.pdf
234[+] http://www.logitem.co.jp//news/pdf/20121212.pdf
235[+] http://www.logitem.co.jp//news/pdf/20121015.pdf
236[+] http://www.logitem.co.jp//news/pdf/0116.pdf
237[+] http://www.logitem.co.jp//news/pdf/20160324.pdf
238[+] http://www.logitem.co.jp//news/pdf/20160315.pdf
239[+] http://www.logitem.co.jp//ir/topmessage.html
240[+] http://www.logitem.co.jp//img/ir/corporate/pdf15.pdf
241[+] http://www.logitem.co.jp//news/pdf/20190527.pdf
242[+] http://www.logitem.co.jp//news/pdf/20190515-02.pdf
243[+] http://www.logitem.co.jp//news/pdf/20190426.pdf
244[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2019/2019_pdf03.pdf
245[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2019/2019_3Q_kessan.pdf
246[+] http://www.logitem.co.jp//ir/topmessage.html
247[+] http://www.logitem.co.jp//news/pdf/20181130.pdf
248[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2019/2019_pdf02.pdf
249[+] http://www.logitem.co.jp//news/pdf/20181031-01.pdf
250[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2019/2019_2Q_kessan.pdf
251[+] http://www.logitem.co.jp//ir/topmessage.html
252[+] http://www.logitem.co.jp//img/ir/corporate/pdf13.pdf
253[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2019/2019_pdf01.pdf
254[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2019/2019_1Q_kessan.pdf
255[+] http://www.logitem.co.jp//news/pdf/20180514-02.pdf
256[+] http://www.logitem.co.jp//news/pdf/20180514-01.pdf
257[+] http://www.logitem.co.jp//news/pdf/20180427.pdf
258[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2018/2018_pdf03.pdf
259[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2018/2018_3Q_kessan.pdf
260[+] http://www.logitem.co.jp//news/pdf/20180131.pdf
261[+] http://www.logitem.co.jp//ir/topmessage.html
262[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2018/2018cyuukanjihou.pdf
263[+] http://www.logitem.co.jp//news/pdf/20171122.pdf
264[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2018/2018_pdf02.pdf
265[+] http://www.logitem.co.jp//news/pdf/20171031-03.pdf
266[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2018/2018_2Q_kessan.pdf
267[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2018/2018_pdf01.pdf
268[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2018/2018_1Q_kessan.pdf
269[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2017/2017_pdf04.pdf
270[+] http://www.logitem.co.jp//ir/topmessage.html
271[+] http://www.logitem.co.jp//img/ir/corporate/pdf11.pdf
272[+] http://www.logitem.co.jp//news/pdf/20170529.pdf
273[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2017/2017_kessan.pdf
274[+] http://www.logitem.co.jp//news/pdf/20170428.pdf
275[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2017/2017_pdf03.pdf
276[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2017/2017_3Q_kessan.pdf
277[+] http://www.logitem.co.jp//news/pdf/20170130.pdf
278[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2017/2017cyuukanjihou.pdf
279[+] http://www.logitem.co.jp//ir/topmessage.html
280[+] http://www.logitem.co.jp//news/pdf/20161129.pdf
281[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2017/2017_pdf02.pdf
282[+] http://www.logitem.co.jp//news/pdf/20161028-1.pdf
283[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2017/2017_2Q_kessan.pdf
284[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2017/2017_1Q_kessan.pdf
285[+] http://www.logitem.co.jp//img/ir/corporate/pdf10.pdf
286[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2016/2016_pdf04.pdf
287[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2016/2016_kessan.pdf
288[+] http://www.logitem.co.jp//news/pdf/20160428.pdf
289[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2016/2016_pdf03.pdf
290[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2016/2016_3Q_kessan.pdf
291[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2016/2016cyuukanjihou.pdf
292[+] http://www.logitem.co.jp//ir/topmessage.html
293[+] http://www.logitem.co.jp//news/pdf/20151124.pdf
294[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2016/2016_pdf02.pdf
295[+] http://www.logitem.co.jp//news/pdf/20151116.pdf
296[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2016/2016_2Q_kessan.pdf
297[+] http://www.logitem.co.jp//news/pdf/20151030-2.pdf
298[+] http://www.logitem.co.jp//img/ir/corporate/pdf09.pdf
299[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2016/2016_pdf01.pdf
300[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2016/2016_1Q_kessan.pdf
301[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2015/2015_pdf04.pdf
302[+] http://www.logitem.co.jp//ir/topmessage.html
303[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2015/2015jihou.pdf
304[+] http://www.logitem.co.jp//img/ir/corporate/pdf07.pdf
305[+] http://www.logitem.co.jp//ir/highlight.html
306[+] http://www.logitem.co.jp//news/pdf/20150528.pdf
307[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2015/2015kessan.pdf
308[+] http://www.logitem.co.jp//news/pdf/20150428-2.pdf
309[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2015/2015_pdf03.pdf
310[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2015/2015_3Q_kessan.pdf
311[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2015/2015cyuukanjihou.pdf
312[+] http://www.logitem.co.jp//news/pdf/20141125.pdf
313[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2015/2015_pdf02.pdf
314[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2015/2015_2Q_kessan.pdf
315[+] http://www.logitem.co.jp//news/pdf/20141113-2.pdf
316[+] http://www.logitem.co.jp//news/pdf/20141113.pdf
317[+] http://www.logitem.co.jp//news/pdf/20141030.pdf
318[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2015/2015_pdf01.pdf
319[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2015/2015_1Q_kessan.pdf
320[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2014/2014_pdf04.pdf
321[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2014/2014jihou.pdf
322[+] http://www.logitem.co.jp//img/ir/corporate/pdf05.pdf
323[+] http://www.logitem.co.jp//ir/topmessage.html
324[+] http://www.logitem.co.jp//news/pdf/20140529.pdf
325[+] http://www.logitem.co.jp//ir/highlight.html
326[+] http://www.logitem.co.jp//ir/vision.html
327[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2014/2014kessan.pdf
328[+] http://www.logitem.co.jp//news/pdf/20140428.pdf
329[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2014/2014_3Q_kessan.pdf
330[+] http://www.logitem.co.jp//news/pdf/20140130.pdf
331[+] http://www.logitem.co.jp//img/ir/library/pdf/report/2014/2014cyuukanjihou.pdf
332[+] http://www.logitem.co.jp//ir/topmessage.html
333[+] http://www.logitem.co.jp//news/pdf/20131114.pdf
334[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2014/2014_2Q_kessan.pdf
335[+] http://www.logitem.co.jp//news/pdf/20131029.pdf
336[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2014/2014_1Q_kessan.pdf
337[+] http://www.logitem.co.jp//img/ir/library/pdf/other/2014/2014_pdf03.pdf
338[+] http://www.logitem.co.jp//news/pdf/20131119.pdf
339[+] http://www.logitem.co.jp//img/ir/corporate/pdf04.pdf
340[+] http://www.logitem.co.jp//ir/highlight.html
341[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2013/2013kessan.pdf
342[+] http://www.logitem.co.jp//img/ir/library/pdf/article/2013/2013_3Q_kessan.pdf
343[+] http://www.logitem.co.jp//info/index.html
344[+] http://www.logitem.co.jp//company/index.html
345[+] http://www.logitem.co.jp//company/message.html
346[+] http://www.logitem.co.jp//company/philosophy.html
347[+] http://www.logitem.co.jp//company/outline.html
348[+] http://www.logitem.co.jp//company/board.html
349[+] http://www.logitem.co.jp//company/organization.html
350[+] http://www.logitem.co.jp//company/quality.html
351[+] http://www.logitem.co.jp//company/safety.html
352[+] http://www.logitem.co.jp//company/environment.html
353[+] http://www.logitem.co.jp//service/index.html
354[+] http://www.logitem.co.jp//service/3pl.html
355[+] http://www.logitem.co.jp//service/busi_transportation.html
356[+] http://www.logitem.co.jp//service/center_re.html
357[+] http://www.logitem.co.jp//service/center_m.html
358[+] http://www.logitem.co.jp//service/busi_information.html
359[+] http://www.logitem.co.jp//service/others.html
360[+] http://www.logitem.co.jp//service/global.html
361[+] http://www.logitem.co.jp//branch/index.html
362[+] http://www.logitem.co.jp//group/index.html
363[+] http://www.logitem.co.jp//recruit/index.html
364[+] http://www.logitem.co.jp//recruit/seniors.html
365[+] http://www.logitem.co.jp//recruit/syokusyu.html
366[+] http://www.logitem.co.jp//recruit/gyokai.html
367[+] http://www.logitem.co.jp//recruit/virtual_visit.html
368[+] http://www.logitem.co.jp//recruit/requested.html
369[+] http://www.logitem.co.jp//recruit/education.html
370[+] http://www.logitem.co.jp//recruit/faq.html
371[+] http://www.logitem.co.jp//recruit/outline.html
372[+] http://www.logitem.co.jp//recruit/flow.html
373[+] http://www.logitem.co.jp//recruit/career.html
374[+] http://www.logitem.co.jp//ir/index.html
375[+] http://www.logitem.co.jp//ir/topmessage.html
376[+] http://www.logitem.co.jp//ir/vision.html
377[+] http://www.logitem.co.jp//ir/governance.html
378[+] http://www.logitem.co.jp//ir/highlight.html
379[+] http://www.logitem.co.jp//ir/presentation.html
380[+] http://www.logitem.co.jp//ir/library.html
381[+] http://www.logitem.co.jp//ir/calendar.html
382[+] http://www.logitem.co.jp//ir/haitoukin.html
383[+] http://www.logitem.co.jp//ir/yuutai.html
384[+] http://www.logitem.co.jp//ir/shareholder_memo.html
385[+] http://www.logitem.co.jp//ir/faq.html
386[+] http://www.logitem.co.jp//ir/policy.html
387[+] http://www.logitem.co.jp//koukoku/index.html
388[+] http://www.logitem.co.jp//1minute/index.html
389[+] http://www.logitem.co.jp//info/index.html
390[+] http://www.logitem.co.jp//info/privacy.html
391[+] http://www.logitem.co.jp//info/sitemap.html
392[+] http://www.logitem.co.jp//./download/lsys.html
393--------------------------------------------------
394[!] 6 External links Discovered
395[#] http://www.logitemvietnam.com/
396[#] http://www.smbcnikko.co.jp/seminar/nikko_online/IR/movie/9060_140824.html
397[#] http://www.nikkoir.co.jp/seminar/mirai
398[#] http://www.b-soudan.com/
399[#] http://www.logitemvietnam.com/
400[#] https://job.rikunabi.com/2020/company/r159200058/
401--------------------------------------------------
402[#] Mapping Subdomain..
403[-] No Any Subdomain Found
404[!] Found 0 Subdomain
405--------------------------------------------------
406[!] Done At 2019-08-01 19:38:02.330879
407############################################################################################################################
408[INFO] ------TARGET info------
409[*] TARGET: http://www.logitem.co.jp/
410[*] TARGET IP: 210.168.52.41
411[INFO] NO load balancer detected for www.logitem.co.jp...
412[*] DNS servers: ns.web.ad.jp.
413[*] TARGET server: Apache
414[*] CC: JP
415[*] Country: Japan
416[*] RegionCode: 40
417[*] RegionName: Fukuoka
418[*] City: Chuo Ward
419[*] ASN: AS9044
420[*] BGP_PREFIX: 192.0.0.0/3
421[*] ISP: SOLNET BSE Software GmbH, CH
422[INFO] DNS enumeration:
423[INFO] Possible abuse mails are:
424[*] abuse@logitem.co.jp
425[*] abuse@www.logitem.co.jp
426[*] y-sato@idcf.jp
427[INFO] NO PAC (Proxy Auto Configuration) file FOUND
428[INFO] Starting FUZZing in http://www.logitem.co.jp/FUzZzZzZzZz...
429[INFO] Status code Folders
430[ALERT] Look in the source code. It may contain passwords
431[INFO] SAME content in http://www.logitem.co.jp/ AND http://210.168.52.41/
432[INFO] Links found from http://www.logitem.co.jp/:
433[*] https://job.rikunabi.com/2020/company/r159200058/
434[*] http://stocks.finance.yahoo.co.jp/stocks/detail/?code=9060
435[*] http://www.b-soudan.com/
436[*] http://www.irmovie.jp/nir2/?conts=logitem_201905_eCwh
437[*] http://www.logitem.co.jp/1minute/index.html
438[*] http://www.logitem.co.jp/branch/index.html
439[*] http://www.logitem.co.jp/company/board.html
440[*] http://www.logitem.co.jp/company/environment.html
441[*] http://www.logitem.co.jp/company/index.html
442[*] http://www.logitem.co.jp/company/message.html
443[*] http://www.logitem.co.jp/company/organization.html
444[*] http://www.logitem.co.jp/company/outline.html
445[*] http://www.logitem.co.jp/company/philosophy.html
446[*] http://www.logitem.co.jp/company/quality.html
447[*] http://www.logitem.co.jp/company/safety.html
448[*] http://www.logitem.co.jp/./download/lsys.html
449[*] http://www.logitem.co.jp/en/
450[*] http://www.logitem.co.jp/group/index.html
451[*] http://www.logitem.co.jp/#head
452[*] http://www.logitem.co.jp/img/ir/corporate/pdf15.pdf
453[*] http://www.logitem.co.jp/index.html
454[*] http://www.logitem.co.jp/info/index.html
455[*] http://www.logitem.co.jp/info/privacy.html
456[*] http://www.logitem.co.jp/info/sitemap.html
457[*] http://www.logitem.co.jp/ir/calendar.html
458[*] http://www.logitem.co.jp/ir/faq.html
459[*] http://www.logitem.co.jp/ir/governance.html
460[*] http://www.logitem.co.jp/ir/haitoukin.html
461[*] http://www.logitem.co.jp/ir/highlight.html
462[*] http://www.logitem.co.jp/ir/index.html
463[*] http://www.logitem.co.jp/ir/library.html
464[*] http://www.logitem.co.jp/ir/policy.html
465[*] http://www.logitem.co.jp/ir/presentation.html
466[*] http://www.logitem.co.jp/ir/shareholder_memo.html
467[*] http://www.logitem.co.jp/ir/topmessage.html
468[*] http://www.logitem.co.jp/ir/vision.html
469[*] http://www.logitem.co.jp/ir/yuutai.html
470[*] http://www.logitem.co.jp/koukoku/index.html
471[*] http://www.logitem.co.jp/movie01.html?keepThis=true&TB_iframe=true&height=500&width=710
472[*] http://www.logitem.co.jp/movie02.html?keepThis=true&TB_iframe=true&height=500&width=710
473[*] http://www.logitem.co.jp/movie03.html?keepThis=true&TB_iframe=true&height=500&width=710
474[*] http://www.logitem.co.jp/news/pdf/20190627.pdf
475[*] http://www.logitem.co.jp/recruit/career.html
476[*] http://www.logitem.co.jp/recruit/education.html
477[*] http://www.logitem.co.jp/recruit/faq.html
478[*] http://www.logitem.co.jp/recruit/flow.html
479[*] http://www.logitem.co.jp/recruit/gyokai.html
480[*] http://www.logitem.co.jp/recruit/index.html
481[*] http://www.logitem.co.jp/recruit/outline.html
482[*] http://www.logitem.co.jp/recruit/requested.html
483[*] http://www.logitem.co.jp/recruit/seniors.html
484[*] http://www.logitem.co.jp/recruit/syokusyu.html
485[*] http://www.logitem.co.jp/recruit/virtual_visit.html
486[*] http://www.logitem.co.jp/service/3pl.html
487[*] http://www.logitem.co.jp/service/busi_information.html
488[*] http://www.logitem.co.jp/service/busi_transportation.html
489[*] http://www.logitem.co.jp/service/center_m.html
490[*] http://www.logitem.co.jp/service/center_re.html
491[*] http://www.logitem.co.jp/service/global.html
492[*] http://www.logitem.co.jp/service/index.html
493[*] http://www.logitem.co.jp/service/others.html
494[*] http://www.logitemvietnam.com/
495[INFO] GOOGLE has 273,000 results (0.26 seconds) about http://www.logitem.co.jp/
496[INFO] Shodan detected the following opened ports on 210.168.52.41:
497[*] 443
498[*] 80
499[INFO] ------VirusTotal SECTION------
500[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
501[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
502[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
503[INFO] ------Alexa Rank SECTION------
504[INFO] Percent of Visitors Rank in Country:
505[INFO] Percent of Search Traffic:
506[INFO] Percent of Unique Visits:
507[INFO] Total Sites Linking In:
508[*] Total Sites
509[INFO] Useful links related to www.logitem.co.jp - 210.168.52.41:
510[*] https://www.virustotal.com/pt/ip-address/210.168.52.41/information/
511[*] https://www.hybrid-analysis.com/search?host=210.168.52.41
512[*] https://www.shodan.io/host/210.168.52.41
513[*] https://www.senderbase.org/lookup/?search_string=210.168.52.41
514[*] https://www.alienvault.com/open-threat-exchange/ip/210.168.52.41
515[*] http://pastebin.com/search?q=210.168.52.41
516[*] http://urlquery.net/search.php?q=210.168.52.41
517[*] http://www.alexa.com/siteinfo/www.logitem.co.jp
518[*] http://www.google.com/safebrowsing/diagnostic?site=www.logitem.co.jp
519[*] https://censys.io/ipv4/210.168.52.41
520[*] https://www.abuseipdb.com/check/210.168.52.41
521[*] https://urlscan.io/search/#210.168.52.41
522[*] https://github.com/search?q=210.168.52.41&type=Code
523[INFO] Useful links related to AS9044 - 192.0.0.0/3:
524[*] http://www.google.com/safebrowsing/diagnostic?site=AS:9044
525[*] https://www.senderbase.org/lookup/?search_string=192.0.0.0/3
526[*] http://bgp.he.net/AS9044
527[*] https://stat.ripe.net/AS9044
528[INFO] Date: 01/08/19 | Time: 19:39:41
529[INFO] Total time: 1 minute(s) and 50 second(s)
530###################################################################################################
531Trying "logitem.co.jp"
532;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41989
533;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
534
535;; QUESTION SECTION:
536;logitem.co.jp. IN ANY
537
538;; ANSWER SECTION:
539logitem.co.jp. 43200 IN SOA ns.web.ad.jp. ns-admin.web.ad.jp. 2019041801 10800 1800 3600000 86400
540logitem.co.jp. 43200 IN TXT "v=spf1 include:_spf001.syncdot.com include:spf1.mailgateway.nifcloud.com ~all"
541logitem.co.jp. 43200 IN MX 5 mx.mailgateway.nifcloud.com.
542logitem.co.jp. 43200 IN NS ns01.logitem.co.jp.
543logitem.co.jp. 43200 IN NS ns03.logitem.co.jp.
544
545;; AUTHORITY SECTION:
546logitem.co.jp. 43200 IN NS ns03.logitem.co.jp.
547logitem.co.jp. 43200 IN NS ns01.logitem.co.jp.
548
549;; ADDITIONAL SECTION:
550ns01.logitem.co.jp. 43200 IN A 202.248.5.37
551ns03.logitem.co.jp. 43200 IN A 202.248.5.5
552
553Received 317 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 262 ms
554########################################################################################################################################
555; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace logitem.co.jp any
556;; global options: +cmd
557. 80177 IN NS h.root-servers.net.
558. 80177 IN NS b.root-servers.net.
559. 80177 IN NS e.root-servers.net.
560. 80177 IN NS m.root-servers.net.
561. 80177 IN NS f.root-servers.net.
562. 80177 IN NS k.root-servers.net.
563. 80177 IN NS g.root-servers.net.
564. 80177 IN NS l.root-servers.net.
565. 80177 IN NS j.root-servers.net.
566. 80177 IN NS d.root-servers.net.
567. 80177 IN NS c.root-servers.net.
568. 80177 IN NS a.root-servers.net.
569. 80177 IN NS i.root-servers.net.
570. 80177 IN RRSIG NS 8 0 518400 20190814170000 20190801160000 59944 . I65GSnEJNoMJzQTWN0Mppa5O1pbHgQ1xHQIIoF3w1Hk1B6U2iu7PmY/5 w6fllZOUa+1uRntC6Pw6tVzCCPV4NX70SNpBGaqSrRQ31p5ues51onMn QeuV6iBa0XTRYPIwJ0qEdgCK7PBUNe10ZMRNSxcv4wpk9/AkXXgfTNi/ u1sGUULYTbO/zAgxGg/nYjtCAqjuyXzQxniDJtEC9HoPDUnDaaOBL1at BSMX0SLXmzovBfkDEdin/Pwl+tIzYbJFOKKUief2YeBwacF1CyAWt1mU PQAj2jcqopY4XMTPyk9FS8QWqJ0TzP/eGL57OitQzi9N4li7EOXVPUxY AW/m2g==
571;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 224 ms
572
573jp. 172800 IN NS a.dns.jp.
574jp. 172800 IN NS b.dns.jp.
575jp. 172800 IN NS c.dns.jp.
576jp. 172800 IN NS d.dns.jp.
577jp. 172800 IN NS e.dns.jp.
578jp. 172800 IN NS f.dns.jp.
579jp. 172800 IN NS g.dns.jp.
580jp. 172800 IN NS h.dns.jp.
581jp. 86400 IN DS 54004 8 1 0EC348CC7E6D3213CC89E5867088043FC7D5C111
582jp. 86400 IN DS 54004 8 2 5F4B24F667BC70880720D10DF317DC8FF80C63E586D504E6BBFE53F0 B9ECC040
583jp. 86400 IN RRSIG DS 8 1 86400 20190814170000 20190801160000 59944 . d21T1ngcgAYWFfWRbCWVz1y6qkfj3kd6WQ3dTxy6hoQyJooVXCbf6T70 SS8fWf9DkJ5aR0gXrJJHmhNPxmHJvg18u8fN0+wvkA/RiiUDNjSBuH3r 7EjENEsRczntU5pPzXt1PRE6eRYLM6V9TQ2jDza8EL7e24kLB8LThhDC 8YKXJxOkOGn3ic4b8OBQotaGwQk3TuvCcjB8r7dpLlnTZpF1Sgd2Rr3Z UOtQ8wDJMpOQiY62noy1hCuqanY7+AsJcPG9Q6nq48P8Y7M8+WxpTtbg H0lKBVlUy08d252nVeY6RC+Z4fuI6xM0zGp4M89fvm+diZu97w8Skovb am31sw==
584;; Received 869 bytes from 2001:503:c27::2:30#53(j.root-servers.net) in 156 ms
585
586logitem.co.jp. 86400 IN NS ns01.logitem.co.jp.
587logitem.co.jp. 86400 IN NS ns03.logitem.co.jp.
5880PSDMSCJA8KIOGTU909I5GRFKRS7C22T.jp. 900 IN NSEC3 1 1 8 FE147A6D36 0PUVUJ79ISO0FKAF1V1ANMQJ4P3OASUM TXT RRSIG
5890PSDMSCJA8KIOGTU909I5GRFKRS7C22T.jp. 900 IN RRSIG NSEC3 8 2 900 20190826174507 20190727174507 378 jp. gs8Dr5VzGfdveceMEJFeCkRgyKcb5TE9Yp8dFmFs6rI0MQWOufs02nMz c9UbSM0Cxv8nCsDl/1cVNDSjKKdMlZ9sAhgQUsgOIchREsOHFA0Eqozp h43+GDKXC+s5EwFLu4MNAQh/VvCuD52H+YzQyDYfTkvQBk6op86OSBEp 0EY=
590TNUBG8U7EVB6F7A4J55CV76JAMH9LV6C.jp. 900 IN NSEC3 1 1 8 FE147A6D36 TO5BK65F3O7B5RG3HJPP31GAE529BU18 TXT RRSIG
591TNUBG8U7EVB6F7A4J55CV76JAMH9LV6C.jp. 900 IN RRSIG NSEC3 8 2 900 20190826174507 20190727174507 378 jp. TV4sGH2X0Qef7n5JyenzIcNjctcI61gb3M8fb9TjUgVrm6sy/nF2/RqG MPyPYNvLVkDdpgKxzZO456O02TxqGJy/anZDamAPGdZI4aWzk35aDhy2 ZNH9gyGLb/WF4bhj+Lm1BCp0BiN8KutVVOiSSl3mEQkGYQH3nwMy/zjH tFA=
592;; Received 632 bytes from 156.154.100.5#53(c.dns.jp) in 220 ms
593
594logitem.co.jp. 86400 IN MX 5 mx.mailgateway.nifcloud.com.
595logitem.co.jp. 86400 IN TXT "v=spf1 include:_spf001.syncdot.com include:spf1.mailgateway.nifcloud.com ~all"
596logitem.co.jp. 86400 IN NS ns01.logitem.co.jp.
597logitem.co.jp. 86400 IN NS ns03.logitem.co.jp.
598logitem.co.jp. 86400 IN SOA ns.web.ad.jp. ns-admin.web.ad.jp. 2019041801 10800 1800 3600000 86400
599;; Received 300 bytes from 202.248.5.5#53(ns03.logitem.co.jp) in 468 ms
600##################################################################################################################################
601[*] Performing General Enumeration of Domain: logitem.co.jp
602[-] DNSSEC is not configured for logitem.co.jp
603[*] SOA ns.web.ad.jp 202.248.2.201
604[*] NS ns01.logitem.co.jp 202.248.5.37
605[*] NS ns03.logitem.co.jp 202.248.5.5
606[*] MX mx.mailgateway.nifcloud.com 202.248.236.202
607[*] TXT logitem.co.jp v=spf1 include:_spf001.syncdot.com include:spf1.mailgateway.nifcloud.com ~all
608[*] Enumerating SRV Records
609[-] No SRV Records Found for logitem.co.jp
610[+] 0 Records Found
611#####################################################################################################################################
612[*] Processing domain logitem.co.jp
613[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
614[+] Getting nameservers
615202.248.5.37 - ns01.logitem.co.jp
616202.248.5.5 - ns03.logitem.co.jp
617[-] Zone transfer failed
618
619[+] TXT records found
620"v=spf1 include:_spf001.syncdot.com include:spf1.mailgateway.nifcloud.com ~all"
621
622[+] MX records found, added to target list
6235 mx.mailgateway.nifcloud.com.
624
625[*] Scanning logitem.co.jp for A records
626202.248.170.126 - firewall.logitem.co.jp
627210.168.52.41 - intra.logitem.co.jp
628210.168.52.41 - ms.logitem.co.jp
629210.168.52.41 - ns.logitem.co.jp
630202.248.5.37 - ns01.logitem.co.jp
631202.248.5.5 - ns03.logitem.co.jp
632210.168.52.41 - www.logitem.co.jp
633#######################################################################################################################################
634
635
636
637 AVAILABLE PLUGINS
638 -----------------
639
640 EarlyDataPlugin
641 OpenSslCipherSuitesPlugin
642 CertificateInfoPlugin
643 HeartbleedPlugin
644 SessionRenegotiationPlugin
645 CompressionPlugin
646 HttpHeadersPlugin
647 SessionResumptionPlugin
648 OpenSslCcsInjectionPlugin
649 FallbackScsvPlugin
650 RobotPlugin
651
652
653
654 CHECKING HOST(S) AVAILABILITY
655 -----------------------------
656
657 210.168.52.41:443 => 210.168.52.41
658
659
660
661
662 SCAN RESULTS FOR 210.168.52.41:443 - 210.168.52.41
663 --------------------------------------------------
664
665 * OpenSSL Heartbleed:
666 OK - Not vulnerable to Heartbleed
667
668 * Certificate Information:
669 Content
670 SHA1 Fingerprint: a8f9050349f6ea0dbe7c924e41d2ab3918d3a86e
671 Common Name: www.logitem.co.jp
672 Issuer: AlphaSSL CA - SHA256 - G2
673 Serial Number: 12389892699186294030638487892
674 Not Before: 2019-02-14 05:22:50
675 Not After: 2020-04-05 01:47:59
676 Signature Algorithm: sha256
677 Public Key Algorithm: RSA
678 Key Size: 2048
679 Exponent: 65537 (0x10001)
680 DNS Subject Alternative Names: ['www.logitem.co.jp', 'logitem.co.jp']
681
682 Trust
683 Hostname Validation: FAILED - Certificate does NOT match 210.168.52.41
684 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
685 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
686 Java CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
687 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
688 Mozilla CA Store (2018-11-22): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
689 OPENJDK CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
690 Windows CA Store (2018-12-08): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
691 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
692 Received Chain: www.logitem.co.jp
693 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
694 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
695 Received Chain Order: OK - Order is valid
696 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
697
698 Extensions
699 OCSP Must-Staple: NOT SUPPORTED - Extension not found
700 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
701
702 OCSP Stapling
703 NOT SUPPORTED - Server did not send back an OCSP response
704
705 * TLSV1_1 Cipher Suites:
706 Server rejected all cipher suites.
707
708 * TLS 1.2 Session Resumption Support:
709 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
710 With TLS Tickets: OK - Supported
711
712 * TLSV1_2 Cipher Suites:
713 Server rejected all cipher suites.
714
715 * TLSV1 Cipher Suites:
716 Forward Secrecy OK - Supported
717 RC4 INSECURE - Supported
718
719 Preferred:
720 None - Server followed client cipher suite preference.
721 Accepted:
722 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 404 Not Found
723 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
724 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
725 TLS_RSA_WITH_DES_CBC_SHA 56 bits HTTP 404 Not Found
726 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 404 Not Found
727 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 404 Not Found
728 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
729 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
730 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
731 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 404 Not Found
732 TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits HTTP 404 Not Found
733 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 404 Not Found
734 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 404 Not Found
735 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
736 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
737 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
738
739 * Session Renegotiation:
740 Client-initiated Renegotiation: OK - Rejected
741 Secure Renegotiation: OK - Supported
742
743 * Deflate Compression:
744 VULNERABLE - Server supports Deflate compression
745
746 * SSLV2 Cipher Suites:
747 Server rejected all cipher suites.
748
749 * OpenSSL CCS Injection:
750 OK - Not vulnerable to OpenSSL CCS injection
751
752 * Downgrade Attacks:
753 TLS_FALLBACK_SCSV: VULNERABLE - Signaling cipher suite not supported
754
755 * TLSV1_3 Cipher Suites:
756 Server rejected all cipher suites.
757
758 * ROBOT Attack:
759 OK - Not vulnerable
760
761 * SSLV3 Cipher Suites:
762 Forward Secrecy OK - Supported
763 RC4 INSECURE - Supported
764
765 Preferred:
766 None - Server followed client cipher suite preference.
767 Accepted:
768 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 404 Not Found
769 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
770 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
771 TLS_RSA_WITH_DES_CBC_SHA 56 bits HTTP 404 Not Found
772 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 404 Not Found
773 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 404 Not Found
774 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
775 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
776 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
777 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 404 Not Found
778 TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits HTTP 404 Not Found
779 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 404 Not Found
780 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 404 Not Found
781 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
782 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
783 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
784
785
786 SCAN COMPLETED IN 38.00 S
787 -------------------------
788#####################################################################################################################################
789Domains still to check: 1
790 Checking if the hostname logitem.co.jp. given is in fact a domain...
791
792Analyzing domain: logitem.co.jp.
793 Checking NameServers using system default resolver...
794 IP: 202.248.5.37 (Japan)
795 HostName: ns01.logitem.co.jp Type: NS
796 HostName: ns01.outs.web.ad.jp Type: PTR
797 IP: 202.248.5.5 (Japan)
798 HostName: ns03.logitem.co.jp Type: NS
799 HostName: ns03.outs.web.ad.jp Type: PTR
800
801 Checking MailServers using system default resolver...
802 IP: 202.248.236.202 (Japan)
803 HostName: mx.mailgateway.nifcloud.com Type: MX
804 HostName: mx1.mail-filter.nifty.com Type: PTR
805
806 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
807 No zone transfer found on nameserver 202.248.5.37
808 No zone transfer found on nameserver 202.248.5.5
809
810 Checking SPF record...
811
812 Checking SPF record...
813 New IP found: 54.238.200.209
814 New IP found: 54.238.150.68
815 New IP found: 54.238.207.248
816 New IP found: 54.238.237.220
817
818 Checking SPF record...
819
820 Checking SPF record...
821 New IP found: 210.131.2.67
822 New IP found: 210.131.2.105
823 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 202.248.236.200/29, but only the network IP
824 New IP found: 202.248.236.200
825 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 202.248.236.208/29, but only the network IP
826 New IP found: 202.248.236.208
827 New IP found: 202.248.237.20
828 New IP found: 202.248.238.204
829
830 Checking 192 most common hostnames using system default resolver...
831 IP: 210.168.52.41 (Japan)
832 HostName: www.logitem.co.jp. Type: A
833 IP: 202.248.170.126 (Japan)
834 HostName: firewall.logitem.co.jp. Type: A
835 IP: 210.168.52.41 (Japan)
836 HostName: www.logitem.co.jp. Type: A
837 HostName: ns.logitem.co.jp. Type: A
838
839 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
840 Checking netblock 202.248.236.0
841 Checking netblock 202.248.5.0
842 Checking netblock 210.168.52.0
843 Checking netblock 202.248.170.0
844 Checking netblock 54.238.150.0
845 Checking netblock 202.248.238.0
846 Checking netblock 202.248.237.0
847 Checking netblock 210.131.2.0
848 Checking netblock 54.238.237.0
849 Checking netblock 54.238.200.0
850 Checking netblock 54.238.207.0
851
852 Searching for logitem.co.jp. emails in Google
853
854 Checking 15 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
855 Host 202.248.236.200 is up (reset ttl 64)
856 Host 202.248.5.37 is up (reset ttl 64)
857 Host 202.248.236.202 is up (reset ttl 64)
858 Host 210.168.52.41 is up (reset ttl 64)
859 Host 202.248.170.126 is up (reset ttl 64)
860 Host 54.238.150.68 is up (reset ttl 64)
861 Host 202.248.236.208 is up (reset ttl 64)
862 Host 202.248.238.204 is up (reset ttl 64)
863 Host 202.248.237.20 is up (reset ttl 64)
864 Host 210.131.2.105 is up (reset ttl 64)
865 Host 54.238.237.220 is up (reset ttl 64)
866 Host 202.248.5.5 is up (reset ttl 64)
867 Host 54.238.200.209 is up (reset ttl 64)
868 Host 54.238.207.248 is up (reset ttl 64)
869 Host 210.131.2.67 is up (reset ttl 64)
870
871 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
872 Scanning ip 202.248.236.200 ():
873 443/tcp open ssl/http syn-ack ttl 234 Apache httpd
874 | ssl-cert: Subject: commonName=archive.mailgateway.nifcloud.com/organizationName=FUJITSU CLOUD TECHNOLOGIES LIMITED/stateOrProvinceName=Tokyo/countryName=JP
875 | Subject Alternative Name: DNS:archive.mailgateway.nifcloud.com
876 | Issuer: commonName=Cybertrust Japan Public CA G3/organizationName=Cybertrust Japan Co., Ltd./countryName=JP
877 | Public Key type: rsa
878 | Public Key bits: 2048
879 | Signature Algorithm: sha256WithRSAEncryption
880 | Not valid before: 2019-01-28T09:05:52
881 | Not valid after: 2021-01-28T14:59:00
882 | MD5: a97f 61f7 48ad b9bf 4e58 8644 1d22 de5e
883 |_SHA-1: 56fc 2c90 24e6 3c28 9e88 1e9e 2a76 2900 4ef8 428d
884 |_ssl-date: TLS randomness does not represent time
885 Device type: general purpose|broadband router|WAP|printer
886 Scanning ip 202.248.5.37 (ns01.outs.web.ad.jp (PTR)):
887 53/tcp open domain syn-ack ttl 44 (generic dns response: NOTIMP)
888 | fingerprint-strings:
889 | DNSVersionBindReqTCP:
890 | version
891 |_ bind
892 Scanning ip 202.248.236.202 (mx1.mail-filter.nifty.com (PTR)):
893 Scanning ip 210.168.52.41 (ns.logitem.co.jp.):
894 80/tcp open http syn-ack ttl 44 Apache httpd
895 | http-methods:
896 |_ Supported Methods: GET HEAD POST OPTIONS
897 |_http-server-header: Apache
898 |_http-title: \xE6\x97\xA5\xE6\x9C\xAC\xE3\x83\xAD\xE3\x82\xB8\xE3\x83\x86\xE3\x83\xA0\xE6\xA0\xAA\xE5\xBC\x8F\xE4\xBC\x9A\xE7\xA4\xBE
899 443/tcp open ssl/https? syn-ack ttl 40
900 |_ssl-date: 2019-08-01T23:53:05+00:00; +1s from scanner time.
901 Device type: general purpose|firewall|storage-misc|media device|WAP
902 Scanning ip 202.248.170.126 (firewall.logitem.co.jp.):
903 Scanning ip 54.238.150.68 ():
904 110/tcp open pop3 syn-ack ttl 36
905 | fingerprint-strings:
906 | GenericLines, NULL:
907 | +OK webmail001t1c001.syncdot.com ready <4035.1564703692@webmail001t1c001.syncdot.com>
908 | HTTPOptions:
909 | +OK webmail001t1c001.syncdot.com ready <4035.1564703703@webmail001t1c001.syncdot.com>
910 |_ -ERR invalid command
911 443/tcp open ssl/http syn-ack ttl 35 Apache httpd
912 | http-methods:
913 |_ Supported Methods: GET HEAD POST
914 |_http-server-header: Apache
915 |_http-title: 400 Bad Request
916 | ssl-cert: Subject: commonName=*.syncdot.com/organizationName=Fujitsu Systems Applications And Support Limited/stateOrProvinceName=MIYAGI/countryName=JP
917 | Subject Alternative Name: DNS:*.syncdot.com, DNS:syncdot.com
918 | Issuer: commonName=JPRS Organization Validation Authority - G2/organizationName=Japan Registry Services Co., Ltd./countryName=JP
919 | Public Key type: rsa
920 | Public Key bits: 2048
921 | Signature Algorithm: sha256WithRSAEncryption
922 | Not valid before: 2018-08-03T07:02:04
923 | Not valid after: 2019-08-31T14:59:59
924 | MD5: a5b4 1261 99c6 4a91 c128 be9e dd47 f96d
925 |_SHA-1: 71b4 3281 ef63 8bed db0a c474 3b01 78c5 9a31 64f7
926 |_ssl-date: 2019-08-01T23:55:20+00:00; +1s from scanner time.
927 587/tcp open smtp syn-ack ttl 37 Postfix smtpd
928 |_smtp-commands: webmail001t1c001.syncdot.com, PIPELINING, SIZE 30720000, ETRN, AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
929 OS Info: Service Info: Hosts: webmail001t1c001.syncdot.com, webmail001t1c001.syncdot.com
930 Scanning ip 202.248.236.208 ():
931 587/tcp open smtp syn-ack ttl 233 qmail smtpd
932 | smtp-commands: audit1.mail-filter.nifty.com, ENHANCEDSTATUSCODES, PIPELINING, DSN, AUTH=PLAIN LOGIN CRAM-MD5, AUTH PLAIN LOGIN CRAM-MD5, DELIVERBY, HELP,
933 |_ qmail home page: http://pobox.com/~djb/qmail.html
934 Device type: general purpose|broadband router|WAP|printer
935 OS Info: Service Info: OS: Unix
936 Scanning ip 202.248.238.204 ():
937 Scanning ip 202.248.237.20 ():
938 Scanning ip 210.131.2.105 ():
939 Scanning ip 54.238.237.220 ():
940 Scanning ip 202.248.5.5 (ns03.outs.web.ad.jp (PTR)):
941 53/tcp open domain syn-ack ttl 42 (generic dns response: NOTIMP)
942 | fingerprint-strings:
943 | DNSVersionBindReqTCP:
944 | version
945 |_ bind
946 Scanning ip 54.238.200.209 ():
947 110/tcp open pop3 syn-ack ttl 35
948 | fingerprint-strings:
949 | GenericLines, NULL:
950 | +OK webmail001t1a001.syncdot.com ready <21242.1564703884@webmail001t1a001.syncdot.com>
951 | HTTPOptions:
952 | +OK webmail001t1a001.syncdot.com ready <11864.1564703896@webmail001t1a001.syncdot.com>
953 |_ -ERR invalid command
954 443/tcp open ssl/http syn-ack ttl 36 Apache httpd
955 | http-methods:
956 |_ Supported Methods: GET HEAD POST
957 |_http-server-header: Apache
958 |_http-title: 400 Bad Request
959 | ssl-cert: Subject: commonName=*.syncdot.com/organizationName=Fujitsu Systems Applications And Support Limited/stateOrProvinceName=MIYAGI/countryName=JP
960 | Subject Alternative Name: DNS:*.syncdot.com, DNS:syncdot.com
961 | Issuer: commonName=JPRS Organization Validation Authority - G2/organizationName=Japan Registry Services Co., Ltd./countryName=JP
962 | Public Key type: rsa
963 | Public Key bits: 2048
964 | Signature Algorithm: sha256WithRSAEncryption
965 | Not valid before: 2018-08-03T07:02:04
966 | Not valid after: 2019-08-31T14:59:59
967 | MD5: a5b4 1261 99c6 4a91 c128 be9e dd47 f96d
968 |_SHA-1: 71b4 3281 ef63 8bed db0a c474 3b01 78c5 9a31 64f7
969 |_ssl-date: 2019-08-01T23:58:34+00:00; 0s from scanner time.
970 587/tcp open smtp syn-ack ttl 35 Postfix smtpd
971 |_smtp-commands: webmail001t1a001.syncdot.com, PIPELINING, SIZE 30720000, ETRN, AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
972 OS Info: Service Info: Hosts: webmail001t1a001.syncdot.com, webmail001t1a001.syncdot.com
973 Scanning ip 54.238.207.248 ():
974 587/tcp open smtp syn-ack ttl 35 Postfix smtpd
975 |_smtp-commands: archived001t1a001.syncdot.com, PIPELINING, SIZE 32000000, VRFY, ETRN, AUTH GS2-IAKERB GS2-KRB5 SCRAM-SHA-1 GSSAPI GSS-SPNEGO DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
976 OS Info: Service Info: Host: archived001t1a001.syncdot.com
977 Scanning ip 210.131.2.67 ():
978 WebCrawling domain's web servers... up to 50 max links.
979
980 + URL to crawl: http://www.logitem.co.jp.
981 + Date: 2019-08-01
982
983 + Crawling URL: http://www.logitem.co.jp.:
984 + Links:
985 + Crawling http://www.logitem.co.jp.
986 + Crawling http://www.logitem.co.jp./index.html
987 + Crawling http://www.logitem.co.jp./company/index.html
988 + Crawling http://www.logitem.co.jp./service/index.html
989 + Crawling http://www.logitem.co.jp./branch/index.html
990 + Crawling http://www.logitem.co.jp./group/index.html
991 + Crawling http://www.logitem.co.jp./ir/index.html
992 + Crawling http://www.logitem.co.jp./recruit/index.html
993 + Crawling http://www.logitem.co.jp./info/sitemap.html
994 + Crawling http://www.logitem.co.jp./info/index.html
995 + Crawling http://www.logitem.co.jp./en/
996 + Crawling http://www.logitem.co.jp./movie01.html?keepThis=true&TB_iframe=true&height=500&width=710
997 + Crawling http://www.logitem.co.jp./movie02.html?keepThis=true&TB_iframe=true&height=500&width=710
998 + Crawling http://www.logitem.co.jp./movie03.html?keepThis=true&TB_iframe=true&height=500&width=710
999 + Crawling http://www.logitem.co.jp./service/center_re.html
1000 + Crawling http://www.logitem.co.jp./ir/topmessage.html
1001 + Crawling http://www.logitem.co.jp./ir/highlight.html
1002 + Crawling http://www.logitem.co.jp./ir/vision.html
1003 + Crawling http://www.logitem.co.jp./company/message.html
1004 + Crawling http://www.logitem.co.jp./company/philosophy.html
1005 + Crawling http://www.logitem.co.jp./company/outline.html
1006 + Crawling http://www.logitem.co.jp./company/board.html
1007 + Crawling http://www.logitem.co.jp./company/organization.html
1008 + Crawling http://www.logitem.co.jp./company/quality.html
1009 + Crawling http://www.logitem.co.jp./company/safety.html
1010 + Crawling http://www.logitem.co.jp./company/environment.html
1011 + Crawling http://www.logitem.co.jp./service/3pl.html
1012 + Crawling http://www.logitem.co.jp./service/busi_transportation.html
1013 + Crawling http://www.logitem.co.jp./service/center_m.html
1014 + Crawling http://www.logitem.co.jp./service/busi_information.html
1015 + Crawling http://www.logitem.co.jp./service/others.html
1016 + Crawling http://www.logitem.co.jp./service/global.html
1017 + Crawling http://www.logitem.co.jp./recruit/seniors.html
1018 + Crawling http://www.logitem.co.jp./recruit/syokusyu.html
1019 + Crawling http://www.logitem.co.jp./recruit/gyokai.html
1020 + Crawling http://www.logitem.co.jp./recruit/virtual_visit.html
1021 + Crawling http://www.logitem.co.jp./recruit/requested.html
1022 + Crawling http://www.logitem.co.jp./recruit/education.html
1023 + Crawling http://www.logitem.co.jp./recruit/faq.html
1024 + Crawling http://www.logitem.co.jp./recruit/outline.html
1025 + Crawling http://www.logitem.co.jp./recruit/flow.html
1026 + Crawling http://www.logitem.co.jp./recruit/career.html
1027 + Crawling http://www.logitem.co.jp./ir/governance.html
1028 + Crawling http://www.logitem.co.jp./ir/presentation.html
1029 + Crawling http://www.logitem.co.jp./ir/library.html
1030 + Crawling http://www.logitem.co.jp./ir/calendar.html
1031 + Crawling http://www.logitem.co.jp./ir/haitoukin.html
1032 + Crawling http://www.logitem.co.jp./ir/yuutai.html
1033 + Crawling http://www.logitem.co.jp./ir/shareholder_memo.html
1034 + Crawling http://www.logitem.co.jp./ir/faq.html
1035 + Searching for directories...
1036 - Found: http://www.logitem.co.jp./company/
1037 - Found: http://www.logitem.co.jp./service/
1038 - Found: http://www.logitem.co.jp./branch/
1039 - Found: http://www.logitem.co.jp./group/
1040 - Found: http://www.logitem.co.jp./ir/
1041 - Found: http://www.logitem.co.jp./recruit/
1042 - Found: http://www.logitem.co.jp./info/
1043 - Found: http://www.logitem.co.jp./en/
1044 - Found: http://www.logitem.co.jp./css/
1045 - Found: http://www.logitem.co.jp./js/
1046 - Found: http://www.logitem.co.jp./img/
1047 - Found: http://www.logitem.co.jp./img/common/
1048 - Found: http://www.logitem.co.jp./img/index/
1049 - Found: http://www.logitem.co.jp./news/
1050 - Found: http://www.logitem.co.jp./news/pdf/
1051 - Found: http://www.logitem.co.jp./img/ir/
1052 - Found: http://www.logitem.co.jp./img/ir/corporate/
1053 - Found: http://www.logitem.co.jp./img/ir/library/
1054 - Found: http://www.logitem.co.jp./img/ir/library/pdf/
1055 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/
1056 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2019/
1057 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/
1058 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2019/
1059 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2018/
1060 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2018/
1061 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/
1062 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2018/
1063 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2017/
1064 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2017/
1065 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2017/
1066 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2016/
1067 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2016/
1068 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2016/
1069 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2015/
1070 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2015/
1071 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2015/
1072 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2014/
1073 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2014/
1074 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2014/
1075 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2013/
1076 - Found: http://www.logitem.co.jp./img/company/
1077 - Found: http://www.logitem.co.jp./img/company/index/
1078 - Found: http://www.logitem.co.jp./img/service/
1079 - Found: http://www.logitem.co.jp./img/service/index/
1080 - Found: http://www.logitem.co.jp./img/branch/
1081 - Found: http://www.logitem.co.jp./img/group/
1082 - Found: http://www.logitem.co.jp./img/ir/message/
1083 - Found: http://www.logitem.co.jp./img/ir/index/
1084 - Found: http://www.logitem.co.jp./img/recruit/
1085 - Found: http://www.logitem.co.jp./img/recruit/index/
1086 - Found: http://www.logitem.co.jp./img/info/
1087 - Found: http://www.logitem.co.jp./img/info/sitemap/
1088 - Found: http://www.logitem.co.jp./en/css/
1089 - Found: http://www.logitem.co.jp./en/js/
1090 - Found: http://www.logitem.co.jp./en/img/
1091 - Found: http://www.logitem.co.jp./en/img/common/
1092 - Found: http://www.logitem.co.jp./en/img/index/
1093 - Found: http://www.logitem.co.jp./img/service/center_re/
1094 - Found: http://www.logitem.co.jp./img/ir/highlight/
1095 - Found: http://www.logitem.co.jp./img/ir/vision/
1096 - Found: http://www.logitem.co.jp./img/company/ceo/
1097 - Found: http://www.logitem.co.jp./img/company/idea/
1098 - Found: http://www.logitem.co.jp./img/company/company/
1099 - Found: http://www.logitem.co.jp./img/company/board/
1100 - Found: http://www.logitem.co.jp./img/company/organization/
1101 - Found: http://www.logitem.co.jp./img/company/quality/
1102 - Found: http://www.logitem.co.jp./company/pdf/
1103 - Found: http://www.logitem.co.jp./img/company/safety/
1104 - Found: http://www.logitem.co.jp./img/company/environment/
1105 - Found: http://www.logitem.co.jp./img/service/3pl/
1106 - Found: http://www.logitem.co.jp./img/service/transportation/
1107 - Found: http://www.logitem.co.jp./img/service/center_m/
1108 - Found: http://www.logitem.co.jp./img/service/information/
1109 - Found: http://www.logitem.co.jp./img/service/others/
1110 - Found: http://www.logitem.co.jp./img/service/global/
1111 - Found: http://www.logitem.co.jp./img/recruit/seniors/
1112 - Found: http://www.logitem.co.jp./img/recruit/syokusyu/
1113 - Found: http://www.logitem.co.jp./img/recruit/gyokai/
1114 - Found: http://www.logitem.co.jp./img/recruit/visit/
1115 - Found: http://www.logitem.co.jp./img/recruit/requested/
1116 - Found: http://www.logitem.co.jp./img/recruit/education/
1117 - Found: http://www.logitem.co.jp./img/recruit/faq/
1118 - Found: http://www.logitem.co.jp./img/recruit/outline/
1119 - Found: http://www.logitem.co.jp./img/recruit/flow/
1120 - Found: http://www.logitem.co.jp./img/recruit/career/
1121 - Found: http://www.logitem.co.jp./img/ir/movie/
1122 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2012/
1123 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2011/
1124 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2010/
1125 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2009/
1126 - Found: http://www.logitem.co.jp./img/ir/library/pdf/article/2008/
1127 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/
1128 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2019/
1129 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2018/
1130 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2017/
1131 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2016/
1132 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2015/
1133 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2014/
1134 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2013/
1135 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2012/
1136 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2011/
1137 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2010/
1138 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2009/
1139 - Found: http://www.logitem.co.jp./img/ir/library/pdf/briefing/2008/
1140 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2019/
1141 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2013/
1142 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2012/
1143 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2011/
1144 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2010/
1145 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2009/
1146 - Found: http://www.logitem.co.jp./img/ir/library/pdf/report/2008/
1147 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2013/
1148 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2012/
1149 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2011/
1150 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2010/
1151 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2009/
1152 - Found: http://www.logitem.co.jp./img/ir/library/pdf/other/2008/
1153 - Found: http://www.logitem.co.jp./img/ir/calendar/
1154 - Found: http://www.logitem.co.jp./img/ir/info/
1155 - Found: http://www.logitem.co.jp./img/ir/stockholder/
1156 - Found: http://www.logitem.co.jp./img/ir/about/
1157 - Found: http://www.logitem.co.jp./img/ir/faq/
1158 + Searching open folders...
1159 - http://www.logitem.co.jp./company/ (No Open Folder)
1160 - http://www.logitem.co.jp./service/ (No Open Folder)
1161 - http://www.logitem.co.jp./branch/ (No Open Folder)
1162 - http://www.logitem.co.jp./group/ (No Open Folder)
1163 - http://www.logitem.co.jp./ir/ (No Open Folder)
1164 - http://www.logitem.co.jp./recruit/ (No Open Folder)
1165 - http://www.logitem.co.jp./info/ (No Open Folder)
1166 - http://www.logitem.co.jp./en/ (No Open Folder)
1167 - http://www.logitem.co.jp./css/ (404 Not Found)
1168 - http://www.logitem.co.jp./js/ (404 Not Found)
1169 - http://www.logitem.co.jp./img/ (No Open Folder)
1170 - http://www.logitem.co.jp./img/common/ (404 Not Found)
1171 - http://www.logitem.co.jp./img/index/ (404 Not Found)
1172 - http://www.logitem.co.jp./news/ (404 Not Found)
1173 - http://www.logitem.co.jp./news/pdf/ (404 Not Found)
1174 - http://www.logitem.co.jp./img/ir/ (404 Not Found)
1175 - http://www.logitem.co.jp./img/ir/corporate/ (404 Not Found)
1176 - http://www.logitem.co.jp./img/ir/library/ (404 Not Found)
1177 - http://www.logitem.co.jp./img/ir/library/pdf/ (404 Not Found)
1178 - http://www.logitem.co.jp./img/ir/library/pdf/other/ (404 Not Found)
1179 - http://www.logitem.co.jp./img/ir/library/pdf/other/2019/ (404 Not Found)
1180 - http://www.logitem.co.jp./img/ir/library/pdf/article/ (404 Not Found)
1181 - http://www.logitem.co.jp./img/ir/library/pdf/article/2019/ (404 Not Found)
1182 - http://www.logitem.co.jp./img/ir/library/pdf/other/2018/ (404 Not Found)
1183 - http://www.logitem.co.jp./img/ir/library/pdf/article/2018/ (404 Not Found)
1184 - http://www.logitem.co.jp./img/ir/library/pdf/report/ (404 Not Found)
1185 - http://www.logitem.co.jp./img/ir/library/pdf/report/2018/ (404 Not Found)
1186 - http://www.logitem.co.jp./img/ir/library/pdf/other/2017/ (404 Not Found)
1187 - http://www.logitem.co.jp./img/ir/library/pdf/article/2017/ (404 Not Found)
1188 - http://www.logitem.co.jp./img/ir/library/pdf/report/2017/ (404 Not Found)
1189 - http://www.logitem.co.jp./img/ir/library/pdf/other/2016/ (404 Not Found)
1190 - http://www.logitem.co.jp./img/ir/library/pdf/article/2016/ (404 Not Found)
1191 - http://www.logitem.co.jp./img/ir/library/pdf/report/2016/ (404 Not Found)
1192 - http://www.logitem.co.jp./img/ir/library/pdf/other/2015/ (404 Not Found)
1193 - http://www.logitem.co.jp./img/ir/library/pdf/report/2015/ (404 Not Found)
1194 - http://www.logitem.co.jp./img/ir/library/pdf/article/2015/ (404 Not Found)
1195 - http://www.logitem.co.jp./img/ir/library/pdf/other/2014/ (404 Not Found)
1196 - http://www.logitem.co.jp./img/ir/library/pdf/report/2014/ (404 Not Found)
1197 - http://www.logitem.co.jp./img/ir/library/pdf/article/2014/ (404 Not Found)
1198 - http://www.logitem.co.jp./img/ir/library/pdf/article/2013/ (404 Not Found)
1199 - http://www.logitem.co.jp./img/company/ (404 Not Found)
1200 - http://www.logitem.co.jp./img/company/index/ (404 Not Found)
1201 - http://www.logitem.co.jp./img/service/ (404 Not Found)
1202 - http://www.logitem.co.jp./img/service/index/ (404 Not Found)
1203 - http://www.logitem.co.jp./img/branch/ (404 Not Found)
1204 - http://www.logitem.co.jp./img/group/ (404 Not Found)
1205 - http://www.logitem.co.jp./img/ir/message/ (404 Not Found)
1206 - http://www.logitem.co.jp./img/ir/index/ (404 Not Found)
1207 - http://www.logitem.co.jp./img/recruit/ (404 Not Found)
1208 - http://www.logitem.co.jp./img/recruit/index/ (404 Not Found)
1209 - http://www.logitem.co.jp./img/info/ (404 Not Found)
1210 - http://www.logitem.co.jp./img/info/sitemap/ (404 Not Found)
1211 - http://www.logitem.co.jp./en/css/ (404 Not Found)
1212 - http://www.logitem.co.jp./en/js/ (404 Not Found)
1213 - http://www.logitem.co.jp./en/img/ (404 Not Found)
1214 - http://www.logitem.co.jp./en/img/common/ (404 Not Found)
1215 - http://www.logitem.co.jp./en/img/index/ (404 Not Found)
1216 - http://www.logitem.co.jp./img/service/center_re/ (404 Not Found)
1217 - http://www.logitem.co.jp./img/ir/highlight/ (404 Not Found)
1218 - http://www.logitem.co.jp./img/ir/vision/ (404 Not Found)
1219 - http://www.logitem.co.jp./img/company/ceo/ (404 Not Found)
1220 - http://www.logitem.co.jp./img/company/idea/ (404 Not Found)
1221 - http://www.logitem.co.jp./img/company/company/ (404 Not Found)
1222 - http://www.logitem.co.jp./img/company/board/ (404 Not Found)
1223 - http://www.logitem.co.jp./img/company/organization/ (404 Not Found)
1224 - http://www.logitem.co.jp./img/company/quality/ (404 Not Found)
1225 - http://www.logitem.co.jp./company/pdf/ (404 Not Found)
1226 - http://www.logitem.co.jp./img/company/safety/ (404 Not Found)
1227 - http://www.logitem.co.jp./img/company/environment/ (404 Not Found)
1228 - http://www.logitem.co.jp./img/service/3pl/ (404 Not Found)
1229 - http://www.logitem.co.jp./img/service/transportation/ (404 Not Found)
1230 - http://www.logitem.co.jp./img/service/center_m/ (404 Not Found)
1231 - http://www.logitem.co.jp./img/service/information/ (404 Not Found)
1232 - http://www.logitem.co.jp./img/service/others/ (404 Not Found)
1233 - http://www.logitem.co.jp./img/service/global/ (404 Not Found)
1234 - http://www.logitem.co.jp./img/recruit/seniors/ (404 Not Found)
1235 - http://www.logitem.co.jp./img/recruit/syokusyu/ (404 Not Found)
1236 - http://www.logitem.co.jp./img/recruit/gyokai/ (404 Not Found)
1237 - http://www.logitem.co.jp./img/recruit/visit/ (404 Not Found)
1238 - http://www.logitem.co.jp./img/recruit/requested/ (404 Not Found)
1239 - http://www.logitem.co.jp./img/recruit/education/ (404 Not Found)
1240 - http://www.logitem.co.jp./img/recruit/faq/ (404 Not Found)
1241 - http://www.logitem.co.jp./img/recruit/outline/ (404 Not Found)
1242 - http://www.logitem.co.jp./img/recruit/flow/ (404 Not Found)
1243 - http://www.logitem.co.jp./img/recruit/career/ (404 Not Found)
1244 - http://www.logitem.co.jp./img/ir/movie/ (404 Not Found)
1245 - http://www.logitem.co.jp./img/ir/library/pdf/article/2012/ (404 Not Found)
1246 - http://www.logitem.co.jp./img/ir/library/pdf/article/2011/ (404 Not Found)
1247 - http://www.logitem.co.jp./img/ir/library/pdf/article/2010/ (404 Not Found)
1248 - http://www.logitem.co.jp./img/ir/library/pdf/article/2009/ (404 Not Found)
1249 - http://www.logitem.co.jp./img/ir/library/pdf/article/2008/ (404 Not Found)
1250 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/ (404 Not Found)
1251 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2019/ (404 Not Found)
1252 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2018/ (404 Not Found)
1253 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2017/ (404 Not Found)
1254 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2016/ (404 Not Found)
1255 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2015/ (404 Not Found)
1256 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2014/ (404 Not Found)
1257 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2013/ (404 Not Found)
1258 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2012/ (404 Not Found)
1259 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2011/ (404 Not Found)
1260 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2010/ (404 Not Found)
1261 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2009/ (404 Not Found)
1262 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2008/ (404 Not Found)
1263 - http://www.logitem.co.jp./img/ir/library/pdf/report/2019/ (404 Not Found)
1264 - http://www.logitem.co.jp./img/ir/library/pdf/report/2013/ (404 Not Found)
1265 - http://www.logitem.co.jp./img/ir/library/pdf/report/2012/ (404 Not Found)
1266 - http://www.logitem.co.jp./img/ir/library/pdf/report/2011/ (404 Not Found)
1267 - http://www.logitem.co.jp./img/ir/library/pdf/report/2010/ (404 Not Found)
1268 - http://www.logitem.co.jp./img/ir/library/pdf/report/2009/ (404 Not Found)
1269 - http://www.logitem.co.jp./img/ir/library/pdf/report/2008/ (404 Not Found)
1270 - http://www.logitem.co.jp./img/ir/library/pdf/other/2013/ (404 Not Found)
1271 - http://www.logitem.co.jp./img/ir/library/pdf/other/2012/ (404 Not Found)
1272 - http://www.logitem.co.jp./img/ir/library/pdf/other/2011/ (404 Not Found)
1273 - http://www.logitem.co.jp./img/ir/library/pdf/other/2010/ (404 Not Found)
1274 - http://www.logitem.co.jp./img/ir/library/pdf/other/2009/ (404 Not Found)
1275 - http://www.logitem.co.jp./img/ir/library/pdf/other/2008/ (404 Not Found)
1276 - http://www.logitem.co.jp./img/ir/calendar/ (404 Not Found)
1277 - http://www.logitem.co.jp./img/ir/info/ (404 Not Found)
1278 - http://www.logitem.co.jp./img/ir/stockholder/ (404 Not Found)
1279 - http://www.logitem.co.jp./img/ir/about/ (404 Not Found)
1280 - http://www.logitem.co.jp./img/ir/faq/ (404 Not Found)
1281 + Crawl finished successfully.
1282----------------------------------------------------------------------
1283Summary of http://http://www.logitem.co.jp.
1284----------------------------------------------------------------------
1285+ Links crawled:
1286 - http://www.logitem.co.jp.
1287 - http://www.logitem.co.jp./branch/index.html
1288 - http://www.logitem.co.jp./company/board.html
1289 - http://www.logitem.co.jp./company/environment.html
1290 - http://www.logitem.co.jp./company/index.html
1291 - http://www.logitem.co.jp./company/message.html
1292 - http://www.logitem.co.jp./company/organization.html
1293 - http://www.logitem.co.jp./company/outline.html
1294 - http://www.logitem.co.jp./company/philosophy.html
1295 - http://www.logitem.co.jp./company/quality.html
1296 - http://www.logitem.co.jp./company/safety.html
1297 - http://www.logitem.co.jp./en/
1298 - http://www.logitem.co.jp./group/index.html
1299 - http://www.logitem.co.jp./index.html
1300 - http://www.logitem.co.jp./info/index.html
1301 - http://www.logitem.co.jp./info/sitemap.html
1302 - http://www.logitem.co.jp./ir/calendar.html
1303 - http://www.logitem.co.jp./ir/faq.html
1304 - http://www.logitem.co.jp./ir/governance.html
1305 - http://www.logitem.co.jp./ir/haitoukin.html
1306 - http://www.logitem.co.jp./ir/highlight.html
1307 - http://www.logitem.co.jp./ir/index.html
1308 - http://www.logitem.co.jp./ir/library.html
1309 - http://www.logitem.co.jp./ir/presentation.html
1310 - http://www.logitem.co.jp./ir/shareholder_memo.html
1311 - http://www.logitem.co.jp./ir/topmessage.html
1312 - http://www.logitem.co.jp./ir/vision.html
1313 - http://www.logitem.co.jp./ir/yuutai.html
1314 - http://www.logitem.co.jp./movie01.html?keepThis=true&TB_iframe=true&height=500&width=710
1315 - http://www.logitem.co.jp./movie02.html?keepThis=true&TB_iframe=true&height=500&width=710
1316 - http://www.logitem.co.jp./movie03.html?keepThis=true&TB_iframe=true&height=500&width=710
1317 - http://www.logitem.co.jp./recruit/career.html
1318 - http://www.logitem.co.jp./recruit/education.html
1319 - http://www.logitem.co.jp./recruit/faq.html
1320 - http://www.logitem.co.jp./recruit/flow.html
1321 - http://www.logitem.co.jp./recruit/gyokai.html
1322 - http://www.logitem.co.jp./recruit/index.html
1323 - http://www.logitem.co.jp./recruit/outline.html
1324 - http://www.logitem.co.jp./recruit/requested.html
1325 - http://www.logitem.co.jp./recruit/seniors.html
1326 - http://www.logitem.co.jp./recruit/syokusyu.html
1327 - http://www.logitem.co.jp./recruit/virtual_visit.html
1328 - http://www.logitem.co.jp./service/3pl.html
1329 - http://www.logitem.co.jp./service/busi_information.html
1330 - http://www.logitem.co.jp./service/busi_transportation.html
1331 - http://www.logitem.co.jp./service/center_m.html
1332 - http://www.logitem.co.jp./service/center_re.html
1333 - http://www.logitem.co.jp./service/global.html
1334 - http://www.logitem.co.jp./service/index.html
1335 - http://www.logitem.co.jp./service/others.html
1336 Total links crawled: 50
1337
1338+ Links to files found:
1339 - http://www.logitem.co.jp./company/pdf/pdf01.pdf
1340 - http://www.logitem.co.jp./company/pdf/pdf02.pdf
1341 - http://www.logitem.co.jp./company/pdf/pdf03.pdf
1342 - http://www.logitem.co.jp./company/pdf/pdf04.pdf
1343 - http://www.logitem.co.jp./company/pdf/pdf05.pdf
1344 - http://www.logitem.co.jp./company/pdf/pdf06.pdf
1345 - http://www.logitem.co.jp./company/pdf/pdf07.pdf
1346 - http://www.logitem.co.jp./company/pdf/pdf08.pdf
1347 - http://www.logitem.co.jp./company/pdf/pdf09.pdf
1348 - http://www.logitem.co.jp./company/pdf/pdf10.pdf
1349 - http://www.logitem.co.jp./company/pdf/pdf11.pdf
1350 - http://www.logitem.co.jp./company/pdf/pdf12.pdf
1351 - http://www.logitem.co.jp./company/pdf/pdf13.pdf
1352 - http://www.logitem.co.jp./css/common.css
1353 - http://www.logitem.co.jp./css/flexslider.css
1354 - http://www.logitem.co.jp./css/jquery.lightbox-0.5.css
1355 - http://www.logitem.co.jp./css/main.css
1356 - http://www.logitem.co.jp./css/thickbox.css
1357 - http://www.logitem.co.jp./en/css/common.css
1358 - http://www.logitem.co.jp./en/css/flexslider.css
1359 - http://www.logitem.co.jp./en/css/jquery.lightbox-0.5.css
1360 - http://www.logitem.co.jp./en/css/main.css
1361 - http://www.logitem.co.jp./en/css/thickbox.css
1362 - http://www.logitem.co.jp./en/img/common/footLogo.jpg
1363 - http://www.logitem.co.jp./en/img/common/gNav01.jpg
1364 - http://www.logitem.co.jp./en/img/common/gNav02.jpg
1365 - http://www.logitem.co.jp./en/img/common/gNav03.jpg
1366 - http://www.logitem.co.jp./en/img/common/gNav04.jpg
1367 - http://www.logitem.co.jp./en/img/common/gNav05.jpg
1368 - http://www.logitem.co.jp./en/img/common/headLink01.jpg
1369 - http://www.logitem.co.jp./en/img/common/headLink02.jpg
1370 - http://www.logitem.co.jp./en/img/common/headLink03.jpg
1371 - http://www.logitem.co.jp./en/img/common/headLink04.jpg
1372 - http://www.logitem.co.jp./en/img/common/headLogo.jpg
1373 - http://www.logitem.co.jp./en/img/common/lang.jpg
1374 - http://www.logitem.co.jp./en/img/common/pageTop.jpg
1375 - http://www.logitem.co.jp./en/img/common/sideBanner06.jpg
1376 - http://www.logitem.co.jp./en/img/index/h301.jpg
1377 - http://www.logitem.co.jp./en/img/index/h302.jpg
1378 - http://www.logitem.co.jp./en/img/index/h303.jpg
1379 - http://www.logitem.co.jp./en/img/index/h304.jpg
1380 - http://www.logitem.co.jp./en/img/index/h305.jpg
1381 - http://www.logitem.co.jp./en/img/index/main01.jpg
1382 - http://www.logitem.co.jp./en/img/index/main02.jpg
1383 - http://www.logitem.co.jp./en/img/index/main03.jpg
1384 - http://www.logitem.co.jp./en/img/index/pict01.jpg
1385 - http://www.logitem.co.jp./en/img/index/pict02.jpg
1386 - http://www.logitem.co.jp./en/img/index/pict03.jpg
1387 - http://www.logitem.co.jp./en/js/jquery.flexslider.js
1388 - http://www.logitem.co.jp./en/js/jquery.js
1389 - http://www.logitem.co.jp./en/js/jquery.lightbox-0.5.js
1390 - http://www.logitem.co.jp./en/js/thickbox.js
1391 - http://www.logitem.co.jp./en/js/util.js
1392 - http://www.logitem.co.jp./img/branch/h2.jpg
1393 - http://www.logitem.co.jp./img/branch/h3.jpg
1394 - http://www.logitem.co.jp./img/branch/sideDt.jpg
1395 - http://www.logitem.co.jp./img/common/bnr0911.jpg
1396 - http://www.logitem.co.jp./img/common/footLogo.jpg
1397 - http://www.logitem.co.jp./img/common/gNav01.jpg
1398 - http://www.logitem.co.jp./img/common/gNav02.jpg
1399 - http://www.logitem.co.jp./img/common/gNav03.jpg
1400 - http://www.logitem.co.jp./img/common/gNav04.jpg
1401 - http://www.logitem.co.jp./img/common/gNav05.jpg
1402 - http://www.logitem.co.jp./img/common/gNav06.jpg
1403 - http://www.logitem.co.jp./img/common/headLink01.jpg
1404 - http://www.logitem.co.jp./img/common/headLink02.jpg
1405 - http://www.logitem.co.jp./img/common/headLink03.jpg
1406 - http://www.logitem.co.jp./img/common/headLink04.jpg
1407 - http://www.logitem.co.jp./img/common/headLogo.jpg
1408 - http://www.logitem.co.jp./img/common/lang.jpg
1409 - http://www.logitem.co.jp./img/common/pageTop.jpg
1410 - http://www.logitem.co.jp./img/common/sideBanner01.jpg
1411 - http://www.logitem.co.jp./img/common/sideBanner05.jpg
1412 - http://www.logitem.co.jp./img/common/sideBanner06.jpg
1413 - http://www.logitem.co.jp./img/company/board/h3.jpg
1414 - http://www.logitem.co.jp./img/company/board/h401.jpg
1415 - http://www.logitem.co.jp./img/company/board/h402.jpg
1416 - http://www.logitem.co.jp./img/company/board/h403.jpg
1417 - http://www.logitem.co.jp./img/company/ceo/h3.jpg
1418 - http://www.logitem.co.jp./img/company/ceo/h4.jpg
1419 - http://www.logitem.co.jp./img/company/ceo/pict2.jpg
1420 - http://www.logitem.co.jp./img/company/company/h3.jpg
1421 - http://www.logitem.co.jp./img/company/company/h401.jpg
1422 - http://www.logitem.co.jp./img/company/company/h402.jpg
1423 - http://www.logitem.co.jp./img/company/company/h501.jpg
1424 - http://www.logitem.co.jp./img/company/company/h502.jpg
1425 - http://www.logitem.co.jp./img/company/company/h503.jpg
1426 - http://www.logitem.co.jp./img/company/company/h504.jpg
1427 - http://www.logitem.co.jp./img/company/company/h505.jpg
1428 - http://www.logitem.co.jp./img/company/company/h506.jpg
1429 - http://www.logitem.co.jp./img/company/company/h507.jpg
1430 - http://www.logitem.co.jp./img/company/company/h508.jpg
1431 - http://www.logitem.co.jp./img/company/environment/btn01.jpg
1432 - http://www.logitem.co.jp./img/company/environment/fig01.jpg
1433 - http://www.logitem.co.jp./img/company/environment/fig02.jpg
1434 - http://www.logitem.co.jp./img/company/environment/fig03.jpg
1435 - http://www.logitem.co.jp./img/company/environment/h3.jpg
1436 - http://www.logitem.co.jp./img/company/environment/h401.jpg
1437 - http://www.logitem.co.jp./img/company/environment/h402.jpg
1438 - http://www.logitem.co.jp./img/company/environment/h501.jpg
1439 - http://www.logitem.co.jp./img/company/environment/h502.jpg
1440 - http://www.logitem.co.jp./img/company/environment/h5031.jpg
1441 - http://www.logitem.co.jp./img/company/environment/h504.jpg
1442 - http://www.logitem.co.jp./img/company/environment/h505.jpg
1443 - http://www.logitem.co.jp./img/company/environment/h506.jpg
1444 - http://www.logitem.co.jp./img/company/environment/pict01.jpg
1445 - http://www.logitem.co.jp./img/company/environment/pict02.jpg
1446 - http://www.logitem.co.jp./img/company/environment/pict03.jpg
1447 - http://www.logitem.co.jp./img/company/environment/pict04.jpg
1448 - http://www.logitem.co.jp./img/company/h2.jpg
1449 - http://www.logitem.co.jp./img/company/idea/h3.jpg
1450 - http://www.logitem.co.jp./img/company/idea/lead01.jpg
1451 - http://www.logitem.co.jp./img/company/index/link01.jpg
1452 - http://www.logitem.co.jp./img/company/index/link02.jpg
1453 - http://www.logitem.co.jp./img/company/index/link03.jpg
1454 - http://www.logitem.co.jp./img/company/index/link04.jpg
1455 - http://www.logitem.co.jp./img/company/index/link05.jpg
1456 - http://www.logitem.co.jp./img/company/index/link06.jpg
1457 - http://www.logitem.co.jp./img/company/index/link07.jpg
1458 - http://www.logitem.co.jp./img/company/index/link08.jpg
1459 - http://www.logitem.co.jp./img/company/organization/fig2019.4.png
1460 - http://www.logitem.co.jp./img/company/organization/h3.jpg
1461 - http://www.logitem.co.jp./img/company/quality/fig03.jpg
1462 - http://www.logitem.co.jp./img/company/quality/fig04.jpg
1463 - http://www.logitem.co.jp./img/company/quality/fig05.jpg
1464 - http://www.logitem.co.jp./img/company/quality/h3.jpg
1465 - http://www.logitem.co.jp./img/company/quality/h401.jpg
1466 - http://www.logitem.co.jp./img/company/quality/h402.jpg
1467 - http://www.logitem.co.jp./img/company/quality/h501.jpg
1468 - http://www.logitem.co.jp./img/company/quality/h502.jpg
1469 - http://www.logitem.co.jp./img/company/quality/h503.jpg
1470 - http://www.logitem.co.jp./img/company/quality/h504.jpg
1471 - http://www.logitem.co.jp./img/company/quality/pdf.jpg
1472 - http://www.logitem.co.jp./img/company/quality/pict01.jpg
1473 - http://www.logitem.co.jp./img/company/quality/pict02.jpg
1474 - http://www.logitem.co.jp./img/company/quality/pict03.jpg
1475 - http://www.logitem.co.jp./img/company/safety/fig01.jpg
1476 - http://www.logitem.co.jp./img/company/safety/fig03.jpg
1477 - http://www.logitem.co.jp./img/company/safety/fig04.jpg
1478 - http://www.logitem.co.jp./img/company/safety/h3.jpg
1479 - http://www.logitem.co.jp./img/company/safety/h401.jpg
1480 - http://www.logitem.co.jp./img/company/safety/h402.jpg
1481 - http://www.logitem.co.jp./img/company/safety/h501.jpg
1482 - http://www.logitem.co.jp./img/company/safety/h502.jpg
1483 - http://www.logitem.co.jp./img/company/safety/h503.jpg
1484 - http://www.logitem.co.jp./img/company/safety/pict01.jpg
1485 - http://www.logitem.co.jp./img/company/safety/pict02.jpg
1486 - http://www.logitem.co.jp./img/company/sideDt.jpg
1487 - http://www.logitem.co.jp./img/group/h2.jpg
1488 - http://www.logitem.co.jp./img/group/h3.jpg
1489 - http://www.logitem.co.jp./img/group/sideDt.jpg
1490 - http://www.logitem.co.jp./img/index/h301.jpg
1491 - http://www.logitem.co.jp./img/index/h302.jpg
1492 - http://www.logitem.co.jp./img/index/main01.jpg
1493 - http://www.logitem.co.jp./img/index/main02.jpg
1494 - http://www.logitem.co.jp./img/index/main03.jpg
1495 - http://www.logitem.co.jp./img/index/movieDd01.jpg
1496 - http://www.logitem.co.jp./img/index/movieDd02.jpg
1497 - http://www.logitem.co.jp./img/index/movieDd03.jpg
1498 - http://www.logitem.co.jp./img/index/movieDt.jpg
1499 - http://www.logitem.co.jp./img/info/btn.jpg
1500 - http://www.logitem.co.jp./img/info/h2.jpg
1501 - http://www.logitem.co.jp./img/info/h301.jpg
1502 - http://www.logitem.co.jp./img/info/h302.jpg
1503 - http://www.logitem.co.jp./img/info/sitemap/h2.jpg
1504 - http://www.logitem.co.jp./img/info/sitemap/h3.jpg
1505 - http://www.logitem.co.jp./img/ir/about/h3.jpg
1506 - http://www.logitem.co.jp./img/ir/about/h401.jpg
1507 - http://www.logitem.co.jp./img/ir/about/h402.jpg
1508 - http://www.logitem.co.jp./img/ir/about/h501.jpg
1509 - http://www.logitem.co.jp./img/ir/about/h502.jpg
1510 - http://www.logitem.co.jp./img/ir/about/h503.jpg
1511 - http://www.logitem.co.jp./img/ir/about/h504.jpg
1512 - http://www.logitem.co.jp./img/ir/about/h505.jpg
1513 - http://www.logitem.co.jp./img/ir/about/image027.gif
1514 - http://www.logitem.co.jp./img/ir/about/image028.gif
1515 - http://www.logitem.co.jp./img/ir/calendar/h3.jpg
1516 - http://www.logitem.co.jp./img/ir/calendar/h401.jpg
1517 - http://www.logitem.co.jp./img/ir/calendar/h408.jpg
1518 - http://www.logitem.co.jp./img/ir/corporate/fig2018.6.28.jpg
1519 - http://www.logitem.co.jp./img/ir/corporate/h3.jpg
1520 - http://www.logitem.co.jp./img/ir/corporate/pdf04.pdf
1521 - http://www.logitem.co.jp./img/ir/corporate/pdf05.pdf
1522 - http://www.logitem.co.jp./img/ir/corporate/pdf07.pdf
1523 - http://www.logitem.co.jp./img/ir/corporate/pdf09.pdf
1524 - http://www.logitem.co.jp./img/ir/corporate/pdf10.pdf
1525 - http://www.logitem.co.jp./img/ir/corporate/pdf11.pdf
1526 - http://www.logitem.co.jp./img/ir/corporate/pdf13.pdf
1527 - http://www.logitem.co.jp./img/ir/corporate/pdf14.pdf
1528 - http://www.logitem.co.jp./img/ir/corporate/pdf15.pdf
1529 - http://www.logitem.co.jp./img/ir/faq/h3.jpg
1530 - http://www.logitem.co.jp./img/ir/h2.jpg
1531 - http://www.logitem.co.jp./img/ir/highlight/h3.jpg
1532 - http://www.logitem.co.jp./img/ir/highlight/h401.jpg
1533 - http://www.logitem.co.jp./img/ir/highlight/h402.jpg
1534 - http://www.logitem.co.jp./img/ir/highlight/h403.jpg
1535 - http://www.logitem.co.jp./img/ir/highlight/h404.jpg
1536 - http://www.logitem.co.jp./img/ir/highlight/h405.gif
1537 - http://www.logitem.co.jp./img/ir/highlight/h501.jpg
1538 - http://www.logitem.co.jp./img/ir/highlight/h502.jpg
1539 - http://www.logitem.co.jp./img/ir/highlight/h503.gif
1540 - http://www.logitem.co.jp./img/ir/highlight/image001-2019.gif
1541 - http://www.logitem.co.jp./img/ir/highlight/image002-2019.gif
1542 - http://www.logitem.co.jp./img/ir/highlight/image003-2019.gif
1543 - http://www.logitem.co.jp./img/ir/highlight/image004-2019.gif
1544 - http://www.logitem.co.jp./img/ir/highlight/image005-2019.gif
1545 - http://www.logitem.co.jp./img/ir/highlight/image006-2019.gif
1546 - http://www.logitem.co.jp./img/ir/highlight/image007-2019.gif
1547 - http://www.logitem.co.jp./img/ir/highlight/image008-2019.gif
1548 - http://www.logitem.co.jp./img/ir/highlight/image009-2019.gif
1549 - http://www.logitem.co.jp./img/ir/highlight/image010-2019.gif
1550 - http://www.logitem.co.jp./img/ir/highlight/image011-2019.gif
1551 - http://www.logitem.co.jp./img/ir/highlight/image012-2019.gif
1552 - http://www.logitem.co.jp./img/ir/highlight/image013-2019.gif
1553 - http://www.logitem.co.jp./img/ir/highlight/image014-2019.gif
1554 - http://www.logitem.co.jp./img/ir/highlight/image015-2019.gif
1555 - http://www.logitem.co.jp./img/ir/highlight/image016-2019.gif
1556 - http://www.logitem.co.jp./img/ir/highlight/image017-2019.gif
1557 - http://www.logitem.co.jp./img/ir/highlight/image018-2019.gif
1558 - http://www.logitem.co.jp./img/ir/highlight/image019-2019.gif
1559 - http://www.logitem.co.jp./img/ir/highlight/image020-2019.gif
1560 - http://www.logitem.co.jp./img/ir/highlight/image021-2019.gif
1561 - http://www.logitem.co.jp./img/ir/highlight/image022-2019.gif
1562 - http://www.logitem.co.jp./img/ir/highlight/image023-2019.gif
1563 - http://www.logitem.co.jp./img/ir/highlight/image024-2019.gif
1564 - http://www.logitem.co.jp./img/ir/index/banner01.jpg
1565 - http://www.logitem.co.jp./img/ir/index/banner02.jpg
1566 - http://www.logitem.co.jp./img/ir/index/banner03.jpg
1567 - http://www.logitem.co.jp./img/ir/index/dt01.jpg
1568 - http://www.logitem.co.jp./img/ir/index/dt02.jpg
1569 - http://www.logitem.co.jp./img/ir/index/dt03.jpg
1570 - http://www.logitem.co.jp./img/ir/index/h3.jpg
1571 - http://www.logitem.co.jp./img/ir/index/pdf.jpg
1572 - http://www.logitem.co.jp./img/ir/info/h3.jpg
1573 - http://www.logitem.co.jp./img/ir/info/h401.jpg
1574 - http://www.logitem.co.jp./img/ir/info/h402.jpg
1575 - http://www.logitem.co.jp./img/ir/library/btn.jpg
1576 - http://www.logitem.co.jp./img/ir/library/h3.jpg
1577 - http://www.logitem.co.jp./img/ir/library/pdf/article/2008/2008_1Q_kessan.pdf
1578 - http://www.logitem.co.jp./img/ir/library/pdf/article/2008/2008_2Q_kessan.pdf
1579 - http://www.logitem.co.jp./img/ir/library/pdf/article/2008/2008_3Q_kessan.pdf
1580 - http://www.logitem.co.jp./img/ir/library/pdf/article/2008/2008kessan.pdf
1581 - http://www.logitem.co.jp./img/ir/library/pdf/article/2009/2009_1Q_kessan.pdf
1582 - http://www.logitem.co.jp./img/ir/library/pdf/article/2009/2009_2Q_kessan.pdf
1583 - http://www.logitem.co.jp./img/ir/library/pdf/article/2009/2009_3Q_kessan.pdf
1584 - http://www.logitem.co.jp./img/ir/library/pdf/article/2009/2009kessan.pdf
1585 - http://www.logitem.co.jp./img/ir/library/pdf/article/2010/2010_1Q_kessan.pdf
1586 - http://www.logitem.co.jp./img/ir/library/pdf/article/2010/2010_2Q_kessan.pdf
1587 - http://www.logitem.co.jp./img/ir/library/pdf/article/2010/2010_3Q_kessan.pdf
1588 - http://www.logitem.co.jp./img/ir/library/pdf/article/2010/2010kessan.pdf
1589 - http://www.logitem.co.jp./img/ir/library/pdf/article/2011/2011_1Q_kessan.pdf
1590 - http://www.logitem.co.jp./img/ir/library/pdf/article/2011/2011_2Q_kessan.pdf
1591 - http://www.logitem.co.jp./img/ir/library/pdf/article/2011/2011_3Q_kessan.pdf
1592 - http://www.logitem.co.jp./img/ir/library/pdf/article/2011/2011kessan.pdf
1593 - http://www.logitem.co.jp./img/ir/library/pdf/article/2012/2012_1Q_kessan.pdf
1594 - http://www.logitem.co.jp./img/ir/library/pdf/article/2012/2012_2Q_kessan.pdf
1595 - http://www.logitem.co.jp./img/ir/library/pdf/article/2012/2012_3Q_kessan.pdf
1596 - http://www.logitem.co.jp./img/ir/library/pdf/article/2012/2012kessan.pdf
1597 - http://www.logitem.co.jp./img/ir/library/pdf/article/2013/2013_1Q_kessan.pdf
1598 - http://www.logitem.co.jp./img/ir/library/pdf/article/2013/2013_2Q_kessan.pdf
1599 - http://www.logitem.co.jp./img/ir/library/pdf/article/2013/2013_3Q_kessan.pdf
1600 - http://www.logitem.co.jp./img/ir/library/pdf/article/2013/2013kessan.pdf
1601 - http://www.logitem.co.jp./img/ir/library/pdf/article/2014/2014_1Q_kessan.pdf
1602 - http://www.logitem.co.jp./img/ir/library/pdf/article/2014/2014_2Q_kessan.pdf
1603 - http://www.logitem.co.jp./img/ir/library/pdf/article/2014/2014_3Q_kessan.pdf
1604 - http://www.logitem.co.jp./img/ir/library/pdf/article/2014/2014kessan.pdf
1605 - http://www.logitem.co.jp./img/ir/library/pdf/article/2015/2015_1Q_kessan.pdf
1606 - http://www.logitem.co.jp./img/ir/library/pdf/article/2015/2015_2Q_kessan.pdf
1607 - http://www.logitem.co.jp./img/ir/library/pdf/article/2015/2015_3Q_kessan.pdf
1608 - http://www.logitem.co.jp./img/ir/library/pdf/article/2015/2015kessan.pdf
1609 - http://www.logitem.co.jp./img/ir/library/pdf/article/2016/2016_1Q_kessan.pdf
1610 - http://www.logitem.co.jp./img/ir/library/pdf/article/2016/2016_2Q_kessan.pdf
1611 - http://www.logitem.co.jp./img/ir/library/pdf/article/2016/2016_3Q_kessan.pdf
1612 - http://www.logitem.co.jp./img/ir/library/pdf/article/2016/2016_kessan.pdf
1613 - http://www.logitem.co.jp./img/ir/library/pdf/article/2017/2017_1Q_kessan.pdf
1614 - http://www.logitem.co.jp./img/ir/library/pdf/article/2017/2017_2Q_kessan.pdf
1615 - http://www.logitem.co.jp./img/ir/library/pdf/article/2017/2017_3Q_kessan.pdf
1616 - http://www.logitem.co.jp./img/ir/library/pdf/article/2017/2017_kessan.pdf
1617 - http://www.logitem.co.jp./img/ir/library/pdf/article/2018/2018_1Q_kessan.pdf
1618 - http://www.logitem.co.jp./img/ir/library/pdf/article/2018/2018_2Q_kessan.pdf
1619 - http://www.logitem.co.jp./img/ir/library/pdf/article/2018/2018_3Q_kessan.pdf
1620 - http://www.logitem.co.jp./img/ir/library/pdf/article/2018/2018_4Q_kessan.pdf
1621 - http://www.logitem.co.jp./img/ir/library/pdf/article/2019/2019_1Q_kessan.pdf
1622 - http://www.logitem.co.jp./img/ir/library/pdf/article/2019/2019_2Q_kessan.pdf
1623 - http://www.logitem.co.jp./img/ir/library/pdf/article/2019/2019_3Q_kessan.pdf
1624 - http://www.logitem.co.jp./img/ir/library/pdf/article/2019/2019_4Q_kessan.pdf
1625 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2008/2008_cyuukan_setsumeikai.pdf
1626 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2008/2008_setsumeikai.pdf
1627 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2009/2009_daini_setsumeikai.pdf
1628 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2009/2009_setsumeikai.pdf
1629 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2010/2010_daini_setsumeikai.pdf
1630 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2010/2010_setsumeikai.pdf
1631 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2011/2011_daini_setsumeikai.pdf
1632 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2011/2011_setsumeikai.pdf
1633 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2012/2012_daini_setsumeikai.pdf
1634 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2012/2012_setsumeikai.pdf
1635 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2013/2013_daini_setsumeikai.pdf
1636 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2013/2013_setsumeikai.pdf
1637 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2014/2014_daini_setsumeikai.pdf
1638 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2014/2014_setsumeikai.pdf
1639 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2015/2015_daini_setsumeikai.pdf
1640 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2015/2015_setsumeikai.pdf
1641 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2016/2016_daini_setsumeikai.pdf
1642 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2016/2016_setsumeikai.pdf
1643 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2017/2017_daini_setsumeikai.pdf
1644 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2017/2017_setsumeikai.pdf
1645 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2018/2018_daini_setsumeikai.pdf
1646 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2018/2018_setsumeikai.pdf
1647 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2019/2019_daini_setsumeikai.pdf
1648 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2019/2019_setsumeikai.pdf
1649 - http://www.logitem.co.jp./img/ir/library/pdf/other/2008/2008_pdf01.pdf
1650 - http://www.logitem.co.jp./img/ir/library/pdf/other/2008/2008_pdf02.pdf
1651 - http://www.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf01.pdf
1652 - http://www.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf02.pdf
1653 - http://www.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf03.pdf
1654 - http://www.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf04.pdf
1655 - http://www.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf01.pdf
1656 - http://www.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf02.pdf
1657 - http://www.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf03.pdf
1658 - http://www.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf04.pdf
1659 - http://www.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf01.pdf
1660 - http://www.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf02.pdf
1661 - http://www.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf03.pdf
1662 - http://www.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf04.pdf
1663 - http://www.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf01.pdf
1664 - http://www.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf02.pdf
1665 - http://www.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf03.pdf
1666 - http://www.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf04.pdf
1667 - http://www.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf01.pdf
1668 - http://www.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf02.pdf
1669 - http://www.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf03.pdf
1670 - http://www.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf04.pdf
1671 - http://www.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf01.pdf
1672 - http://www.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf02.pdf
1673 - http://www.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf03.pdf
1674 - http://www.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf04.pdf
1675 - http://www.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf01.pdf
1676 - http://www.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf02.pdf
1677 - http://www.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf03.pdf
1678 - http://www.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf04.pdf
1679 - http://www.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf01.pdf
1680 - http://www.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf02.pdf
1681 - http://www.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf03.pdf
1682 - http://www.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf04.pdf
1683 - http://www.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf01.pdf
1684 - http://www.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf02.pdf
1685 - http://www.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf03.pdf
1686 - http://www.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf04.pdf
1687 - http://www.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf01.pdf
1688 - http://www.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf02.pdf
1689 - http://www.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf03.pdf
1690 - http://www.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf04.pdf
1691 - http://www.logitem.co.jp./img/ir/library/pdf/other/2019/2019_pdf01.pdf
1692 - http://www.logitem.co.jp./img/ir/library/pdf/other/2019/2019_pdf02.pdf
1693 - http://www.logitem.co.jp./img/ir/library/pdf/other/2019/2019_pdf03.pdf
1694 - http://www.logitem.co.jp./img/ir/library/pdf/report/2008/2008cyuukanjihou.pdf
1695 - http://www.logitem.co.jp./img/ir/library/pdf/report/2008/2008jihou.pdf
1696 - http://www.logitem.co.jp./img/ir/library/pdf/report/2009/2009cyuukanjihou.pdf
1697 - http://www.logitem.co.jp./img/ir/library/pdf/report/2009/2009jihou.pdf
1698 - http://www.logitem.co.jp./img/ir/library/pdf/report/2010/2010cyuukanjihou.pdf
1699 - http://www.logitem.co.jp./img/ir/library/pdf/report/2010/2010jihou.pdf
1700 - http://www.logitem.co.jp./img/ir/library/pdf/report/2011/2011cyuukanjihou.pdf
1701 - http://www.logitem.co.jp./img/ir/library/pdf/report/2011/2011jihou.pdf
1702 - http://www.logitem.co.jp./img/ir/library/pdf/report/2012/2012cyuukanjihou.pdf
1703 - http://www.logitem.co.jp./img/ir/library/pdf/report/2012/2012jihou.pdf
1704 - http://www.logitem.co.jp./img/ir/library/pdf/report/2013/2013cyuukanjihou.pdf
1705 - http://www.logitem.co.jp./img/ir/library/pdf/report/2013/2013jihou.pdf
1706 - http://www.logitem.co.jp./img/ir/library/pdf/report/2014/2014cyuukanjihou.pdf
1707 - http://www.logitem.co.jp./img/ir/library/pdf/report/2014/2014jihou.pdf
1708 - http://www.logitem.co.jp./img/ir/library/pdf/report/2015/2015cyuukanjihou.pdf
1709 - http://www.logitem.co.jp./img/ir/library/pdf/report/2015/2015jihou.pdf
1710 - http://www.logitem.co.jp./img/ir/library/pdf/report/2016/2016cyuukanjihou.pdf
1711 - http://www.logitem.co.jp./img/ir/library/pdf/report/2016/2016jihou.pdf
1712 - http://www.logitem.co.jp./img/ir/library/pdf/report/2017/2017cyuukanjihou.pdf
1713 - http://www.logitem.co.jp./img/ir/library/pdf/report/2017/2017jihou.pdf
1714 - http://www.logitem.co.jp./img/ir/library/pdf/report/2018/2018cyuukanjihou.pdf
1715 - http://www.logitem.co.jp./img/ir/library/pdf/report/2018/2018jihou.pdf
1716 - http://www.logitem.co.jp./img/ir/library/pdf/report/2019/2019cyuukanjihou.pdf
1717 - http://www.logitem.co.jp./img/ir/library/pdf/report/2019/2019jihou.pdf
1718 - http://www.logitem.co.jp./img/ir/message/h3.jpg
1719 - http://www.logitem.co.jp./img/ir/message/pageTop.jpg
1720 - http://www.logitem.co.jp./img/ir/message/pict1.jpg
1721 - http://www.logitem.co.jp./img/ir/movie/2019_setsumeikai.pdf
1722 - http://www.logitem.co.jp./img/ir/movie/btn01.jpg
1723 - http://www.logitem.co.jp./img/ir/movie/btn02.jpg
1724 - http://www.logitem.co.jp./img/ir/movie/h3.jpg
1725 - http://www.logitem.co.jp./img/ir/movie/pict.jpg
1726 - http://www.logitem.co.jp./img/ir/sideBanner01.jpg
1727 - http://www.logitem.co.jp./img/ir/sideBanner02.jpg
1728 - http://www.logitem.co.jp./img/ir/sideDt.jpg
1729 - http://www.logitem.co.jp./img/ir/stockholder/fig01.jpg
1730 - http://www.logitem.co.jp./img/ir/stockholder/fig04.jpg
1731 - http://www.logitem.co.jp./img/ir/stockholder/h3.jpg
1732 - http://www.logitem.co.jp./img/ir/stockholder/h401.jpg
1733 - http://www.logitem.co.jp./img/ir/stockholder/h402.jpg
1734 - http://www.logitem.co.jp./img/ir/stockholder/h403.jpg
1735 - http://www.logitem.co.jp./img/ir/vision/h3.jpg
1736 - http://www.logitem.co.jp./img/ir/vision/h401.jpg
1737 - http://www.logitem.co.jp./img/ir/vision/h402.jpg
1738 - http://www.logitem.co.jp./img/ir/vision/th01-2017.jpg
1739 - http://www.logitem.co.jp./img/ir/vision/th02-2017.jpg
1740 - http://www.logitem.co.jp./img/ir/vision/th03-2017.jpg
1741 - http://www.logitem.co.jp./img/recruit/career/h3.jpg
1742 - http://www.logitem.co.jp./img/recruit/career/h5.jpg
1743 - http://www.logitem.co.jp./img/recruit/education/fig.jpg
1744 - http://www.logitem.co.jp./img/recruit/education/h3.jpg
1745 - http://www.logitem.co.jp./img/recruit/faq/h3.jpg
1746 - http://www.logitem.co.jp./img/recruit/flow/flow.jpg
1747 - http://www.logitem.co.jp./img/recruit/flow/h3.jpg
1748 - http://www.logitem.co.jp./img/recruit/gyokai/fig01.jpg
1749 - http://www.logitem.co.jp./img/recruit/gyokai/h3.jpg
1750 - http://www.logitem.co.jp./img/recruit/gyokai/h401.jpg
1751 - http://www.logitem.co.jp./img/recruit/gyokai/h402.jpg
1752 - http://www.logitem.co.jp./img/recruit/gyokai/th01.jpg
1753 - http://www.logitem.co.jp./img/recruit/gyokai/th02.jpg
1754 - http://www.logitem.co.jp./img/recruit/gyokai/th03.jpg
1755 - http://www.logitem.co.jp./img/recruit/gyokai/th04.jpg
1756 - http://www.logitem.co.jp./img/recruit/gyokai/th05.jpg
1757 - http://www.logitem.co.jp./img/recruit/h2.jpg
1758 - http://www.logitem.co.jp./img/recruit/index/btn01.jpg
1759 - http://www.logitem.co.jp./img/recruit/index/btn02.jpg
1760 - http://www.logitem.co.jp./img/recruit/index/btn03.jpg
1761 - http://www.logitem.co.jp./img/recruit/index/btn04.jpg
1762 - http://www.logitem.co.jp./img/recruit/index/btn05.jpg
1763 - http://www.logitem.co.jp./img/recruit/index/btn06.jpg
1764 - http://www.logitem.co.jp./img/recruit/index/btn07.jpg
1765 - http://www.logitem.co.jp./img/recruit/index/dt01.jpg
1766 - http://www.logitem.co.jp./img/recruit/index/dt02.jpg
1767 - http://www.logitem.co.jp./img/recruit/index/h301.jpg
1768 - http://www.logitem.co.jp./img/recruit/index/h302.jpg
1769 - http://www.logitem.co.jp./img/recruit/index/h303.jpg
1770 - http://www.logitem.co.jp./img/recruit/index/h401.jpg
1771 - http://www.logitem.co.jp./img/recruit/index/h402.jpg
1772 - http://www.logitem.co.jp./img/recruit/index/link01.jpg
1773 - http://www.logitem.co.jp./img/recruit/index/link02.jpg
1774 - http://www.logitem.co.jp./img/recruit/index/link03.jpg
1775 - http://www.logitem.co.jp./img/recruit/index/link04.jpg
1776 - http://www.logitem.co.jp./img/recruit/index/link05.jpg
1777 - http://www.logitem.co.jp./img/recruit/index/link06.jpg
1778 - http://www.logitem.co.jp./img/recruit/index/link07.jpg
1779 - http://www.logitem.co.jp./img/recruit/index/pict01.jpg
1780 - http://www.logitem.co.jp./img/recruit/index/pict02.jpg
1781 - http://www.logitem.co.jp./img/recruit/outline/h3.jpg
1782 - http://www.logitem.co.jp./img/recruit/requested/fig.jpg
1783 - http://www.logitem.co.jp./img/recruit/requested/h3.jpg
1784 - http://www.logitem.co.jp./img/recruit/requested/pict.jpg
1785 - http://www.logitem.co.jp./img/recruit/seniors/h3.jpg
1786 - http://www.logitem.co.jp./img/recruit/seniors/link01.jpg
1787 - http://www.logitem.co.jp./img/recruit/seniors/link03.jpg
1788 - http://www.logitem.co.jp./img/recruit/seniors/link04.jpg
1789 - http://www.logitem.co.jp./img/recruit/sideDt.jpg
1790 - http://www.logitem.co.jp./img/recruit/syokusyu/h3.jpg
1791 - http://www.logitem.co.jp./img/recruit/syokusyu/h4-1.jpg
1792 - http://www.logitem.co.jp./img/recruit/syokusyu/h4-2.jpg
1793 - http://www.logitem.co.jp./img/recruit/syokusyu/h4-3.jpg
1794 - http://www.logitem.co.jp./img/recruit/visit/h3.jpg
1795 - http://www.logitem.co.jp./img/recruit/visit/h401.jpg
1796 - http://www.logitem.co.jp./img/recruit/visit/h402.jpg
1797 - http://www.logitem.co.jp./img/recruit/visit/pict01.jpg
1798 - http://www.logitem.co.jp./img/recruit/visit/pict02.jpg
1799 - http://www.logitem.co.jp./img/recruit/visit/pict03.jpg
1800 - http://www.logitem.co.jp./img/recruit/visit/pict04.jpg
1801 - http://www.logitem.co.jp./img/recruit/visit/pict05.jpg
1802 - http://www.logitem.co.jp./img/recruit/visit/pict06.jpg
1803 - http://www.logitem.co.jp./img/recruit/visit/pict07.jpg
1804 - http://www.logitem.co.jp./img/recruit/visit/pict08.jpg
1805 - http://www.logitem.co.jp./img/recruit/visit/pict09.jpg
1806 - http://www.logitem.co.jp./img/recruit/visit/pict10.jpg
1807 - http://www.logitem.co.jp./img/recruit/visit/pict11.jpg
1808 - http://www.logitem.co.jp./img/recruit/visit/pict12.jpg
1809 - http://www.logitem.co.jp./img/service/3pl/btn.jpg
1810 - http://www.logitem.co.jp./img/service/3pl/fig01.jpg
1811 - http://www.logitem.co.jp./img/service/3pl/fig02.jpg
1812 - http://www.logitem.co.jp./img/service/3pl/h3.jpg
1813 - http://www.logitem.co.jp./img/service/3pl/h401.jpg
1814 - http://www.logitem.co.jp./img/service/3pl/h402.jpg
1815 - http://www.logitem.co.jp./img/service/3pl/h403.jpg
1816 - http://www.logitem.co.jp./img/service/3pl/h404.jpg
1817 - http://www.logitem.co.jp./img/service/3pl/pict01.jpg
1818 - http://www.logitem.co.jp./img/service/3pl/pict02.jpg
1819 - http://www.logitem.co.jp./img/service/3pl/pict03.jpg
1820 - http://www.logitem.co.jp./img/service/3pl/pict04.jpg
1821 - http://www.logitem.co.jp./img/service/3pl/pict05.jpg
1822 - http://www.logitem.co.jp./img/service/3pl/pict06.jpg
1823 - http://www.logitem.co.jp./img/service/3pl/pict07.jpg
1824 - http://www.logitem.co.jp./img/service/3pl/pict08.jpg
1825 - http://www.logitem.co.jp./img/service/center_m/btn01.jpg
1826 - http://www.logitem.co.jp./img/service/center_m/btn02.jpg
1827 - http://www.logitem.co.jp./img/service/center_m/h3.jpg
1828 - http://www.logitem.co.jp./img/service/center_m/h401.jpg
1829 - http://www.logitem.co.jp./img/service/center_m/h402.jpg
1830 - http://www.logitem.co.jp./img/service/center_m/h501.jpg
1831 - http://www.logitem.co.jp./img/service/center_m/h502.jpg
1832 - http://www.logitem.co.jp./img/service/center_m/h503.jpg
1833 - http://www.logitem.co.jp./img/service/center_m/h504.jpg
1834 - http://www.logitem.co.jp./img/service/center_m/pict01.jpg
1835 - http://www.logitem.co.jp./img/service/center_m/pict02.jpg
1836 - http://www.logitem.co.jp./img/service/center_m/pict03.jpg
1837 - http://www.logitem.co.jp./img/service/center_m/pict04.jpg
1838 - http://www.logitem.co.jp./img/service/center_m/pict05.jpg
1839 - http://www.logitem.co.jp./img/service/center_m/pict06.jpg
1840 - http://www.logitem.co.jp./img/service/center_m/pict07.jpg
1841 - http://www.logitem.co.jp./img/service/center_m/pict08.jpg
1842 - http://www.logitem.co.jp./img/service/center_m/pict09.jpg
1843 - http://www.logitem.co.jp./img/service/center_m/pict10.jpg
1844 - http://www.logitem.co.jp./img/service/center_m/pict11.jpg
1845 - http://www.logitem.co.jp./img/service/center_re/btn01.jpg
1846 - http://www.logitem.co.jp./img/service/center_re/h3.jpg
1847 - http://www.logitem.co.jp./img/service/center_re/h4.jpg
1848 - http://www.logitem.co.jp./img/service/center_re/h501.jpg
1849 - http://www.logitem.co.jp./img/service/center_re/h502.jpg
1850 - http://www.logitem.co.jp./img/service/center_re/pict01.jpg
1851 - http://www.logitem.co.jp./img/service/center_re/pict02.jpg
1852 - http://www.logitem.co.jp./img/service/center_re/pict03.jpg
1853 - http://www.logitem.co.jp./img/service/center_re/pict04.jpg
1854 - http://www.logitem.co.jp./img/service/center_re/pict05.jpg
1855 - http://www.logitem.co.jp./img/service/center_re/pict06.jpg
1856 - http://www.logitem.co.jp./img/service/center_re/pict07.jpg
1857 - http://www.logitem.co.jp./img/service/center_re/pict08.jpg
1858 - http://www.logitem.co.jp./img/service/center_re/pict09.jpg
1859 - http://www.logitem.co.jp./img/service/center_re/pict10.jpg
1860 - http://www.logitem.co.jp./img/service/center_re/pict11.jpg
1861 - http://www.logitem.co.jp./img/service/center_re/pict12.jpg
1862 - http://www.logitem.co.jp./img/service/center_re/pict13.jpg
1863 - http://www.logitem.co.jp./img/service/center_re/pict14.jpg
1864 - http://www.logitem.co.jp./img/service/center_re/pict14big.jpg
1865 - http://www.logitem.co.jp./img/service/center_re/pict15.jpg
1866 - http://www.logitem.co.jp./img/service/center_re/pict15big.jpg
1867 - http://www.logitem.co.jp./img/service/center_re/pict16.jpg
1868 - http://www.logitem.co.jp./img/service/global/h3.jpg
1869 - http://www.logitem.co.jp./img/service/global/h4.jpg
1870 - http://www.logitem.co.jp./img/service/global/map1.jpg
1871 - http://www.logitem.co.jp./img/service/global/movie.jpg
1872 - http://www.logitem.co.jp./img/service/global/pict02.jpg
1873 - http://www.logitem.co.jp./img/service/global/pict03.jpg
1874 - http://www.logitem.co.jp./img/service/global/pict04.jpg
1875 - http://www.logitem.co.jp./img/service/h2.jpg
1876 - http://www.logitem.co.jp./img/service/index/dt01.jpg
1877 - http://www.logitem.co.jp./img/service/index/dt02.jpg
1878 - http://www.logitem.co.jp./img/service/index/dt03.jpg
1879 - http://www.logitem.co.jp./img/service/index/dt04.jpg
1880 - http://www.logitem.co.jp./img/service/index/dt05.jpg
1881 - http://www.logitem.co.jp./img/service/index/dt06.jpg
1882 - http://www.logitem.co.jp./img/service/index/dt07.jpg
1883 - http://www.logitem.co.jp./img/service/index/movie.jpg
1884 - http://www.logitem.co.jp./img/service/index/movieDt.jpg
1885 - http://www.logitem.co.jp./img/service/index/pict01.jpg
1886 - http://www.logitem.co.jp./img/service/index/pict02.jpg
1887 - http://www.logitem.co.jp./img/service/index/pict03.jpg
1888 - http://www.logitem.co.jp./img/service/index/pict04.jpg
1889 - http://www.logitem.co.jp./img/service/index/pict05.jpg
1890 - http://www.logitem.co.jp./img/service/index/pict06.jpg
1891 - http://www.logitem.co.jp./img/service/index/pict07.jpg
1892 - http://www.logitem.co.jp./img/service/information/btn.jpg
1893 - http://www.logitem.co.jp./img/service/information/h3.jpg
1894 - http://www.logitem.co.jp./img/service/information/h401.jpg
1895 - http://www.logitem.co.jp./img/service/information/h402.jpg
1896 - http://www.logitem.co.jp./img/service/information/h5.jpg
1897 - http://www.logitem.co.jp./img/service/information/pict01.jpg
1898 - http://www.logitem.co.jp./img/service/information/pict01big.jpg
1899 - http://www.logitem.co.jp./img/service/information/pict02.jpg
1900 - http://www.logitem.co.jp./img/service/information/pict03.jpg
1901 - http://www.logitem.co.jp./img/service/information/pict03big.jpg
1902 - http://www.logitem.co.jp./img/service/information/pict04.jpg
1903 - http://www.logitem.co.jp./img/service/others/btn02.jpg
1904 - http://www.logitem.co.jp./img/service/others/btn03.jpg
1905 - http://www.logitem.co.jp./img/service/others/btn04.jpg
1906 - http://www.logitem.co.jp./img/service/others/btn05.jpg
1907 - http://www.logitem.co.jp./img/service/others/h3.jpg
1908 - http://www.logitem.co.jp./img/service/others/h401.jpg
1909 - http://www.logitem.co.jp./img/service/others/h402.jpg
1910 - http://www.logitem.co.jp./img/service/others/h403.jpg
1911 - http://www.logitem.co.jp./img/service/others/h404.jpg
1912 - http://www.logitem.co.jp./img/service/others/h405.jpg
1913 - http://www.logitem.co.jp./img/service/others/pict01.jpg
1914 - http://www.logitem.co.jp./img/service/others/pict02.jpg
1915 - http://www.logitem.co.jp./img/service/others/pict03.jpg
1916 - http://www.logitem.co.jp./img/service/others/pict04.jpg
1917 - http://www.logitem.co.jp./img/service/others/pict05.jpg
1918 - http://www.logitem.co.jp./img/service/others/pict06.jpg
1919 - http://www.logitem.co.jp./img/service/others/pict07.jpg
1920 - http://www.logitem.co.jp./img/service/sideDt.jpg
1921 - http://www.logitem.co.jp./img/service/transportation/btn01.jpg
1922 - http://www.logitem.co.jp./img/service/transportation/btn02.jpg
1923 - http://www.logitem.co.jp./img/service/transportation/btn03.jpg
1924 - http://www.logitem.co.jp./img/service/transportation/btn04.jpg
1925 - http://www.logitem.co.jp./img/service/transportation/btn05.jpg
1926 - http://www.logitem.co.jp./img/service/transportation/btn06.jpg
1927 - http://www.logitem.co.jp./img/service/transportation/h3.jpg
1928 - http://www.logitem.co.jp./img/service/transportation/h401.jpg
1929 - http://www.logitem.co.jp./img/service/transportation/h402.jpg
1930 - http://www.logitem.co.jp./img/service/transportation/h501.jpg
1931 - http://www.logitem.co.jp./img/service/transportation/h502.jpg
1932 - http://www.logitem.co.jp./img/service/transportation/h503.jpg
1933 - http://www.logitem.co.jp./img/service/transportation/h504.jpg
1934 - http://www.logitem.co.jp./img/service/transportation/h505.jpg
1935 - http://www.logitem.co.jp./img/service/transportation/h506.jpg
1936 - http://www.logitem.co.jp./img/service/transportation/pict01.jpg
1937 - http://www.logitem.co.jp./img/service/transportation/pict02.jpg
1938 - http://www.logitem.co.jp./img/service/transportation/pict03.jpg
1939 - http://www.logitem.co.jp./img/service/transportation/pict03big.jpg
1940 - http://www.logitem.co.jp./img/service/transportation/pict04.jpg
1941 - http://www.logitem.co.jp./img/service/transportation/pict05.jpg
1942 - http://www.logitem.co.jp./img/service/transportation/pict06.jpg
1943 - http://www.logitem.co.jp./img/service/transportation/pict07.jpg
1944 - http://www.logitem.co.jp./img/service/transportation/pict07big.jpg
1945 - http://www.logitem.co.jp./img/service/transportation/pict08.jpg
1946 - http://www.logitem.co.jp./img/service/transportation/pict09.jpg
1947 - http://www.logitem.co.jp./img/service/transportation/pict10.jpg
1948 - http://www.logitem.co.jp./img/service/transportation/pict11.jpg
1949 - http://www.logitem.co.jp./img/service/transportation/pict12.jpg
1950 - http://www.logitem.co.jp./img/service/transportation/pict13.jpg
1951 - http://www.logitem.co.jp./js/jquery.flexslider.js
1952 - http://www.logitem.co.jp./js/jquery.js
1953 - http://www.logitem.co.jp./js/jquery.lightbox-0.5.js
1954 - http://www.logitem.co.jp./js/thickbox.js
1955 - http://www.logitem.co.jp./js/util.js
1956 - http://www.logitem.co.jp./news/pdf/0116.pdf
1957 - http://www.logitem.co.jp./news/pdf/20121015.pdf
1958 - http://www.logitem.co.jp./news/pdf/20121212.pdf
1959 - http://www.logitem.co.jp./news/pdf/20121220.pdf
1960 - http://www.logitem.co.jp./news/pdf/20130130.pdf
1961 - http://www.logitem.co.jp./news/pdf/20130214.pdf
1962 - http://www.logitem.co.jp./news/pdf/20130515.pdf
1963 - http://www.logitem.co.jp./news/pdf/20130605.pdf
1964 - http://www.logitem.co.jp./news/pdf/20130626.pdf
1965 - http://www.logitem.co.jp./news/pdf/20130913.pdf
1966 - http://www.logitem.co.jp./news/pdf/20131029.pdf
1967 - http://www.logitem.co.jp./news/pdf/20131114.pdf
1968 - http://www.logitem.co.jp./news/pdf/20131119.pdf
1969 - http://www.logitem.co.jp./news/pdf/20140130.pdf
1970 - http://www.logitem.co.jp./news/pdf/20140204.pdf
1971 - http://www.logitem.co.jp./news/pdf/20140314.pdf
1972 - http://www.logitem.co.jp./news/pdf/20140325.pdf
1973 - http://www.logitem.co.jp./news/pdf/20140428.pdf
1974 - http://www.logitem.co.jp./news/pdf/20140515-1.pdf
1975 - http://www.logitem.co.jp./news/pdf/20140515-2.pdf
1976 - http://www.logitem.co.jp./news/pdf/20140523.pdf
1977 - http://www.logitem.co.jp./news/pdf/20140529.pdf
1978 - http://www.logitem.co.jp./news/pdf/20140617.pdf
1979 - http://www.logitem.co.jp./news/pdf/20140627.pdf
1980 - http://www.logitem.co.jp./news/pdf/20140916-1.pdf
1981 - http://www.logitem.co.jp./news/pdf/20140916-2.pdf
1982 - http://www.logitem.co.jp./news/pdf/20140916-3.pdf
1983 - http://www.logitem.co.jp./news/pdf/20140925.pdf
1984 - http://www.logitem.co.jp./news/pdf/20141030.pdf
1985 - http://www.logitem.co.jp./news/pdf/20141113-2.pdf
1986 - http://www.logitem.co.jp./news/pdf/20141113.pdf
1987 - http://www.logitem.co.jp./news/pdf/20141125.pdf
1988 - http://www.logitem.co.jp./news/pdf/20150130.pdf
1989 - http://www.logitem.co.jp./news/pdf/20150313.pdf
1990 - http://www.logitem.co.jp./news/pdf/20150428-2.pdf
1991 - http://www.logitem.co.jp./news/pdf/20150428.pdf
1992 - http://www.logitem.co.jp./news/pdf/20150515.pdf
1993 - http://www.logitem.co.jp./news/pdf/20150528.pdf
1994 - http://www.logitem.co.jp./news/pdf/20150603.pdf
1995 - http://www.logitem.co.jp./news/pdf/20150626.pdf
1996 - http://www.logitem.co.jp./news/pdf/20150930.pdf
1997 - http://www.logitem.co.jp./news/pdf/20151030-1.pdf
1998 - http://www.logitem.co.jp./news/pdf/20151030-2.pdf
1999 - http://www.logitem.co.jp./news/pdf/20151116.pdf
2000 - http://www.logitem.co.jp./news/pdf/20151124.pdf
2001 - http://www.logitem.co.jp./news/pdf/20160315.pdf
2002 - http://www.logitem.co.jp./news/pdf/20160324.pdf
2003 - http://www.logitem.co.jp./news/pdf/20160428.pdf
2004 - http://www.logitem.co.jp./news/pdf/20160516.pdf
2005 - http://www.logitem.co.jp./news/pdf/20160614.pdf
2006 - http://www.logitem.co.jp./news/pdf/20160629.pdf
2007 - http://www.logitem.co.jp./news/pdf/20160721.pdf
2008 - http://www.logitem.co.jp./news/pdf/20161028-1.pdf
2009 - http://www.logitem.co.jp./news/pdf/20161129.pdf
2010 - http://www.logitem.co.jp./news/pdf/20170119.pdf
2011 - http://www.logitem.co.jp./news/pdf/20170130.pdf
2012 - http://www.logitem.co.jp./news/pdf/20170314.pdf
2013 - http://www.logitem.co.jp./news/pdf/20170428.pdf
2014 - http://www.logitem.co.jp./news/pdf/20170515.pdf
2015 - http://www.logitem.co.jp./news/pdf/20170529.pdf
2016 - http://www.logitem.co.jp./news/pdf/20170629.pdf
2017 - http://www.logitem.co.jp./news/pdf/20171031-01.pdf
2018 - http://www.logitem.co.jp./news/pdf/20171031-02.pdf
2019 - http://www.logitem.co.jp./news/pdf/20171031-03.pdf
2020 - http://www.logitem.co.jp./news/pdf/20171114-01.pdf
2021 - http://www.logitem.co.jp./news/pdf/20171122.pdf
2022 - http://www.logitem.co.jp./news/pdf/20171219-01.pdf
2023 - http://www.logitem.co.jp./news/pdf/20180131.pdf
2024 - http://www.logitem.co.jp./news/pdf/20180308.pdf
2025 - http://www.logitem.co.jp./news/pdf/20180418.pdf
2026 - http://www.logitem.co.jp./news/pdf/20180426.pdf
2027 - http://www.logitem.co.jp./news/pdf/20180427.pdf
2028 - http://www.logitem.co.jp./news/pdf/20180514-01.pdf
2029 - http://www.logitem.co.jp./news/pdf/20180514-02.pdf
2030 - http://www.logitem.co.jp./news/pdf/20180514-03.pdf
2031 - http://www.logitem.co.jp./news/pdf/20180514-04.pdf
2032 - http://www.logitem.co.jp./news/pdf/20180628.pdf
2033 - http://www.logitem.co.jp./news/pdf/20181031-01.pdf
2034 - http://www.logitem.co.jp./news/pdf/20181126.pdf
2035 - http://www.logitem.co.jp./news/pdf/20181130.pdf
2036 - http://www.logitem.co.jp./news/pdf/20190219.pdf
2037 - http://www.logitem.co.jp./news/pdf/20190315.pdf
2038 - http://www.logitem.co.jp./news/pdf/20190426.pdf
2039 - http://www.logitem.co.jp./news/pdf/20190515-01.pdf
2040 - http://www.logitem.co.jp./news/pdf/20190515-02.pdf
2041 - http://www.logitem.co.jp./news/pdf/20190527.pdf
2042 - http://www.logitem.co.jp./news/pdf/20190627.pdf
2043 Total links to files: 704
2044
2045+ Externals links found:
2046 - http://freevideocoding.com/flvplayer.swf?file=http://www.logitem.co.jp/movie/global.flv&autoStart=true
2047 - http://freevideocoding.com/flvplayer.swf?file=http://www.logitem.co.jp/movie/logitem_group.flv&autoStart=true
2048 - http://freevideocoding.com/flvplayer.swf?file=http://www.logitem.co.jp/movie/service.flv&autoStart=true
2049 - http://goo.gl/maps/C2AL4
2050 - http://goo.gl/maps/CNrhJ
2051 - http://goo.gl/maps/CZvxv
2052 - http://goo.gl/maps/SwuOM
2053 - http://goo.gl/maps/fbD0J
2054 - http://goo.gl/maps/qqKLB
2055 - http://goo.gl/maps/wil1M
2056 - http://info.edinet-fsa.go.jp/
2057 - http://la-jinzai.com/index.html
2058 - http://stocks.finance.yahoo.co.jp/stocks/detail/?code=9060
2059 - http://www.b-soudan.com/
2060 - http://www.b-soudan.com/diagnosis/
2061 - http://www.b-soudan.com/property/tennant.html
2062 - http://www.b-soudan.com/service/system.html
2063 - http://www.b-soudan.com/service/total.html
2064 - http://www.b-soudan.com/service/total_mailorder.html
2065 - http://www.b-soudan.com/service/transportation_afternoon.html
2066 - http://www.b-soudan.com/service/transportation_chilled.html
2067 - http://www.b-soudan.com/service/transportation_edison.html
2068 - http://www.b-soudan.com/service/transportation_train.html
2069 - http://www.f-logitem.jp/
2070 - http://www.hanshin-logitem.jp/
2071 - http://www.irmovie.jp/ir/?logitem201311
2072 - http://www.irmovie.jp/ir/?logitem201405
2073 - http://www.irmovie.jp/ir/?logitem201411
2074 - http://www.irmovie.jp/ir/?logitem201505
2075 - http://www.irmovie.jp/ir/?logitem201511
2076 - http://www.irmovie.jp/ir/?logitem201611
2077 - http://www.irmovie.jp/ir/?logitem201705
2078 - http://www.irmovie.jp/nir/?conts=logitem_201711_s8f9
2079 - http://www.irmovie.jp/nir/?conts=logitem_201805_My8n
2080 - http://www.irmovie.jp/nir2/?conts=logitem_201905_eCwh
2081 - http://www.logismate.co.jp/
2082 - http://www.logitem-engineering.jp/
2083 - http://www.logitem-inter.co.jp/
2084 - http://www.logitem-keikabin.jp/
2085 - http://www.logitem.co.jp
2086 - http://www.logitem.co.jp/
2087 - http://www.logitem.co.jp/en/
2088 - http://www.logitem.co.jp/include/shanghaic.htm
2089 - http://www.logitemvietnam.com/
2090 - http://www.logitemvietnam.com/glkp
2091 - http://www.logitemvietnam.com/laos
2092 - http://www.logitemvietnam.com/no2/lvc
2093 - http://www.logitemvietnam.com/no2/lvh
2094 - http://www.logitemvietnam.com/taiwan
2095 - http://www.logitemvietnam.com/thai
2096 - http://www.logitemvietnam.com/vietnam
2097 - http://www.logitemvietnam.com/wholesale
2098 - http://www.mizuho-tb.co.jp
2099 - http://www.nikkoir.co.jp/seminar/mirai
2100 - http://www.officeplanning.jp/
2101 - http://www.smbcnikko.co.jp/seminar/nikko_online/IR/movie/9060_140824.html
2102 - https://job.rikunabi.com/2019/company/r159200058/entry/B001/
2103 - https://job.rikunabi.com/2020/company/r159200058/
2104 - https://job.rikunabi.com/2020/static/common/contents/logos/rikunabi/image/rn_logo_b.gif
2105 - https://maps.google.co.jp/maps?hl=ja&rlz=1T4NDKB_jaJP521JP521&q=%E6%B8%AF%E5%8C%BA%E9%AB%98%E8%BC%AA2-16-37&um=1&ie=UTF-8&hq=&hnear=0x60188a53349efe21:0x880200ff11144c33,%E6%9D%B1%E4%BA%AC%E9%83%BD%E6%B8%AF%E5%8C%BA%E9%AB%98%E8%BC%AA%EF%BC%92%E4%B8%81%E7%9B%AE%EF%BC%91%EF%BC%96%E2%88%92%EF%BC%93%EF%BC%97&gl=jp&sa=X&ei=jP3nU4P-D4vj8AWfoIDYDA&ved=0CBQQ8gEoADAA
2106 - https://www.google.co.jp/maps/place/%E3%80%92143-0001+%E6%9D%B1%E4%BA%AC%E9%83%BD%E5%A4%A7%E7%94%B0%E5%8C%BA%E6%9D%B1%E6%B5%B7%EF%BC%91%E4%B8%81%E7%9B%AE%EF%BC%93%E2%88%92%EF%BC%96/@35.5864838,139.7516195,17z/data=!3m1!4b1!4m5!3m4!1s0x60186195bccca097:0x6b8678e7f91ef798!8m2!3d35.5864795!4d139.7538082
2107 - https://www.logitem.co.jp/en/info/contact.html
2108 - https://www.logitem.co.jp/info/contact.html
2109 Total external links: 63
2110
2111+ Email addresses found:
2112 Total email address found: 0
2113
2114+ Directories found:
2115 - http://www.logitem.co.jp./branch/ (No open folder)
2116 - http://www.logitem.co.jp./company/ (No open folder)
2117 - http://www.logitem.co.jp./company/pdf/ (404 Not Found)
2118 - http://www.logitem.co.jp./css/ (404 Not Found)
2119 - http://www.logitem.co.jp./en/ (No open folder)
2120 - http://www.logitem.co.jp./en/css/ (404 Not Found)
2121 - http://www.logitem.co.jp./en/img/ (404 Not Found)
2122 - http://www.logitem.co.jp./en/img/common/ (404 Not Found)
2123 - http://www.logitem.co.jp./en/img/index/ (404 Not Found)
2124 - http://www.logitem.co.jp./en/js/ (404 Not Found)
2125 - http://www.logitem.co.jp./group/ (No open folder)
2126 - http://www.logitem.co.jp./img/ (No open folder)
2127 - http://www.logitem.co.jp./img/branch/ (404 Not Found)
2128 - http://www.logitem.co.jp./img/common/ (404 Not Found)
2129 - http://www.logitem.co.jp./img/company/ (404 Not Found)
2130 - http://www.logitem.co.jp./img/company/board/ (404 Not Found)
2131 - http://www.logitem.co.jp./img/company/ceo/ (404 Not Found)
2132 - http://www.logitem.co.jp./img/company/company/ (404 Not Found)
2133 - http://www.logitem.co.jp./img/company/environment/ (404 Not Found)
2134 - http://www.logitem.co.jp./img/company/idea/ (404 Not Found)
2135 - http://www.logitem.co.jp./img/company/index/ (404 Not Found)
2136 - http://www.logitem.co.jp./img/company/organization/ (404 Not Found)
2137 - http://www.logitem.co.jp./img/company/quality/ (404 Not Found)
2138 - http://www.logitem.co.jp./img/company/safety/ (404 Not Found)
2139 - http://www.logitem.co.jp./img/group/ (404 Not Found)
2140 - http://www.logitem.co.jp./img/index/ (404 Not Found)
2141 - http://www.logitem.co.jp./img/info/ (404 Not Found)
2142 - http://www.logitem.co.jp./img/info/sitemap/ (404 Not Found)
2143 - http://www.logitem.co.jp./img/ir/ (404 Not Found)
2144 - http://www.logitem.co.jp./img/ir/about/ (404 Not Found)
2145 - http://www.logitem.co.jp./img/ir/calendar/ (404 Not Found)
2146 - http://www.logitem.co.jp./img/ir/corporate/ (404 Not Found)
2147 - http://www.logitem.co.jp./img/ir/faq/ (404 Not Found)
2148 - http://www.logitem.co.jp./img/ir/highlight/ (404 Not Found)
2149 - http://www.logitem.co.jp./img/ir/index/ (404 Not Found)
2150 - http://www.logitem.co.jp./img/ir/info/ (404 Not Found)
2151 - http://www.logitem.co.jp./img/ir/library/ (404 Not Found)
2152 - http://www.logitem.co.jp./img/ir/library/pdf/ (404 Not Found)
2153 - http://www.logitem.co.jp./img/ir/library/pdf/article/ (404 Not Found)
2154 - http://www.logitem.co.jp./img/ir/library/pdf/article/2008/ (404 Not Found)
2155 - http://www.logitem.co.jp./img/ir/library/pdf/article/2009/ (404 Not Found)
2156 - http://www.logitem.co.jp./img/ir/library/pdf/article/2010/ (404 Not Found)
2157 - http://www.logitem.co.jp./img/ir/library/pdf/article/2011/ (404 Not Found)
2158 - http://www.logitem.co.jp./img/ir/library/pdf/article/2012/ (404 Not Found)
2159 - http://www.logitem.co.jp./img/ir/library/pdf/article/2013/ (404 Not Found)
2160 - http://www.logitem.co.jp./img/ir/library/pdf/article/2014/ (404 Not Found)
2161 - http://www.logitem.co.jp./img/ir/library/pdf/article/2015/ (404 Not Found)
2162 - http://www.logitem.co.jp./img/ir/library/pdf/article/2016/ (404 Not Found)
2163 - http://www.logitem.co.jp./img/ir/library/pdf/article/2017/ (404 Not Found)
2164 - http://www.logitem.co.jp./img/ir/library/pdf/article/2018/ (404 Not Found)
2165 - http://www.logitem.co.jp./img/ir/library/pdf/article/2019/ (404 Not Found)
2166 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/ (404 Not Found)
2167 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2008/ (404 Not Found)
2168 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2009/ (404 Not Found)
2169 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2010/ (404 Not Found)
2170 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2011/ (404 Not Found)
2171 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2012/ (404 Not Found)
2172 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2013/ (404 Not Found)
2173 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2014/ (404 Not Found)
2174 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2015/ (404 Not Found)
2175 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2016/ (404 Not Found)
2176 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2017/ (404 Not Found)
2177 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2018/ (404 Not Found)
2178 - http://www.logitem.co.jp./img/ir/library/pdf/briefing/2019/ (404 Not Found)
2179 - http://www.logitem.co.jp./img/ir/library/pdf/other/ (404 Not Found)
2180 - http://www.logitem.co.jp./img/ir/library/pdf/other/2008/ (404 Not Found)
2181 - http://www.logitem.co.jp./img/ir/library/pdf/other/2009/ (404 Not Found)
2182 - http://www.logitem.co.jp./img/ir/library/pdf/other/2010/ (404 Not Found)
2183 - http://www.logitem.co.jp./img/ir/library/pdf/other/2011/ (404 Not Found)
2184 - http://www.logitem.co.jp./img/ir/library/pdf/other/2012/ (404 Not Found)
2185 - http://www.logitem.co.jp./img/ir/library/pdf/other/2013/ (404 Not Found)
2186 - http://www.logitem.co.jp./img/ir/library/pdf/other/2014/ (404 Not Found)
2187 - http://www.logitem.co.jp./img/ir/library/pdf/other/2015/ (404 Not Found)
2188 - http://www.logitem.co.jp./img/ir/library/pdf/other/2016/ (404 Not Found)
2189 - http://www.logitem.co.jp./img/ir/library/pdf/other/2017/ (404 Not Found)
2190 - http://www.logitem.co.jp./img/ir/library/pdf/other/2018/ (404 Not Found)
2191 - http://www.logitem.co.jp./img/ir/library/pdf/other/2019/ (404 Not Found)
2192 - http://www.logitem.co.jp./img/ir/library/pdf/report/ (404 Not Found)
2193 - http://www.logitem.co.jp./img/ir/library/pdf/report/2008/ (404 Not Found)
2194 - http://www.logitem.co.jp./img/ir/library/pdf/report/2009/ (404 Not Found)
2195 - http://www.logitem.co.jp./img/ir/library/pdf/report/2010/ (404 Not Found)
2196 - http://www.logitem.co.jp./img/ir/library/pdf/report/2011/ (404 Not Found)
2197 - http://www.logitem.co.jp./img/ir/library/pdf/report/2012/ (404 Not Found)
2198 - http://www.logitem.co.jp./img/ir/library/pdf/report/2013/ (404 Not Found)
2199 - http://www.logitem.co.jp./img/ir/library/pdf/report/2014/ (404 Not Found)
2200 - http://www.logitem.co.jp./img/ir/library/pdf/report/2015/ (404 Not Found)
2201 - http://www.logitem.co.jp./img/ir/library/pdf/report/2016/ (404 Not Found)
2202 - http://www.logitem.co.jp./img/ir/library/pdf/report/2017/ (404 Not Found)
2203 - http://www.logitem.co.jp./img/ir/library/pdf/report/2018/ (404 Not Found)
2204 - http://www.logitem.co.jp./img/ir/library/pdf/report/2019/ (404 Not Found)
2205 - http://www.logitem.co.jp./img/ir/message/ (404 Not Found)
2206 - http://www.logitem.co.jp./img/ir/movie/ (404 Not Found)
2207 - http://www.logitem.co.jp./img/ir/stockholder/ (404 Not Found)
2208 - http://www.logitem.co.jp./img/ir/vision/ (404 Not Found)
2209 - http://www.logitem.co.jp./img/recruit/ (404 Not Found)
2210 - http://www.logitem.co.jp./img/recruit/career/ (404 Not Found)
2211 - http://www.logitem.co.jp./img/recruit/education/ (404 Not Found)
2212 - http://www.logitem.co.jp./img/recruit/faq/ (404 Not Found)
2213 - http://www.logitem.co.jp./img/recruit/flow/ (404 Not Found)
2214 - http://www.logitem.co.jp./img/recruit/gyokai/ (404 Not Found)
2215 - http://www.logitem.co.jp./img/recruit/index/ (404 Not Found)
2216 - http://www.logitem.co.jp./img/recruit/outline/ (404 Not Found)
2217 - http://www.logitem.co.jp./img/recruit/requested/ (404 Not Found)
2218 - http://www.logitem.co.jp./img/recruit/seniors/ (404 Not Found)
2219 - http://www.logitem.co.jp./img/recruit/syokusyu/ (404 Not Found)
2220 - http://www.logitem.co.jp./img/recruit/visit/ (404 Not Found)
2221 - http://www.logitem.co.jp./img/service/ (404 Not Found)
2222 - http://www.logitem.co.jp./img/service/3pl/ (404 Not Found)
2223 - http://www.logitem.co.jp./img/service/center_m/ (404 Not Found)
2224 - http://www.logitem.co.jp./img/service/center_re/ (404 Not Found)
2225 - http://www.logitem.co.jp./img/service/global/ (404 Not Found)
2226 - http://www.logitem.co.jp./img/service/index/ (404 Not Found)
2227 - http://www.logitem.co.jp./img/service/information/ (404 Not Found)
2228 - http://www.logitem.co.jp./img/service/others/ (404 Not Found)
2229 - http://www.logitem.co.jp./img/service/transportation/ (404 Not Found)
2230 - http://www.logitem.co.jp./info/ (No open folder)
2231 - http://www.logitem.co.jp./ir/ (No open folder)
2232 - http://www.logitem.co.jp./js/ (404 Not Found)
2233 - http://www.logitem.co.jp./news/ (404 Not Found)
2234 - http://www.logitem.co.jp./news/pdf/ (404 Not Found)
2235 - http://www.logitem.co.jp./recruit/ (No open folder)
2236 - http://www.logitem.co.jp./service/ (No open folder)
2237 Total directories: 122
2238
2239+ Directory indexing found:
2240 Total directories with indexing: 0
2241
2242----------------------------------------------------------------------
2243
2244
2245 + URL to crawl: http://ns.logitem.co.jp.
2246 + Date: 2019-08-01
2247
2248 + Crawling URL: http://ns.logitem.co.jp.:
2249 + Links:
2250 + Crawling http://ns.logitem.co.jp.
2251 + Crawling http://ns.logitem.co.jp./index.html
2252 + Crawling http://ns.logitem.co.jp./company/index.html
2253 + Crawling http://ns.logitem.co.jp./service/index.html
2254 + Crawling http://ns.logitem.co.jp./branch/index.html
2255 + Crawling http://ns.logitem.co.jp./group/index.html
2256 + Crawling http://ns.logitem.co.jp./ir/index.html
2257 + Crawling http://ns.logitem.co.jp./recruit/index.html
2258 + Crawling http://ns.logitem.co.jp./info/sitemap.html
2259 + Crawling http://ns.logitem.co.jp./info/index.html
2260 + Crawling http://ns.logitem.co.jp./en/
2261 + Crawling http://ns.logitem.co.jp./movie01.html?keepThis=true&TB_iframe=true&height=500&width=710
2262 + Crawling http://ns.logitem.co.jp./movie02.html?keepThis=true&TB_iframe=true&height=500&width=710
2263 + Crawling http://ns.logitem.co.jp./movie03.html?keepThis=true&TB_iframe=true&height=500&width=710
2264 + Crawling http://ns.logitem.co.jp./service/center_re.html
2265 + Crawling http://ns.logitem.co.jp./ir/topmessage.html
2266 + Crawling http://ns.logitem.co.jp./ir/highlight.html
2267 + Crawling http://ns.logitem.co.jp./ir/vision.html
2268 + Crawling http://ns.logitem.co.jp./company/message.html
2269 + Crawling http://ns.logitem.co.jp./company/philosophy.html
2270 + Crawling http://ns.logitem.co.jp./company/outline.html
2271 + Crawling http://ns.logitem.co.jp./company/board.html
2272 + Crawling http://ns.logitem.co.jp./company/organization.html
2273 + Crawling http://ns.logitem.co.jp./company/quality.html
2274 + Crawling http://ns.logitem.co.jp./company/safety.html
2275 + Crawling http://ns.logitem.co.jp./company/environment.html
2276 + Crawling http://ns.logitem.co.jp./service/3pl.html
2277 + Crawling http://ns.logitem.co.jp./service/busi_transportation.html
2278 + Crawling http://ns.logitem.co.jp./service/center_m.html
2279 + Crawling http://ns.logitem.co.jp./service/busi_information.html
2280 + Crawling http://ns.logitem.co.jp./service/others.html
2281 + Crawling http://ns.logitem.co.jp./service/global.html
2282 + Crawling http://ns.logitem.co.jp./recruit/seniors.html
2283 + Crawling http://ns.logitem.co.jp./recruit/syokusyu.html
2284 + Crawling http://ns.logitem.co.jp./recruit/gyokai.html
2285 + Crawling http://ns.logitem.co.jp./recruit/virtual_visit.html
2286 + Crawling http://ns.logitem.co.jp./recruit/requested.html
2287 + Crawling http://ns.logitem.co.jp./recruit/education.html
2288 + Crawling http://ns.logitem.co.jp./recruit/faq.html
2289 + Crawling http://ns.logitem.co.jp./recruit/outline.html
2290 + Crawling http://ns.logitem.co.jp./recruit/flow.html
2291 + Crawling http://ns.logitem.co.jp./recruit/career.html
2292 + Crawling http://ns.logitem.co.jp./ir/governance.html
2293 + Crawling http://ns.logitem.co.jp./ir/presentation.html
2294 + Crawling http://ns.logitem.co.jp./ir/library.html
2295 + Crawling http://ns.logitem.co.jp./ir/calendar.html
2296 + Crawling http://ns.logitem.co.jp./ir/haitoukin.html
2297 + Crawling http://ns.logitem.co.jp./ir/yuutai.html
2298 + Crawling http://ns.logitem.co.jp./ir/shareholder_memo.html
2299 + Crawling http://ns.logitem.co.jp./ir/faq.html
2300 + Searching for directories...
2301 - Found: http://ns.logitem.co.jp./company/
2302 - Found: http://ns.logitem.co.jp./service/
2303 - Found: http://ns.logitem.co.jp./branch/
2304 - Found: http://ns.logitem.co.jp./group/
2305 - Found: http://ns.logitem.co.jp./ir/
2306 - Found: http://ns.logitem.co.jp./recruit/
2307 - Found: http://ns.logitem.co.jp./info/
2308 - Found: http://ns.logitem.co.jp./en/
2309 - Found: http://ns.logitem.co.jp./css/
2310 - Found: http://ns.logitem.co.jp./js/
2311 - Found: http://ns.logitem.co.jp./img/
2312 - Found: http://ns.logitem.co.jp./img/common/
2313 - Found: http://ns.logitem.co.jp./img/index/
2314 - Found: http://ns.logitem.co.jp./news/
2315 - Found: http://ns.logitem.co.jp./news/pdf/
2316 - Found: http://ns.logitem.co.jp./img/ir/
2317 - Found: http://ns.logitem.co.jp./img/ir/corporate/
2318 - Found: http://ns.logitem.co.jp./img/ir/library/
2319 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/
2320 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/
2321 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2019/
2322 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/
2323 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/
2324 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/
2325 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/
2326 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/
2327 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2018/
2328 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/
2329 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/
2330 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2017/
2331 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/
2332 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/
2333 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2016/
2334 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/
2335 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2015/
2336 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/
2337 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/
2338 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2014/
2339 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/
2340 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/
2341 - Found: http://ns.logitem.co.jp./img/company/
2342 - Found: http://ns.logitem.co.jp./img/company/index/
2343 - Found: http://ns.logitem.co.jp./img/service/
2344 - Found: http://ns.logitem.co.jp./img/service/index/
2345 - Found: http://ns.logitem.co.jp./img/branch/
2346 - Found: http://ns.logitem.co.jp./img/group/
2347 - Found: http://ns.logitem.co.jp./img/ir/message/
2348 - Found: http://ns.logitem.co.jp./img/ir/index/
2349 - Found: http://ns.logitem.co.jp./img/recruit/
2350 - Found: http://ns.logitem.co.jp./img/recruit/index/
2351 - Found: http://ns.logitem.co.jp./img/info/
2352 - Found: http://ns.logitem.co.jp./img/info/sitemap/
2353 - Found: http://ns.logitem.co.jp./en/css/
2354 - Found: http://ns.logitem.co.jp./en/js/
2355 - Found: http://ns.logitem.co.jp./en/img/
2356 - Found: http://ns.logitem.co.jp./en/img/common/
2357 - Found: http://ns.logitem.co.jp./en/img/index/
2358 - Found: http://ns.logitem.co.jp./img/service/center_re/
2359 - Found: http://ns.logitem.co.jp./img/ir/highlight/
2360 - Found: http://ns.logitem.co.jp./img/ir/vision/
2361 - Found: http://ns.logitem.co.jp./img/company/ceo/
2362 - Found: http://ns.logitem.co.jp./img/company/idea/
2363 - Found: http://ns.logitem.co.jp./img/company/company/
2364 - Found: http://ns.logitem.co.jp./img/company/board/
2365 - Found: http://ns.logitem.co.jp./img/company/organization/
2366 - Found: http://ns.logitem.co.jp./img/company/quality/
2367 - Found: http://ns.logitem.co.jp./company/pdf/
2368 - Found: http://ns.logitem.co.jp./img/company/safety/
2369 - Found: http://ns.logitem.co.jp./img/company/environment/
2370 - Found: http://ns.logitem.co.jp./img/service/3pl/
2371 - Found: http://ns.logitem.co.jp./img/service/transportation/
2372 - Found: http://ns.logitem.co.jp./img/service/center_m/
2373 - Found: http://ns.logitem.co.jp./img/service/information/
2374 - Found: http://ns.logitem.co.jp./img/service/others/
2375 - Found: http://ns.logitem.co.jp./img/service/global/
2376 - Found: http://ns.logitem.co.jp./img/recruit/seniors/
2377 - Found: http://ns.logitem.co.jp./img/recruit/syokusyu/
2378 - Found: http://ns.logitem.co.jp./img/recruit/gyokai/
2379 - Found: http://ns.logitem.co.jp./img/recruit/visit/
2380 - Found: http://ns.logitem.co.jp./img/recruit/requested/
2381 - Found: http://ns.logitem.co.jp./img/recruit/education/
2382 - Found: http://ns.logitem.co.jp./img/recruit/faq/
2383 - Found: http://ns.logitem.co.jp./img/recruit/outline/
2384 - Found: http://ns.logitem.co.jp./img/recruit/flow/
2385 - Found: http://ns.logitem.co.jp./img/recruit/career/
2386 - Found: http://ns.logitem.co.jp./img/ir/movie/
2387 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/
2388 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/
2389 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/
2390 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/
2391 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/
2392 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/
2393 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2019/
2394 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2018/
2395 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2017/
2396 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2016/
2397 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2015/
2398 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2014/
2399 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2013/
2400 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2012/
2401 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2011/
2402 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2010/
2403 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2009/
2404 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2008/
2405 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2019/
2406 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2013/
2407 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2012/
2408 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2011/
2409 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2010/
2410 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2009/
2411 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/report/2008/
2412 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/
2413 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/
2414 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/
2415 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/
2416 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/
2417 - Found: http://ns.logitem.co.jp./img/ir/library/pdf/other/2008/
2418 - Found: http://ns.logitem.co.jp./img/ir/calendar/
2419 - Found: http://ns.logitem.co.jp./img/ir/info/
2420 - Found: http://ns.logitem.co.jp./img/ir/stockholder/
2421 - Found: http://ns.logitem.co.jp./img/ir/about/
2422 - Found: http://ns.logitem.co.jp./img/ir/faq/
2423 + Searching open folders...
2424 - http://ns.logitem.co.jp./company/ (No Open Folder)
2425 - http://ns.logitem.co.jp./service/ (No Open Folder)
2426 - http://ns.logitem.co.jp./branch/ (No Open Folder)
2427 - http://ns.logitem.co.jp./group/ (No Open Folder)
2428 - http://ns.logitem.co.jp./ir/ (No Open Folder)
2429 - http://ns.logitem.co.jp./recruit/ (No Open Folder)
2430 - http://ns.logitem.co.jp./info/ (No Open Folder)
2431 - http://ns.logitem.co.jp./en/ (No Open Folder)
2432 - http://ns.logitem.co.jp./css/ (404 Not Found)
2433 - http://ns.logitem.co.jp./js/ (404 Not Found)
2434 - http://ns.logitem.co.jp./img/ (No Open Folder)
2435 - http://ns.logitem.co.jp./img/common/ (404 Not Found)
2436 - http://ns.logitem.co.jp./img/index/ (404 Not Found)
2437 - http://ns.logitem.co.jp./news/ (404 Not Found)
2438 - http://ns.logitem.co.jp./news/pdf/ (404 Not Found)
2439 - http://ns.logitem.co.jp./img/ir/ (404 Not Found)
2440 - http://ns.logitem.co.jp./img/ir/corporate/ (404 Not Found)
2441 - http://ns.logitem.co.jp./img/ir/library/ (404 Not Found)
2442 - http://ns.logitem.co.jp./img/ir/library/pdf/ (404 Not Found)
2443 - http://ns.logitem.co.jp./img/ir/library/pdf/other/ (404 Not Found)
2444 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2019/ (404 Not Found)
2445 - http://ns.logitem.co.jp./img/ir/library/pdf/article/ (404 Not Found)
2446 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/ (404 Not Found)
2447 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/ (404 Not Found)
2448 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/ (404 Not Found)
2449 - http://ns.logitem.co.jp./img/ir/library/pdf/report/ (404 Not Found)
2450 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2018/ (404 Not Found)
2451 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/ (404 Not Found)
2452 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/ (404 Not Found)
2453 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2017/ (404 Not Found)
2454 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/ (404 Not Found)
2455 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/ (404 Not Found)
2456 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2016/ (404 Not Found)
2457 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/ (404 Not Found)
2458 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2015/ (404 Not Found)
2459 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/ (404 Not Found)
2460 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/ (404 Not Found)
2461 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2014/ (404 Not Found)
2462 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/ (404 Not Found)
2463 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/ (404 Not Found)
2464 - http://ns.logitem.co.jp./img/company/ (404 Not Found)
2465 - http://ns.logitem.co.jp./img/company/index/ (404 Not Found)
2466 - http://ns.logitem.co.jp./img/service/ (404 Not Found)
2467 - http://ns.logitem.co.jp./img/service/index/ (404 Not Found)
2468 - http://ns.logitem.co.jp./img/branch/ (404 Not Found)
2469 - http://ns.logitem.co.jp./img/group/ (404 Not Found)
2470 - http://ns.logitem.co.jp./img/ir/message/ (404 Not Found)
2471 - http://ns.logitem.co.jp./img/ir/index/ (404 Not Found)
2472 - http://ns.logitem.co.jp./img/recruit/ (404 Not Found)
2473 - http://ns.logitem.co.jp./img/recruit/index/ (404 Not Found)
2474 - http://ns.logitem.co.jp./img/info/ (404 Not Found)
2475 - http://ns.logitem.co.jp./img/info/sitemap/ (404 Not Found)
2476 - http://ns.logitem.co.jp./en/css/ (404 Not Found)
2477 - http://ns.logitem.co.jp./en/js/ (404 Not Found)
2478 - http://ns.logitem.co.jp./en/img/ (404 Not Found)
2479 - http://ns.logitem.co.jp./en/img/common/ (404 Not Found)
2480 - http://ns.logitem.co.jp./en/img/index/ (404 Not Found)
2481 - http://ns.logitem.co.jp./img/service/center_re/ (404 Not Found)
2482 - http://ns.logitem.co.jp./img/ir/highlight/ (404 Not Found)
2483 - http://ns.logitem.co.jp./img/ir/vision/ (404 Not Found)
2484 - http://ns.logitem.co.jp./img/company/ceo/ (404 Not Found)
2485 - http://ns.logitem.co.jp./img/company/idea/ (404 Not Found)
2486 - http://ns.logitem.co.jp./img/company/company/ (404 Not Found)
2487 - http://ns.logitem.co.jp./img/company/board/ (404 Not Found)
2488 - http://ns.logitem.co.jp./img/company/organization/ (404 Not Found)
2489 - http://ns.logitem.co.jp./img/company/quality/ (404 Not Found)
2490 - http://ns.logitem.co.jp./company/pdf/ (404 Not Found)
2491 - http://ns.logitem.co.jp./img/company/safety/ (404 Not Found)
2492 - http://ns.logitem.co.jp./img/company/environment/ (404 Not Found)
2493 - http://ns.logitem.co.jp./img/service/3pl/ (404 Not Found)
2494 - http://ns.logitem.co.jp./img/service/transportation/ (404 Not Found)
2495 - http://ns.logitem.co.jp./img/service/center_m/ (404 Not Found)
2496 - http://ns.logitem.co.jp./img/service/information/ (404 Not Found)
2497 - http://ns.logitem.co.jp./img/service/others/ (404 Not Found)
2498 - http://ns.logitem.co.jp./img/service/global/ (404 Not Found)
2499 - http://ns.logitem.co.jp./img/recruit/seniors/ (404 Not Found)
2500 - http://ns.logitem.co.jp./img/recruit/syokusyu/ (404 Not Found)
2501 - http://ns.logitem.co.jp./img/recruit/gyokai/ (404 Not Found)
2502 - http://ns.logitem.co.jp./img/recruit/visit/ (404 Not Found)
2503 - http://ns.logitem.co.jp./img/recruit/requested/ (404 Not Found)
2504 - http://ns.logitem.co.jp./img/recruit/education/ (404 Not Found)
2505 - http://ns.logitem.co.jp./img/recruit/faq/ (404 Not Found)
2506 - http://ns.logitem.co.jp./img/recruit/outline/ (404 Not Found)
2507 - http://ns.logitem.co.jp./img/recruit/flow/ (404 Not Found)
2508 - http://ns.logitem.co.jp./img/recruit/career/ (404 Not Found)
2509 - http://ns.logitem.co.jp./img/ir/movie/ (404 Not Found)
2510 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/ (404 Not Found)
2511 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/ (404 Not Found)
2512 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/ (404 Not Found)
2513 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/ (404 Not Found)
2514 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/ (404 Not Found)
2515 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/ (404 Not Found)
2516 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2019/ (404 Not Found)
2517 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2018/ (404 Not Found)
2518 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2017/ (404 Not Found)
2519 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2016/ (404 Not Found)
2520 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2015/ (404 Not Found)
2521 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2014/ (404 Not Found)
2522 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2013/ (404 Not Found)
2523 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2012/ (404 Not Found)
2524 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2011/ (404 Not Found)
2525 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2010/ (404 Not Found)
2526 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2009/ (404 Not Found)
2527 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2008/ (404 Not Found)
2528 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2019/ (404 Not Found)
2529 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2013/ (404 Not Found)
2530 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2012/ (404 Not Found)
2531 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2011/ (404 Not Found)
2532 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2010/ (404 Not Found)
2533 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2009/ (404 Not Found)
2534 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2008/ (404 Not Found)
2535 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/ (404 Not Found)
2536 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/ (404 Not Found)
2537 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/ (404 Not Found)
2538 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/ (404 Not Found)
2539 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/ (404 Not Found)
2540 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2008/ (404 Not Found)
2541 - http://ns.logitem.co.jp./img/ir/calendar/ (404 Not Found)
2542 - http://ns.logitem.co.jp./img/ir/info/ (404 Not Found)
2543 - http://ns.logitem.co.jp./img/ir/stockholder/ (404 Not Found)
2544 - http://ns.logitem.co.jp./img/ir/about/ (404 Not Found)
2545 - http://ns.logitem.co.jp./img/ir/faq/ (404 Not Found)
2546 + Crawl finished successfully.
2547----------------------------------------------------------------------
2548Summary of http://http://ns.logitem.co.jp.
2549----------------------------------------------------------------------
2550+ Links crawled:
2551 - http://ns.logitem.co.jp.
2552 - http://ns.logitem.co.jp./branch/index.html
2553 - http://ns.logitem.co.jp./company/board.html
2554 - http://ns.logitem.co.jp./company/environment.html
2555 - http://ns.logitem.co.jp./company/index.html
2556 - http://ns.logitem.co.jp./company/message.html
2557 - http://ns.logitem.co.jp./company/organization.html
2558 - http://ns.logitem.co.jp./company/outline.html
2559 - http://ns.logitem.co.jp./company/philosophy.html
2560 - http://ns.logitem.co.jp./company/quality.html
2561 - http://ns.logitem.co.jp./company/safety.html
2562 - http://ns.logitem.co.jp./en/
2563 - http://ns.logitem.co.jp./group/index.html
2564 - http://ns.logitem.co.jp./index.html
2565 - http://ns.logitem.co.jp./info/index.html
2566 - http://ns.logitem.co.jp./info/sitemap.html
2567 - http://ns.logitem.co.jp./ir/calendar.html
2568 - http://ns.logitem.co.jp./ir/faq.html
2569 - http://ns.logitem.co.jp./ir/governance.html
2570 - http://ns.logitem.co.jp./ir/haitoukin.html
2571 - http://ns.logitem.co.jp./ir/highlight.html
2572 - http://ns.logitem.co.jp./ir/index.html
2573 - http://ns.logitem.co.jp./ir/library.html
2574 - http://ns.logitem.co.jp./ir/presentation.html
2575 - http://ns.logitem.co.jp./ir/shareholder_memo.html
2576 - http://ns.logitem.co.jp./ir/topmessage.html
2577 - http://ns.logitem.co.jp./ir/vision.html
2578 - http://ns.logitem.co.jp./ir/yuutai.html
2579 - http://ns.logitem.co.jp./movie01.html?keepThis=true&TB_iframe=true&height=500&width=710
2580 - http://ns.logitem.co.jp./movie02.html?keepThis=true&TB_iframe=true&height=500&width=710
2581 - http://ns.logitem.co.jp./movie03.html?keepThis=true&TB_iframe=true&height=500&width=710
2582 - http://ns.logitem.co.jp./recruit/career.html
2583 - http://ns.logitem.co.jp./recruit/education.html
2584 - http://ns.logitem.co.jp./recruit/faq.html
2585 - http://ns.logitem.co.jp./recruit/flow.html
2586 - http://ns.logitem.co.jp./recruit/gyokai.html
2587 - http://ns.logitem.co.jp./recruit/index.html
2588 - http://ns.logitem.co.jp./recruit/outline.html
2589 - http://ns.logitem.co.jp./recruit/requested.html
2590 - http://ns.logitem.co.jp./recruit/seniors.html
2591 - http://ns.logitem.co.jp./recruit/syokusyu.html
2592 - http://ns.logitem.co.jp./recruit/virtual_visit.html
2593 - http://ns.logitem.co.jp./service/3pl.html
2594 - http://ns.logitem.co.jp./service/busi_information.html
2595 - http://ns.logitem.co.jp./service/busi_transportation.html
2596 - http://ns.logitem.co.jp./service/center_m.html
2597 - http://ns.logitem.co.jp./service/center_re.html
2598 - http://ns.logitem.co.jp./service/global.html
2599 - http://ns.logitem.co.jp./service/index.html
2600 - http://ns.logitem.co.jp./service/others.html
2601 Total links crawled: 50
2602
2603+ Links to files found:
2604 - http://ns.logitem.co.jp./company/pdf/pdf01.pdf
2605 - http://ns.logitem.co.jp./company/pdf/pdf02.pdf
2606 - http://ns.logitem.co.jp./company/pdf/pdf03.pdf
2607 - http://ns.logitem.co.jp./company/pdf/pdf04.pdf
2608 - http://ns.logitem.co.jp./company/pdf/pdf05.pdf
2609 - http://ns.logitem.co.jp./company/pdf/pdf06.pdf
2610 - http://ns.logitem.co.jp./company/pdf/pdf07.pdf
2611 - http://ns.logitem.co.jp./company/pdf/pdf08.pdf
2612 - http://ns.logitem.co.jp./company/pdf/pdf09.pdf
2613 - http://ns.logitem.co.jp./company/pdf/pdf10.pdf
2614 - http://ns.logitem.co.jp./company/pdf/pdf11.pdf
2615 - http://ns.logitem.co.jp./company/pdf/pdf12.pdf
2616 - http://ns.logitem.co.jp./company/pdf/pdf13.pdf
2617 - http://ns.logitem.co.jp./css/common.css
2618 - http://ns.logitem.co.jp./css/flexslider.css
2619 - http://ns.logitem.co.jp./css/jquery.lightbox-0.5.css
2620 - http://ns.logitem.co.jp./css/main.css
2621 - http://ns.logitem.co.jp./css/thickbox.css
2622 - http://ns.logitem.co.jp./en/css/common.css
2623 - http://ns.logitem.co.jp./en/css/flexslider.css
2624 - http://ns.logitem.co.jp./en/css/jquery.lightbox-0.5.css
2625 - http://ns.logitem.co.jp./en/css/main.css
2626 - http://ns.logitem.co.jp./en/css/thickbox.css
2627 - http://ns.logitem.co.jp./en/img/common/footLogo.jpg
2628 - http://ns.logitem.co.jp./en/img/common/gNav01.jpg
2629 - http://ns.logitem.co.jp./en/img/common/gNav02.jpg
2630 - http://ns.logitem.co.jp./en/img/common/gNav03.jpg
2631 - http://ns.logitem.co.jp./en/img/common/gNav04.jpg
2632 - http://ns.logitem.co.jp./en/img/common/gNav05.jpg
2633 - http://ns.logitem.co.jp./en/img/common/headLink01.jpg
2634 - http://ns.logitem.co.jp./en/img/common/headLink02.jpg
2635 - http://ns.logitem.co.jp./en/img/common/headLink03.jpg
2636 - http://ns.logitem.co.jp./en/img/common/headLink04.jpg
2637 - http://ns.logitem.co.jp./en/img/common/headLogo.jpg
2638 - http://ns.logitem.co.jp./en/img/common/lang.jpg
2639 - http://ns.logitem.co.jp./en/img/common/pageTop.jpg
2640 - http://ns.logitem.co.jp./en/img/common/sideBanner06.jpg
2641 - http://ns.logitem.co.jp./en/img/index/h301.jpg
2642 - http://ns.logitem.co.jp./en/img/index/h302.jpg
2643 - http://ns.logitem.co.jp./en/img/index/h303.jpg
2644 - http://ns.logitem.co.jp./en/img/index/h304.jpg
2645 - http://ns.logitem.co.jp./en/img/index/h305.jpg
2646 - http://ns.logitem.co.jp./en/img/index/main01.jpg
2647 - http://ns.logitem.co.jp./en/img/index/main02.jpg
2648 - http://ns.logitem.co.jp./en/img/index/main03.jpg
2649 - http://ns.logitem.co.jp./en/img/index/pict01.jpg
2650 - http://ns.logitem.co.jp./en/img/index/pict02.jpg
2651 - http://ns.logitem.co.jp./en/img/index/pict03.jpg
2652 - http://ns.logitem.co.jp./en/js/jquery.flexslider.js
2653 - http://ns.logitem.co.jp./en/js/jquery.js
2654 - http://ns.logitem.co.jp./en/js/jquery.lightbox-0.5.js
2655 - http://ns.logitem.co.jp./en/js/thickbox.js
2656 - http://ns.logitem.co.jp./en/js/util.js
2657 - http://ns.logitem.co.jp./img/branch/h2.jpg
2658 - http://ns.logitem.co.jp./img/branch/h3.jpg
2659 - http://ns.logitem.co.jp./img/branch/sideDt.jpg
2660 - http://ns.logitem.co.jp./img/common/bnr0911.jpg
2661 - http://ns.logitem.co.jp./img/common/footLogo.jpg
2662 - http://ns.logitem.co.jp./img/common/gNav01.jpg
2663 - http://ns.logitem.co.jp./img/common/gNav02.jpg
2664 - http://ns.logitem.co.jp./img/common/gNav03.jpg
2665 - http://ns.logitem.co.jp./img/common/gNav04.jpg
2666 - http://ns.logitem.co.jp./img/common/gNav05.jpg
2667 - http://ns.logitem.co.jp./img/common/gNav06.jpg
2668 - http://ns.logitem.co.jp./img/common/headLink01.jpg
2669 - http://ns.logitem.co.jp./img/common/headLink02.jpg
2670 - http://ns.logitem.co.jp./img/common/headLink03.jpg
2671 - http://ns.logitem.co.jp./img/common/headLink04.jpg
2672 - http://ns.logitem.co.jp./img/common/headLogo.jpg
2673 - http://ns.logitem.co.jp./img/common/lang.jpg
2674 - http://ns.logitem.co.jp./img/common/pageTop.jpg
2675 - http://ns.logitem.co.jp./img/common/sideBanner01.jpg
2676 - http://ns.logitem.co.jp./img/common/sideBanner05.jpg
2677 - http://ns.logitem.co.jp./img/common/sideBanner06.jpg
2678 - http://ns.logitem.co.jp./img/company/board/h3.jpg
2679 - http://ns.logitem.co.jp./img/company/board/h401.jpg
2680 - http://ns.logitem.co.jp./img/company/board/h402.jpg
2681 - http://ns.logitem.co.jp./img/company/board/h403.jpg
2682 - http://ns.logitem.co.jp./img/company/ceo/h3.jpg
2683 - http://ns.logitem.co.jp./img/company/ceo/h4.jpg
2684 - http://ns.logitem.co.jp./img/company/ceo/pict2.jpg
2685 - http://ns.logitem.co.jp./img/company/company/h3.jpg
2686 - http://ns.logitem.co.jp./img/company/company/h401.jpg
2687 - http://ns.logitem.co.jp./img/company/company/h402.jpg
2688 - http://ns.logitem.co.jp./img/company/company/h501.jpg
2689 - http://ns.logitem.co.jp./img/company/company/h502.jpg
2690 - http://ns.logitem.co.jp./img/company/company/h503.jpg
2691 - http://ns.logitem.co.jp./img/company/company/h504.jpg
2692 - http://ns.logitem.co.jp./img/company/company/h505.jpg
2693 - http://ns.logitem.co.jp./img/company/company/h506.jpg
2694 - http://ns.logitem.co.jp./img/company/company/h507.jpg
2695 - http://ns.logitem.co.jp./img/company/company/h508.jpg
2696 - http://ns.logitem.co.jp./img/company/environment/btn01.jpg
2697 - http://ns.logitem.co.jp./img/company/environment/fig01.jpg
2698 - http://ns.logitem.co.jp./img/company/environment/fig02.jpg
2699 - http://ns.logitem.co.jp./img/company/environment/fig03.jpg
2700 - http://ns.logitem.co.jp./img/company/environment/h3.jpg
2701 - http://ns.logitem.co.jp./img/company/environment/h401.jpg
2702 - http://ns.logitem.co.jp./img/company/environment/h402.jpg
2703 - http://ns.logitem.co.jp./img/company/environment/h501.jpg
2704 - http://ns.logitem.co.jp./img/company/environment/h502.jpg
2705 - http://ns.logitem.co.jp./img/company/environment/h5031.jpg
2706 - http://ns.logitem.co.jp./img/company/environment/h504.jpg
2707 - http://ns.logitem.co.jp./img/company/environment/h505.jpg
2708 - http://ns.logitem.co.jp./img/company/environment/h506.jpg
2709 - http://ns.logitem.co.jp./img/company/environment/pict01.jpg
2710 - http://ns.logitem.co.jp./img/company/environment/pict02.jpg
2711 - http://ns.logitem.co.jp./img/company/environment/pict03.jpg
2712 - http://ns.logitem.co.jp./img/company/environment/pict04.jpg
2713 - http://ns.logitem.co.jp./img/company/h2.jpg
2714 - http://ns.logitem.co.jp./img/company/idea/h3.jpg
2715 - http://ns.logitem.co.jp./img/company/idea/lead01.jpg
2716 - http://ns.logitem.co.jp./img/company/index/link01.jpg
2717 - http://ns.logitem.co.jp./img/company/index/link02.jpg
2718 - http://ns.logitem.co.jp./img/company/index/link03.jpg
2719 - http://ns.logitem.co.jp./img/company/index/link04.jpg
2720 - http://ns.logitem.co.jp./img/company/index/link05.jpg
2721 - http://ns.logitem.co.jp./img/company/index/link06.jpg
2722 - http://ns.logitem.co.jp./img/company/index/link07.jpg
2723 - http://ns.logitem.co.jp./img/company/index/link08.jpg
2724 - http://ns.logitem.co.jp./img/company/organization/fig2019.4.png
2725 - http://ns.logitem.co.jp./img/company/organization/h3.jpg
2726 - http://ns.logitem.co.jp./img/company/quality/fig03.jpg
2727 - http://ns.logitem.co.jp./img/company/quality/fig04.jpg
2728 - http://ns.logitem.co.jp./img/company/quality/fig05.jpg
2729 - http://ns.logitem.co.jp./img/company/quality/h3.jpg
2730 - http://ns.logitem.co.jp./img/company/quality/h401.jpg
2731 - http://ns.logitem.co.jp./img/company/quality/h402.jpg
2732 - http://ns.logitem.co.jp./img/company/quality/h501.jpg
2733 - http://ns.logitem.co.jp./img/company/quality/h502.jpg
2734 - http://ns.logitem.co.jp./img/company/quality/h503.jpg
2735 - http://ns.logitem.co.jp./img/company/quality/h504.jpg
2736 - http://ns.logitem.co.jp./img/company/quality/pdf.jpg
2737 - http://ns.logitem.co.jp./img/company/quality/pict01.jpg
2738 - http://ns.logitem.co.jp./img/company/quality/pict02.jpg
2739 - http://ns.logitem.co.jp./img/company/quality/pict03.jpg
2740 - http://ns.logitem.co.jp./img/company/safety/fig01.jpg
2741 - http://ns.logitem.co.jp./img/company/safety/fig03.jpg
2742 - http://ns.logitem.co.jp./img/company/safety/fig04.jpg
2743 - http://ns.logitem.co.jp./img/company/safety/h3.jpg
2744 - http://ns.logitem.co.jp./img/company/safety/h401.jpg
2745 - http://ns.logitem.co.jp./img/company/safety/h402.jpg
2746 - http://ns.logitem.co.jp./img/company/safety/h501.jpg
2747 - http://ns.logitem.co.jp./img/company/safety/h502.jpg
2748 - http://ns.logitem.co.jp./img/company/safety/h503.jpg
2749 - http://ns.logitem.co.jp./img/company/safety/pict01.jpg
2750 - http://ns.logitem.co.jp./img/company/safety/pict02.jpg
2751 - http://ns.logitem.co.jp./img/company/sideDt.jpg
2752 - http://ns.logitem.co.jp./img/group/h2.jpg
2753 - http://ns.logitem.co.jp./img/group/h3.jpg
2754 - http://ns.logitem.co.jp./img/group/sideDt.jpg
2755 - http://ns.logitem.co.jp./img/index/h301.jpg
2756 - http://ns.logitem.co.jp./img/index/h302.jpg
2757 - http://ns.logitem.co.jp./img/index/main01.jpg
2758 - http://ns.logitem.co.jp./img/index/main02.jpg
2759 - http://ns.logitem.co.jp./img/index/main03.jpg
2760 - http://ns.logitem.co.jp./img/index/movieDd01.jpg
2761 - http://ns.logitem.co.jp./img/index/movieDd02.jpg
2762 - http://ns.logitem.co.jp./img/index/movieDd03.jpg
2763 - http://ns.logitem.co.jp./img/index/movieDt.jpg
2764 - http://ns.logitem.co.jp./img/info/btn.jpg
2765 - http://ns.logitem.co.jp./img/info/h2.jpg
2766 - http://ns.logitem.co.jp./img/info/h301.jpg
2767 - http://ns.logitem.co.jp./img/info/h302.jpg
2768 - http://ns.logitem.co.jp./img/info/sitemap/h2.jpg
2769 - http://ns.logitem.co.jp./img/info/sitemap/h3.jpg
2770 - http://ns.logitem.co.jp./img/ir/about/h3.jpg
2771 - http://ns.logitem.co.jp./img/ir/about/h401.jpg
2772 - http://ns.logitem.co.jp./img/ir/about/h402.jpg
2773 - http://ns.logitem.co.jp./img/ir/about/h501.jpg
2774 - http://ns.logitem.co.jp./img/ir/about/h502.jpg
2775 - http://ns.logitem.co.jp./img/ir/about/h503.jpg
2776 - http://ns.logitem.co.jp./img/ir/about/h504.jpg
2777 - http://ns.logitem.co.jp./img/ir/about/h505.jpg
2778 - http://ns.logitem.co.jp./img/ir/about/image027.gif
2779 - http://ns.logitem.co.jp./img/ir/about/image028.gif
2780 - http://ns.logitem.co.jp./img/ir/calendar/h3.jpg
2781 - http://ns.logitem.co.jp./img/ir/calendar/h401.jpg
2782 - http://ns.logitem.co.jp./img/ir/calendar/h408.jpg
2783 - http://ns.logitem.co.jp./img/ir/corporate/fig2018.6.28.jpg
2784 - http://ns.logitem.co.jp./img/ir/corporate/h3.jpg
2785 - http://ns.logitem.co.jp./img/ir/corporate/pdf04.pdf
2786 - http://ns.logitem.co.jp./img/ir/corporate/pdf05.pdf
2787 - http://ns.logitem.co.jp./img/ir/corporate/pdf07.pdf
2788 - http://ns.logitem.co.jp./img/ir/corporate/pdf09.pdf
2789 - http://ns.logitem.co.jp./img/ir/corporate/pdf10.pdf
2790 - http://ns.logitem.co.jp./img/ir/corporate/pdf11.pdf
2791 - http://ns.logitem.co.jp./img/ir/corporate/pdf13.pdf
2792 - http://ns.logitem.co.jp./img/ir/corporate/pdf14.pdf
2793 - http://ns.logitem.co.jp./img/ir/corporate/pdf15.pdf
2794 - http://ns.logitem.co.jp./img/ir/faq/h3.jpg
2795 - http://ns.logitem.co.jp./img/ir/h2.jpg
2796 - http://ns.logitem.co.jp./img/ir/highlight/h3.jpg
2797 - http://ns.logitem.co.jp./img/ir/highlight/h401.jpg
2798 - http://ns.logitem.co.jp./img/ir/highlight/h402.jpg
2799 - http://ns.logitem.co.jp./img/ir/highlight/h403.jpg
2800 - http://ns.logitem.co.jp./img/ir/highlight/h404.jpg
2801 - http://ns.logitem.co.jp./img/ir/highlight/h405.gif
2802 - http://ns.logitem.co.jp./img/ir/highlight/h501.jpg
2803 - http://ns.logitem.co.jp./img/ir/highlight/h502.jpg
2804 - http://ns.logitem.co.jp./img/ir/highlight/h503.gif
2805 - http://ns.logitem.co.jp./img/ir/highlight/image001-2019.gif
2806 - http://ns.logitem.co.jp./img/ir/highlight/image002-2019.gif
2807 - http://ns.logitem.co.jp./img/ir/highlight/image003-2019.gif
2808 - http://ns.logitem.co.jp./img/ir/highlight/image004-2019.gif
2809 - http://ns.logitem.co.jp./img/ir/highlight/image005-2019.gif
2810 - http://ns.logitem.co.jp./img/ir/highlight/image006-2019.gif
2811 - http://ns.logitem.co.jp./img/ir/highlight/image007-2019.gif
2812 - http://ns.logitem.co.jp./img/ir/highlight/image008-2019.gif
2813 - http://ns.logitem.co.jp./img/ir/highlight/image009-2019.gif
2814 - http://ns.logitem.co.jp./img/ir/highlight/image010-2019.gif
2815 - http://ns.logitem.co.jp./img/ir/highlight/image011-2019.gif
2816 - http://ns.logitem.co.jp./img/ir/highlight/image012-2019.gif
2817 - http://ns.logitem.co.jp./img/ir/highlight/image013-2019.gif
2818 - http://ns.logitem.co.jp./img/ir/highlight/image014-2019.gif
2819 - http://ns.logitem.co.jp./img/ir/highlight/image015-2019.gif
2820 - http://ns.logitem.co.jp./img/ir/highlight/image016-2019.gif
2821 - http://ns.logitem.co.jp./img/ir/highlight/image017-2019.gif
2822 - http://ns.logitem.co.jp./img/ir/highlight/image018-2019.gif
2823 - http://ns.logitem.co.jp./img/ir/highlight/image019-2019.gif
2824 - http://ns.logitem.co.jp./img/ir/highlight/image020-2019.gif
2825 - http://ns.logitem.co.jp./img/ir/highlight/image021-2019.gif
2826 - http://ns.logitem.co.jp./img/ir/highlight/image022-2019.gif
2827 - http://ns.logitem.co.jp./img/ir/highlight/image023-2019.gif
2828 - http://ns.logitem.co.jp./img/ir/highlight/image024-2019.gif
2829 - http://ns.logitem.co.jp./img/ir/index/banner01.jpg
2830 - http://ns.logitem.co.jp./img/ir/index/banner02.jpg
2831 - http://ns.logitem.co.jp./img/ir/index/banner03.jpg
2832 - http://ns.logitem.co.jp./img/ir/index/dt01.jpg
2833 - http://ns.logitem.co.jp./img/ir/index/dt02.jpg
2834 - http://ns.logitem.co.jp./img/ir/index/dt03.jpg
2835 - http://ns.logitem.co.jp./img/ir/index/h3.jpg
2836 - http://ns.logitem.co.jp./img/ir/index/pdf.jpg
2837 - http://ns.logitem.co.jp./img/ir/info/h3.jpg
2838 - http://ns.logitem.co.jp./img/ir/info/h401.jpg
2839 - http://ns.logitem.co.jp./img/ir/info/h402.jpg
2840 - http://ns.logitem.co.jp./img/ir/library/btn.jpg
2841 - http://ns.logitem.co.jp./img/ir/library/h3.jpg
2842 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/2008_1Q_kessan.pdf
2843 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/2008_2Q_kessan.pdf
2844 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/2008_3Q_kessan.pdf
2845 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/2008kessan.pdf
2846 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/2009_1Q_kessan.pdf
2847 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/2009_2Q_kessan.pdf
2848 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/2009_3Q_kessan.pdf
2849 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/2009kessan.pdf
2850 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/2010_1Q_kessan.pdf
2851 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/2010_2Q_kessan.pdf
2852 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/2010_3Q_kessan.pdf
2853 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/2010kessan.pdf
2854 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/2011_1Q_kessan.pdf
2855 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/2011_2Q_kessan.pdf
2856 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/2011_3Q_kessan.pdf
2857 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/2011kessan.pdf
2858 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/2012_1Q_kessan.pdf
2859 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/2012_2Q_kessan.pdf
2860 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/2012_3Q_kessan.pdf
2861 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/2012kessan.pdf
2862 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/2013_1Q_kessan.pdf
2863 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/2013_2Q_kessan.pdf
2864 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/2013_3Q_kessan.pdf
2865 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/2013kessan.pdf
2866 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/2014_1Q_kessan.pdf
2867 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/2014_2Q_kessan.pdf
2868 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/2014_3Q_kessan.pdf
2869 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/2014kessan.pdf
2870 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/2015_1Q_kessan.pdf
2871 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/2015_2Q_kessan.pdf
2872 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/2015_3Q_kessan.pdf
2873 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/2015kessan.pdf
2874 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/2016_1Q_kessan.pdf
2875 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/2016_2Q_kessan.pdf
2876 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/2016_3Q_kessan.pdf
2877 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/2016_kessan.pdf
2878 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/2017_1Q_kessan.pdf
2879 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/2017_2Q_kessan.pdf
2880 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/2017_3Q_kessan.pdf
2881 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/2017_kessan.pdf
2882 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/2018_1Q_kessan.pdf
2883 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/2018_2Q_kessan.pdf
2884 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/2018_3Q_kessan.pdf
2885 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/2018_4Q_kessan.pdf
2886 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/2019_1Q_kessan.pdf
2887 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/2019_2Q_kessan.pdf
2888 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/2019_3Q_kessan.pdf
2889 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/2019_4Q_kessan.pdf
2890 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2008/2008_cyuukan_setsumeikai.pdf
2891 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2008/2008_setsumeikai.pdf
2892 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2009/2009_daini_setsumeikai.pdf
2893 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2009/2009_setsumeikai.pdf
2894 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2010/2010_daini_setsumeikai.pdf
2895 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2010/2010_setsumeikai.pdf
2896 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2011/2011_daini_setsumeikai.pdf
2897 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2011/2011_setsumeikai.pdf
2898 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2012/2012_daini_setsumeikai.pdf
2899 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2012/2012_setsumeikai.pdf
2900 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2013/2013_daini_setsumeikai.pdf
2901 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2013/2013_setsumeikai.pdf
2902 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2014/2014_daini_setsumeikai.pdf
2903 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2014/2014_setsumeikai.pdf
2904 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2015/2015_daini_setsumeikai.pdf
2905 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2015/2015_setsumeikai.pdf
2906 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2016/2016_daini_setsumeikai.pdf
2907 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2016/2016_setsumeikai.pdf
2908 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2017/2017_daini_setsumeikai.pdf
2909 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2017/2017_setsumeikai.pdf
2910 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2018/2018_daini_setsumeikai.pdf
2911 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2018/2018_setsumeikai.pdf
2912 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2019/2019_daini_setsumeikai.pdf
2913 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2019/2019_setsumeikai.pdf
2914 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2008/2008_pdf01.pdf
2915 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2008/2008_pdf02.pdf
2916 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf01.pdf
2917 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf02.pdf
2918 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf03.pdf
2919 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/2009_pdf04.pdf
2920 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf01.pdf
2921 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf02.pdf
2922 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf03.pdf
2923 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/2010_pdf04.pdf
2924 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf01.pdf
2925 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf02.pdf
2926 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf03.pdf
2927 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/2011_pdf04.pdf
2928 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf01.pdf
2929 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf02.pdf
2930 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf03.pdf
2931 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/2012_pdf04.pdf
2932 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf01.pdf
2933 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf02.pdf
2934 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf03.pdf
2935 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/2013_pdf04.pdf
2936 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf01.pdf
2937 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf02.pdf
2938 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf03.pdf
2939 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/2014_pdf04.pdf
2940 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf01.pdf
2941 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf02.pdf
2942 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf03.pdf
2943 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/2015_pdf04.pdf
2944 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf01.pdf
2945 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf02.pdf
2946 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf03.pdf
2947 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/2016_pdf04.pdf
2948 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf01.pdf
2949 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf02.pdf
2950 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf03.pdf
2951 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/2017_pdf04.pdf
2952 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf01.pdf
2953 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf02.pdf
2954 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf03.pdf
2955 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/2018_pdf04.pdf
2956 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2019/2019_pdf01.pdf
2957 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2019/2019_pdf02.pdf
2958 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2019/2019_pdf03.pdf
2959 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2008/2008cyuukanjihou.pdf
2960 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2008/2008jihou.pdf
2961 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2009/2009cyuukanjihou.pdf
2962 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2009/2009jihou.pdf
2963 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2010/2010cyuukanjihou.pdf
2964 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2010/2010jihou.pdf
2965 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2011/2011cyuukanjihou.pdf
2966 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2011/2011jihou.pdf
2967 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2012/2012cyuukanjihou.pdf
2968 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2012/2012jihou.pdf
2969 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2013/2013cyuukanjihou.pdf
2970 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2013/2013jihou.pdf
2971 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2014/2014cyuukanjihou.pdf
2972 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2014/2014jihou.pdf
2973 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2015/2015cyuukanjihou.pdf
2974 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2015/2015jihou.pdf
2975 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2016/2016cyuukanjihou.pdf
2976 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2016/2016jihou.pdf
2977 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2017/2017cyuukanjihou.pdf
2978 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2017/2017jihou.pdf
2979 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2018/2018cyuukanjihou.pdf
2980 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2018/2018jihou.pdf
2981 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2019/2019cyuukanjihou.pdf
2982 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2019/2019jihou.pdf
2983 - http://ns.logitem.co.jp./img/ir/message/h3.jpg
2984 - http://ns.logitem.co.jp./img/ir/message/pageTop.jpg
2985 - http://ns.logitem.co.jp./img/ir/message/pict1.jpg
2986 - http://ns.logitem.co.jp./img/ir/movie/2019_setsumeikai.pdf
2987 - http://ns.logitem.co.jp./img/ir/movie/btn01.jpg
2988 - http://ns.logitem.co.jp./img/ir/movie/btn02.jpg
2989 - http://ns.logitem.co.jp./img/ir/movie/h3.jpg
2990 - http://ns.logitem.co.jp./img/ir/movie/pict.jpg
2991 - http://ns.logitem.co.jp./img/ir/sideBanner01.jpg
2992 - http://ns.logitem.co.jp./img/ir/sideBanner02.jpg
2993 - http://ns.logitem.co.jp./img/ir/sideDt.jpg
2994 - http://ns.logitem.co.jp./img/ir/stockholder/fig01.jpg
2995 - http://ns.logitem.co.jp./img/ir/stockholder/fig04.jpg
2996 - http://ns.logitem.co.jp./img/ir/stockholder/h3.jpg
2997 - http://ns.logitem.co.jp./img/ir/stockholder/h401.jpg
2998 - http://ns.logitem.co.jp./img/ir/stockholder/h402.jpg
2999 - http://ns.logitem.co.jp./img/ir/stockholder/h403.jpg
3000 - http://ns.logitem.co.jp./img/ir/vision/h3.jpg
3001 - http://ns.logitem.co.jp./img/ir/vision/h401.jpg
3002 - http://ns.logitem.co.jp./img/ir/vision/h402.jpg
3003 - http://ns.logitem.co.jp./img/ir/vision/th01-2017.jpg
3004 - http://ns.logitem.co.jp./img/ir/vision/th02-2017.jpg
3005 - http://ns.logitem.co.jp./img/ir/vision/th03-2017.jpg
3006 - http://ns.logitem.co.jp./img/recruit/career/h3.jpg
3007 - http://ns.logitem.co.jp./img/recruit/career/h5.jpg
3008 - http://ns.logitem.co.jp./img/recruit/education/fig.jpg
3009 - http://ns.logitem.co.jp./img/recruit/education/h3.jpg
3010 - http://ns.logitem.co.jp./img/recruit/faq/h3.jpg
3011 - http://ns.logitem.co.jp./img/recruit/flow/flow.jpg
3012 - http://ns.logitem.co.jp./img/recruit/flow/h3.jpg
3013 - http://ns.logitem.co.jp./img/recruit/gyokai/fig01.jpg
3014 - http://ns.logitem.co.jp./img/recruit/gyokai/h3.jpg
3015 - http://ns.logitem.co.jp./img/recruit/gyokai/h401.jpg
3016 - http://ns.logitem.co.jp./img/recruit/gyokai/h402.jpg
3017 - http://ns.logitem.co.jp./img/recruit/gyokai/th01.jpg
3018 - http://ns.logitem.co.jp./img/recruit/gyokai/th02.jpg
3019 - http://ns.logitem.co.jp./img/recruit/gyokai/th03.jpg
3020 - http://ns.logitem.co.jp./img/recruit/gyokai/th04.jpg
3021 - http://ns.logitem.co.jp./img/recruit/gyokai/th05.jpg
3022 - http://ns.logitem.co.jp./img/recruit/h2.jpg
3023 - http://ns.logitem.co.jp./img/recruit/index/btn01.jpg
3024 - http://ns.logitem.co.jp./img/recruit/index/btn02.jpg
3025 - http://ns.logitem.co.jp./img/recruit/index/btn03.jpg
3026 - http://ns.logitem.co.jp./img/recruit/index/btn04.jpg
3027 - http://ns.logitem.co.jp./img/recruit/index/btn05.jpg
3028 - http://ns.logitem.co.jp./img/recruit/index/btn06.jpg
3029 - http://ns.logitem.co.jp./img/recruit/index/btn07.jpg
3030 - http://ns.logitem.co.jp./img/recruit/index/dt01.jpg
3031 - http://ns.logitem.co.jp./img/recruit/index/dt02.jpg
3032 - http://ns.logitem.co.jp./img/recruit/index/h301.jpg
3033 - http://ns.logitem.co.jp./img/recruit/index/h302.jpg
3034 - http://ns.logitem.co.jp./img/recruit/index/h303.jpg
3035 - http://ns.logitem.co.jp./img/recruit/index/h401.jpg
3036 - http://ns.logitem.co.jp./img/recruit/index/h402.jpg
3037 - http://ns.logitem.co.jp./img/recruit/index/link01.jpg
3038 - http://ns.logitem.co.jp./img/recruit/index/link02.jpg
3039 - http://ns.logitem.co.jp./img/recruit/index/link03.jpg
3040 - http://ns.logitem.co.jp./img/recruit/index/link04.jpg
3041 - http://ns.logitem.co.jp./img/recruit/index/link05.jpg
3042 - http://ns.logitem.co.jp./img/recruit/index/link06.jpg
3043 - http://ns.logitem.co.jp./img/recruit/index/link07.jpg
3044 - http://ns.logitem.co.jp./img/recruit/index/pict01.jpg
3045 - http://ns.logitem.co.jp./img/recruit/index/pict02.jpg
3046 - http://ns.logitem.co.jp./img/recruit/outline/h3.jpg
3047 - http://ns.logitem.co.jp./img/recruit/requested/fig.jpg
3048 - http://ns.logitem.co.jp./img/recruit/requested/h3.jpg
3049 - http://ns.logitem.co.jp./img/recruit/requested/pict.jpg
3050 - http://ns.logitem.co.jp./img/recruit/seniors/h3.jpg
3051 - http://ns.logitem.co.jp./img/recruit/seniors/link01.jpg
3052 - http://ns.logitem.co.jp./img/recruit/seniors/link03.jpg
3053 - http://ns.logitem.co.jp./img/recruit/seniors/link04.jpg
3054 - http://ns.logitem.co.jp./img/recruit/sideDt.jpg
3055 - http://ns.logitem.co.jp./img/recruit/syokusyu/h3.jpg
3056 - http://ns.logitem.co.jp./img/recruit/syokusyu/h4-1.jpg
3057 - http://ns.logitem.co.jp./img/recruit/syokusyu/h4-2.jpg
3058 - http://ns.logitem.co.jp./img/recruit/syokusyu/h4-3.jpg
3059 - http://ns.logitem.co.jp./img/recruit/visit/h3.jpg
3060 - http://ns.logitem.co.jp./img/recruit/visit/h401.jpg
3061 - http://ns.logitem.co.jp./img/recruit/visit/h402.jpg
3062 - http://ns.logitem.co.jp./img/recruit/visit/pict01.jpg
3063 - http://ns.logitem.co.jp./img/recruit/visit/pict02.jpg
3064 - http://ns.logitem.co.jp./img/recruit/visit/pict03.jpg
3065 - http://ns.logitem.co.jp./img/recruit/visit/pict04.jpg
3066 - http://ns.logitem.co.jp./img/recruit/visit/pict05.jpg
3067 - http://ns.logitem.co.jp./img/recruit/visit/pict06.jpg
3068 - http://ns.logitem.co.jp./img/recruit/visit/pict07.jpg
3069 - http://ns.logitem.co.jp./img/recruit/visit/pict08.jpg
3070 - http://ns.logitem.co.jp./img/recruit/visit/pict09.jpg
3071 - http://ns.logitem.co.jp./img/recruit/visit/pict10.jpg
3072 - http://ns.logitem.co.jp./img/recruit/visit/pict11.jpg
3073 - http://ns.logitem.co.jp./img/recruit/visit/pict12.jpg
3074 - http://ns.logitem.co.jp./img/service/3pl/btn.jpg
3075 - http://ns.logitem.co.jp./img/service/3pl/fig01.jpg
3076 - http://ns.logitem.co.jp./img/service/3pl/fig02.jpg
3077 - http://ns.logitem.co.jp./img/service/3pl/h3.jpg
3078 - http://ns.logitem.co.jp./img/service/3pl/h401.jpg
3079 - http://ns.logitem.co.jp./img/service/3pl/h402.jpg
3080 - http://ns.logitem.co.jp./img/service/3pl/h403.jpg
3081 - http://ns.logitem.co.jp./img/service/3pl/h404.jpg
3082 - http://ns.logitem.co.jp./img/service/3pl/pict01.jpg
3083 - http://ns.logitem.co.jp./img/service/3pl/pict02.jpg
3084 - http://ns.logitem.co.jp./img/service/3pl/pict03.jpg
3085 - http://ns.logitem.co.jp./img/service/3pl/pict04.jpg
3086 - http://ns.logitem.co.jp./img/service/3pl/pict05.jpg
3087 - http://ns.logitem.co.jp./img/service/3pl/pict06.jpg
3088 - http://ns.logitem.co.jp./img/service/3pl/pict07.jpg
3089 - http://ns.logitem.co.jp./img/service/3pl/pict08.jpg
3090 - http://ns.logitem.co.jp./img/service/center_m/btn01.jpg
3091 - http://ns.logitem.co.jp./img/service/center_m/btn02.jpg
3092 - http://ns.logitem.co.jp./img/service/center_m/h3.jpg
3093 - http://ns.logitem.co.jp./img/service/center_m/h401.jpg
3094 - http://ns.logitem.co.jp./img/service/center_m/h402.jpg
3095 - http://ns.logitem.co.jp./img/service/center_m/h501.jpg
3096 - http://ns.logitem.co.jp./img/service/center_m/h502.jpg
3097 - http://ns.logitem.co.jp./img/service/center_m/h503.jpg
3098 - http://ns.logitem.co.jp./img/service/center_m/h504.jpg
3099 - http://ns.logitem.co.jp./img/service/center_m/pict01.jpg
3100 - http://ns.logitem.co.jp./img/service/center_m/pict02.jpg
3101 - http://ns.logitem.co.jp./img/service/center_m/pict03.jpg
3102 - http://ns.logitem.co.jp./img/service/center_m/pict04.jpg
3103 - http://ns.logitem.co.jp./img/service/center_m/pict05.jpg
3104 - http://ns.logitem.co.jp./img/service/center_m/pict06.jpg
3105 - http://ns.logitem.co.jp./img/service/center_m/pict07.jpg
3106 - http://ns.logitem.co.jp./img/service/center_m/pict08.jpg
3107 - http://ns.logitem.co.jp./img/service/center_m/pict09.jpg
3108 - http://ns.logitem.co.jp./img/service/center_m/pict10.jpg
3109 - http://ns.logitem.co.jp./img/service/center_m/pict11.jpg
3110 - http://ns.logitem.co.jp./img/service/center_re/btn01.jpg
3111 - http://ns.logitem.co.jp./img/service/center_re/h3.jpg
3112 - http://ns.logitem.co.jp./img/service/center_re/h4.jpg
3113 - http://ns.logitem.co.jp./img/service/center_re/h501.jpg
3114 - http://ns.logitem.co.jp./img/service/center_re/h502.jpg
3115 - http://ns.logitem.co.jp./img/service/center_re/pict01.jpg
3116 - http://ns.logitem.co.jp./img/service/center_re/pict02.jpg
3117 - http://ns.logitem.co.jp./img/service/center_re/pict03.jpg
3118 - http://ns.logitem.co.jp./img/service/center_re/pict04.jpg
3119 - http://ns.logitem.co.jp./img/service/center_re/pict05.jpg
3120 - http://ns.logitem.co.jp./img/service/center_re/pict06.jpg
3121 - http://ns.logitem.co.jp./img/service/center_re/pict07.jpg
3122 - http://ns.logitem.co.jp./img/service/center_re/pict08.jpg
3123 - http://ns.logitem.co.jp./img/service/center_re/pict09.jpg
3124 - http://ns.logitem.co.jp./img/service/center_re/pict10.jpg
3125 - http://ns.logitem.co.jp./img/service/center_re/pict11.jpg
3126 - http://ns.logitem.co.jp./img/service/center_re/pict12.jpg
3127 - http://ns.logitem.co.jp./img/service/center_re/pict13.jpg
3128 - http://ns.logitem.co.jp./img/service/center_re/pict14.jpg
3129 - http://ns.logitem.co.jp./img/service/center_re/pict14big.jpg
3130 - http://ns.logitem.co.jp./img/service/center_re/pict15.jpg
3131 - http://ns.logitem.co.jp./img/service/center_re/pict15big.jpg
3132 - http://ns.logitem.co.jp./img/service/center_re/pict16.jpg
3133 - http://ns.logitem.co.jp./img/service/global/h3.jpg
3134 - http://ns.logitem.co.jp./img/service/global/h4.jpg
3135 - http://ns.logitem.co.jp./img/service/global/map1.jpg
3136 - http://ns.logitem.co.jp./img/service/global/movie.jpg
3137 - http://ns.logitem.co.jp./img/service/global/pict02.jpg
3138 - http://ns.logitem.co.jp./img/service/global/pict03.jpg
3139 - http://ns.logitem.co.jp./img/service/global/pict04.jpg
3140 - http://ns.logitem.co.jp./img/service/h2.jpg
3141 - http://ns.logitem.co.jp./img/service/index/dt01.jpg
3142 - http://ns.logitem.co.jp./img/service/index/dt02.jpg
3143 - http://ns.logitem.co.jp./img/service/index/dt03.jpg
3144 - http://ns.logitem.co.jp./img/service/index/dt04.jpg
3145 - http://ns.logitem.co.jp./img/service/index/dt05.jpg
3146 - http://ns.logitem.co.jp./img/service/index/dt06.jpg
3147 - http://ns.logitem.co.jp./img/service/index/dt07.jpg
3148 - http://ns.logitem.co.jp./img/service/index/movie.jpg
3149 - http://ns.logitem.co.jp./img/service/index/movieDt.jpg
3150 - http://ns.logitem.co.jp./img/service/index/pict01.jpg
3151 - http://ns.logitem.co.jp./img/service/index/pict02.jpg
3152 - http://ns.logitem.co.jp./img/service/index/pict03.jpg
3153 - http://ns.logitem.co.jp./img/service/index/pict04.jpg
3154 - http://ns.logitem.co.jp./img/service/index/pict05.jpg
3155 - http://ns.logitem.co.jp./img/service/index/pict06.jpg
3156 - http://ns.logitem.co.jp./img/service/index/pict07.jpg
3157 - http://ns.logitem.co.jp./img/service/information/btn.jpg
3158 - http://ns.logitem.co.jp./img/service/information/h3.jpg
3159 - http://ns.logitem.co.jp./img/service/information/h401.jpg
3160 - http://ns.logitem.co.jp./img/service/information/h402.jpg
3161 - http://ns.logitem.co.jp./img/service/information/h5.jpg
3162 - http://ns.logitem.co.jp./img/service/information/pict01.jpg
3163 - http://ns.logitem.co.jp./img/service/information/pict01big.jpg
3164 - http://ns.logitem.co.jp./img/service/information/pict02.jpg
3165 - http://ns.logitem.co.jp./img/service/information/pict03.jpg
3166 - http://ns.logitem.co.jp./img/service/information/pict03big.jpg
3167 - http://ns.logitem.co.jp./img/service/information/pict04.jpg
3168 - http://ns.logitem.co.jp./img/service/others/btn02.jpg
3169 - http://ns.logitem.co.jp./img/service/others/btn03.jpg
3170 - http://ns.logitem.co.jp./img/service/others/btn04.jpg
3171 - http://ns.logitem.co.jp./img/service/others/btn05.jpg
3172 - http://ns.logitem.co.jp./img/service/others/h3.jpg
3173 - http://ns.logitem.co.jp./img/service/others/h401.jpg
3174 - http://ns.logitem.co.jp./img/service/others/h402.jpg
3175 - http://ns.logitem.co.jp./img/service/others/h403.jpg
3176 - http://ns.logitem.co.jp./img/service/others/h404.jpg
3177 - http://ns.logitem.co.jp./img/service/others/h405.jpg
3178 - http://ns.logitem.co.jp./img/service/others/pict01.jpg
3179 - http://ns.logitem.co.jp./img/service/others/pict02.jpg
3180 - http://ns.logitem.co.jp./img/service/others/pict03.jpg
3181 - http://ns.logitem.co.jp./img/service/others/pict04.jpg
3182 - http://ns.logitem.co.jp./img/service/others/pict05.jpg
3183 - http://ns.logitem.co.jp./img/service/others/pict06.jpg
3184 - http://ns.logitem.co.jp./img/service/others/pict07.jpg
3185 - http://ns.logitem.co.jp./img/service/sideDt.jpg
3186 - http://ns.logitem.co.jp./img/service/transportation/btn01.jpg
3187 - http://ns.logitem.co.jp./img/service/transportation/btn02.jpg
3188 - http://ns.logitem.co.jp./img/service/transportation/btn03.jpg
3189 - http://ns.logitem.co.jp./img/service/transportation/btn04.jpg
3190 - http://ns.logitem.co.jp./img/service/transportation/btn05.jpg
3191 - http://ns.logitem.co.jp./img/service/transportation/btn06.jpg
3192 - http://ns.logitem.co.jp./img/service/transportation/h3.jpg
3193 - http://ns.logitem.co.jp./img/service/transportation/h401.jpg
3194 - http://ns.logitem.co.jp./img/service/transportation/h402.jpg
3195 - http://ns.logitem.co.jp./img/service/transportation/h501.jpg
3196 - http://ns.logitem.co.jp./img/service/transportation/h502.jpg
3197 - http://ns.logitem.co.jp./img/service/transportation/h503.jpg
3198 - http://ns.logitem.co.jp./img/service/transportation/h504.jpg
3199 - http://ns.logitem.co.jp./img/service/transportation/h505.jpg
3200 - http://ns.logitem.co.jp./img/service/transportation/h506.jpg
3201 - http://ns.logitem.co.jp./img/service/transportation/pict01.jpg
3202 - http://ns.logitem.co.jp./img/service/transportation/pict02.jpg
3203 - http://ns.logitem.co.jp./img/service/transportation/pict03.jpg
3204 - http://ns.logitem.co.jp./img/service/transportation/pict03big.jpg
3205 - http://ns.logitem.co.jp./img/service/transportation/pict04.jpg
3206 - http://ns.logitem.co.jp./img/service/transportation/pict05.jpg
3207 - http://ns.logitem.co.jp./img/service/transportation/pict06.jpg
3208 - http://ns.logitem.co.jp./img/service/transportation/pict07.jpg
3209 - http://ns.logitem.co.jp./img/service/transportation/pict07big.jpg
3210 - http://ns.logitem.co.jp./img/service/transportation/pict08.jpg
3211 - http://ns.logitem.co.jp./img/service/transportation/pict09.jpg
3212 - http://ns.logitem.co.jp./img/service/transportation/pict10.jpg
3213 - http://ns.logitem.co.jp./img/service/transportation/pict11.jpg
3214 - http://ns.logitem.co.jp./img/service/transportation/pict12.jpg
3215 - http://ns.logitem.co.jp./img/service/transportation/pict13.jpg
3216 - http://ns.logitem.co.jp./js/jquery.flexslider.js
3217 - http://ns.logitem.co.jp./js/jquery.js
3218 - http://ns.logitem.co.jp./js/jquery.lightbox-0.5.js
3219 - http://ns.logitem.co.jp./js/thickbox.js
3220 - http://ns.logitem.co.jp./js/util.js
3221 - http://ns.logitem.co.jp./news/pdf/0116.pdf
3222 - http://ns.logitem.co.jp./news/pdf/20121015.pdf
3223 - http://ns.logitem.co.jp./news/pdf/20121212.pdf
3224 - http://ns.logitem.co.jp./news/pdf/20121220.pdf
3225 - http://ns.logitem.co.jp./news/pdf/20130130.pdf
3226 - http://ns.logitem.co.jp./news/pdf/20130214.pdf
3227 - http://ns.logitem.co.jp./news/pdf/20130515.pdf
3228 - http://ns.logitem.co.jp./news/pdf/20130605.pdf
3229 - http://ns.logitem.co.jp./news/pdf/20130626.pdf
3230 - http://ns.logitem.co.jp./news/pdf/20130913.pdf
3231 - http://ns.logitem.co.jp./news/pdf/20131029.pdf
3232 - http://ns.logitem.co.jp./news/pdf/20131114.pdf
3233 - http://ns.logitem.co.jp./news/pdf/20131119.pdf
3234 - http://ns.logitem.co.jp./news/pdf/20140130.pdf
3235 - http://ns.logitem.co.jp./news/pdf/20140204.pdf
3236 - http://ns.logitem.co.jp./news/pdf/20140314.pdf
3237 - http://ns.logitem.co.jp./news/pdf/20140325.pdf
3238 - http://ns.logitem.co.jp./news/pdf/20140428.pdf
3239 - http://ns.logitem.co.jp./news/pdf/20140515-1.pdf
3240 - http://ns.logitem.co.jp./news/pdf/20140515-2.pdf
3241 - http://ns.logitem.co.jp./news/pdf/20140523.pdf
3242 - http://ns.logitem.co.jp./news/pdf/20140529.pdf
3243 - http://ns.logitem.co.jp./news/pdf/20140617.pdf
3244 - http://ns.logitem.co.jp./news/pdf/20140627.pdf
3245 - http://ns.logitem.co.jp./news/pdf/20140916-1.pdf
3246 - http://ns.logitem.co.jp./news/pdf/20140916-2.pdf
3247 - http://ns.logitem.co.jp./news/pdf/20140916-3.pdf
3248 - http://ns.logitem.co.jp./news/pdf/20140925.pdf
3249 - http://ns.logitem.co.jp./news/pdf/20141030.pdf
3250 - http://ns.logitem.co.jp./news/pdf/20141113-2.pdf
3251 - http://ns.logitem.co.jp./news/pdf/20141113.pdf
3252 - http://ns.logitem.co.jp./news/pdf/20141125.pdf
3253 - http://ns.logitem.co.jp./news/pdf/20150130.pdf
3254 - http://ns.logitem.co.jp./news/pdf/20150313.pdf
3255 - http://ns.logitem.co.jp./news/pdf/20150428-2.pdf
3256 - http://ns.logitem.co.jp./news/pdf/20150428.pdf
3257 - http://ns.logitem.co.jp./news/pdf/20150515.pdf
3258 - http://ns.logitem.co.jp./news/pdf/20150528.pdf
3259 - http://ns.logitem.co.jp./news/pdf/20150603.pdf
3260 - http://ns.logitem.co.jp./news/pdf/20150626.pdf
3261 - http://ns.logitem.co.jp./news/pdf/20150930.pdf
3262 - http://ns.logitem.co.jp./news/pdf/20151030-1.pdf
3263 - http://ns.logitem.co.jp./news/pdf/20151030-2.pdf
3264 - http://ns.logitem.co.jp./news/pdf/20151116.pdf
3265 - http://ns.logitem.co.jp./news/pdf/20151124.pdf
3266 - http://ns.logitem.co.jp./news/pdf/20160315.pdf
3267 - http://ns.logitem.co.jp./news/pdf/20160324.pdf
3268 - http://ns.logitem.co.jp./news/pdf/20160428.pdf
3269 - http://ns.logitem.co.jp./news/pdf/20160516.pdf
3270 - http://ns.logitem.co.jp./news/pdf/20160614.pdf
3271 - http://ns.logitem.co.jp./news/pdf/20160629.pdf
3272 - http://ns.logitem.co.jp./news/pdf/20160721.pdf
3273 - http://ns.logitem.co.jp./news/pdf/20161028-1.pdf
3274 - http://ns.logitem.co.jp./news/pdf/20161129.pdf
3275 - http://ns.logitem.co.jp./news/pdf/20170119.pdf
3276 - http://ns.logitem.co.jp./news/pdf/20170130.pdf
3277 - http://ns.logitem.co.jp./news/pdf/20170314.pdf
3278 - http://ns.logitem.co.jp./news/pdf/20170428.pdf
3279 - http://ns.logitem.co.jp./news/pdf/20170515.pdf
3280 - http://ns.logitem.co.jp./news/pdf/20170529.pdf
3281 - http://ns.logitem.co.jp./news/pdf/20170629.pdf
3282 - http://ns.logitem.co.jp./news/pdf/20171031-01.pdf
3283 - http://ns.logitem.co.jp./news/pdf/20171031-02.pdf
3284 - http://ns.logitem.co.jp./news/pdf/20171031-03.pdf
3285 - http://ns.logitem.co.jp./news/pdf/20171114-01.pdf
3286 - http://ns.logitem.co.jp./news/pdf/20171122.pdf
3287 - http://ns.logitem.co.jp./news/pdf/20171219-01.pdf
3288 - http://ns.logitem.co.jp./news/pdf/20180131.pdf
3289 - http://ns.logitem.co.jp./news/pdf/20180308.pdf
3290 - http://ns.logitem.co.jp./news/pdf/20180418.pdf
3291 - http://ns.logitem.co.jp./news/pdf/20180426.pdf
3292 - http://ns.logitem.co.jp./news/pdf/20180427.pdf
3293 - http://ns.logitem.co.jp./news/pdf/20180514-01.pdf
3294 - http://ns.logitem.co.jp./news/pdf/20180514-02.pdf
3295 - http://ns.logitem.co.jp./news/pdf/20180514-03.pdf
3296 - http://ns.logitem.co.jp./news/pdf/20180514-04.pdf
3297 - http://ns.logitem.co.jp./news/pdf/20180628.pdf
3298 - http://ns.logitem.co.jp./news/pdf/20181031-01.pdf
3299 - http://ns.logitem.co.jp./news/pdf/20181126.pdf
3300 - http://ns.logitem.co.jp./news/pdf/20181130.pdf
3301 - http://ns.logitem.co.jp./news/pdf/20190219.pdf
3302 - http://ns.logitem.co.jp./news/pdf/20190315.pdf
3303 - http://ns.logitem.co.jp./news/pdf/20190426.pdf
3304 - http://ns.logitem.co.jp./news/pdf/20190515-01.pdf
3305 - http://ns.logitem.co.jp./news/pdf/20190515-02.pdf
3306 - http://ns.logitem.co.jp./news/pdf/20190527.pdf
3307 - http://ns.logitem.co.jp./news/pdf/20190627.pdf
3308 Total links to files: 704
3309
3310+ Externals links found:
3311 - http://freevideocoding.com/flvplayer.swf?file=http://www.logitem.co.jp/movie/global.flv&autoStart=true
3312 - http://freevideocoding.com/flvplayer.swf?file=http://www.logitem.co.jp/movie/logitem_group.flv&autoStart=true
3313 - http://freevideocoding.com/flvplayer.swf?file=http://www.logitem.co.jp/movie/service.flv&autoStart=true
3314 - http://goo.gl/maps/C2AL4
3315 - http://goo.gl/maps/CNrhJ
3316 - http://goo.gl/maps/CZvxv
3317 - http://goo.gl/maps/SwuOM
3318 - http://goo.gl/maps/fbD0J
3319 - http://goo.gl/maps/qqKLB
3320 - http://goo.gl/maps/wil1M
3321 - http://info.edinet-fsa.go.jp/
3322 - http://la-jinzai.com/index.html
3323 - http://stocks.finance.yahoo.co.jp/stocks/detail/?code=9060
3324 - http://www.b-soudan.com/
3325 - http://www.b-soudan.com/diagnosis/
3326 - http://www.b-soudan.com/property/tennant.html
3327 - http://www.b-soudan.com/service/system.html
3328 - http://www.b-soudan.com/service/total.html
3329 - http://www.b-soudan.com/service/total_mailorder.html
3330 - http://www.b-soudan.com/service/transportation_afternoon.html
3331 - http://www.b-soudan.com/service/transportation_chilled.html
3332 - http://www.b-soudan.com/service/transportation_edison.html
3333 - http://www.b-soudan.com/service/transportation_train.html
3334 - http://www.f-logitem.jp/
3335 - http://www.hanshin-logitem.jp/
3336 - http://www.irmovie.jp/ir/?logitem201311
3337 - http://www.irmovie.jp/ir/?logitem201405
3338 - http://www.irmovie.jp/ir/?logitem201411
3339 - http://www.irmovie.jp/ir/?logitem201505
3340 - http://www.irmovie.jp/ir/?logitem201511
3341 - http://www.irmovie.jp/ir/?logitem201611
3342 - http://www.irmovie.jp/ir/?logitem201705
3343 - http://www.irmovie.jp/nir/?conts=logitem_201711_s8f9
3344 - http://www.irmovie.jp/nir/?conts=logitem_201805_My8n
3345 - http://www.irmovie.jp/nir2/?conts=logitem_201905_eCwh
3346 - http://www.logismate.co.jp/
3347 - http://www.logitem-engineering.jp/
3348 - http://www.logitem-inter.co.jp/
3349 - http://www.logitem-keikabin.jp/
3350 - http://www.logitem.co.jp
3351 - http://www.logitem.co.jp/
3352 - http://www.logitem.co.jp/en/
3353 - http://www.logitem.co.jp/include/shanghaic.htm
3354 - http://www.logitemvietnam.com/
3355 - http://www.logitemvietnam.com/glkp
3356 - http://www.logitemvietnam.com/laos
3357 - http://www.logitemvietnam.com/no2/lvc
3358 - http://www.logitemvietnam.com/no2/lvh
3359 - http://www.logitemvietnam.com/taiwan
3360 - http://www.logitemvietnam.com/thai
3361 - http://www.logitemvietnam.com/vietnam
3362 - http://www.logitemvietnam.com/wholesale
3363 - http://www.mizuho-tb.co.jp
3364 - http://www.nikkoir.co.jp/seminar/mirai
3365 - http://www.officeplanning.jp/
3366 - http://www.smbcnikko.co.jp/seminar/nikko_online/IR/movie/9060_140824.html
3367 - https://job.rikunabi.com/2019/company/r159200058/entry/B001/
3368 - https://job.rikunabi.com/2020/company/r159200058/
3369 - https://job.rikunabi.com/2020/static/common/contents/logos/rikunabi/image/rn_logo_b.gif
3370 - https://maps.google.co.jp/maps?hl=ja&rlz=1T4NDKB_jaJP521JP521&q=%E6%B8%AF%E5%8C%BA%E9%AB%98%E8%BC%AA2-16-37&um=1&ie=UTF-8&hq=&hnear=0x60188a53349efe21:0x880200ff11144c33,%E6%9D%B1%E4%BA%AC%E9%83%BD%E6%B8%AF%E5%8C%BA%E9%AB%98%E8%BC%AA%EF%BC%92%E4%B8%81%E7%9B%AE%EF%BC%91%EF%BC%96%E2%88%92%EF%BC%93%EF%BC%97&gl=jp&sa=X&ei=jP3nU4P-D4vj8AWfoIDYDA&ved=0CBQQ8gEoADAA
3371 - https://www.google.co.jp/maps/place/%E3%80%92143-0001+%E6%9D%B1%E4%BA%AC%E9%83%BD%E5%A4%A7%E7%94%B0%E5%8C%BA%E6%9D%B1%E6%B5%B7%EF%BC%91%E4%B8%81%E7%9B%AE%EF%BC%93%E2%88%92%EF%BC%96/@35.5864838,139.7516195,17z/data=!3m1!4b1!4m5!3m4!1s0x60186195bccca097:0x6b8678e7f91ef798!8m2!3d35.5864795!4d139.7538082
3372 - https://www.logitem.co.jp/en/info/contact.html
3373 - https://www.logitem.co.jp/info/contact.html
3374 Total external links: 63
3375
3376+ Email addresses found:
3377 Total email address found: 0
3378
3379+ Directories found:
3380 - http://ns.logitem.co.jp./branch/ (No open folder)
3381 - http://ns.logitem.co.jp./company/ (No open folder)
3382 - http://ns.logitem.co.jp./company/pdf/ (404 Not Found)
3383 - http://ns.logitem.co.jp./css/ (404 Not Found)
3384 - http://ns.logitem.co.jp./en/ (No open folder)
3385 - http://ns.logitem.co.jp./en/css/ (404 Not Found)
3386 - http://ns.logitem.co.jp./en/img/ (404 Not Found)
3387 - http://ns.logitem.co.jp./en/img/common/ (404 Not Found)
3388 - http://ns.logitem.co.jp./en/img/index/ (404 Not Found)
3389 - http://ns.logitem.co.jp./en/js/ (404 Not Found)
3390 - http://ns.logitem.co.jp./group/ (No open folder)
3391 - http://ns.logitem.co.jp./img/ (No open folder)
3392 - http://ns.logitem.co.jp./img/branch/ (404 Not Found)
3393 - http://ns.logitem.co.jp./img/common/ (404 Not Found)
3394 - http://ns.logitem.co.jp./img/company/ (404 Not Found)
3395 - http://ns.logitem.co.jp./img/company/board/ (404 Not Found)
3396 - http://ns.logitem.co.jp./img/company/ceo/ (404 Not Found)
3397 - http://ns.logitem.co.jp./img/company/company/ (404 Not Found)
3398 - http://ns.logitem.co.jp./img/company/environment/ (404 Not Found)
3399 - http://ns.logitem.co.jp./img/company/idea/ (404 Not Found)
3400 - http://ns.logitem.co.jp./img/company/index/ (404 Not Found)
3401 - http://ns.logitem.co.jp./img/company/organization/ (404 Not Found)
3402 - http://ns.logitem.co.jp./img/company/quality/ (404 Not Found)
3403 - http://ns.logitem.co.jp./img/company/safety/ (404 Not Found)
3404 - http://ns.logitem.co.jp./img/group/ (404 Not Found)
3405 - http://ns.logitem.co.jp./img/index/ (404 Not Found)
3406 - http://ns.logitem.co.jp./img/info/ (404 Not Found)
3407 - http://ns.logitem.co.jp./img/info/sitemap/ (404 Not Found)
3408 - http://ns.logitem.co.jp./img/ir/ (404 Not Found)
3409 - http://ns.logitem.co.jp./img/ir/about/ (404 Not Found)
3410 - http://ns.logitem.co.jp./img/ir/calendar/ (404 Not Found)
3411 - http://ns.logitem.co.jp./img/ir/corporate/ (404 Not Found)
3412 - http://ns.logitem.co.jp./img/ir/faq/ (404 Not Found)
3413 - http://ns.logitem.co.jp./img/ir/highlight/ (404 Not Found)
3414 - http://ns.logitem.co.jp./img/ir/index/ (404 Not Found)
3415 - http://ns.logitem.co.jp./img/ir/info/ (404 Not Found)
3416 - http://ns.logitem.co.jp./img/ir/library/ (404 Not Found)
3417 - http://ns.logitem.co.jp./img/ir/library/pdf/ (404 Not Found)
3418 - http://ns.logitem.co.jp./img/ir/library/pdf/article/ (404 Not Found)
3419 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2008/ (404 Not Found)
3420 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2009/ (404 Not Found)
3421 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2010/ (404 Not Found)
3422 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2011/ (404 Not Found)
3423 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2012/ (404 Not Found)
3424 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2013/ (404 Not Found)
3425 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2014/ (404 Not Found)
3426 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2015/ (404 Not Found)
3427 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2016/ (404 Not Found)
3428 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2017/ (404 Not Found)
3429 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2018/ (404 Not Found)
3430 - http://ns.logitem.co.jp./img/ir/library/pdf/article/2019/ (404 Not Found)
3431 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/ (404 Not Found)
3432 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2008/ (404 Not Found)
3433 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2009/ (404 Not Found)
3434 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2010/ (404 Not Found)
3435 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2011/ (404 Not Found)
3436 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2012/ (404 Not Found)
3437 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2013/ (404 Not Found)
3438 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2014/ (404 Not Found)
3439 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2015/ (404 Not Found)
3440 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2016/ (404 Not Found)
3441 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2017/ (404 Not Found)
3442 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2018/ (404 Not Found)
3443 - http://ns.logitem.co.jp./img/ir/library/pdf/briefing/2019/ (404 Not Found)
3444 - http://ns.logitem.co.jp./img/ir/library/pdf/other/ (404 Not Found)
3445 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2008/ (404 Not Found)
3446 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2009/ (404 Not Found)
3447 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2010/ (404 Not Found)
3448 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2011/ (404 Not Found)
3449 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2012/ (404 Not Found)
3450 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2013/ (404 Not Found)
3451 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2014/ (404 Not Found)
3452 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2015/ (404 Not Found)
3453 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2016/ (404 Not Found)
3454 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2017/ (404 Not Found)
3455 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2018/ (404 Not Found)
3456 - http://ns.logitem.co.jp./img/ir/library/pdf/other/2019/ (404 Not Found)
3457 - http://ns.logitem.co.jp./img/ir/library/pdf/report/ (404 Not Found)
3458 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2008/ (404 Not Found)
3459 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2009/ (404 Not Found)
3460 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2010/ (404 Not Found)
3461 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2011/ (404 Not Found)
3462 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2012/ (404 Not Found)
3463 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2013/ (404 Not Found)
3464 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2014/ (404 Not Found)
3465 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2015/ (404 Not Found)
3466 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2016/ (404 Not Found)
3467 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2017/ (404 Not Found)
3468 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2018/ (404 Not Found)
3469 - http://ns.logitem.co.jp./img/ir/library/pdf/report/2019/ (404 Not Found)
3470 - http://ns.logitem.co.jp./img/ir/message/ (404 Not Found)
3471 - http://ns.logitem.co.jp./img/ir/movie/ (404 Not Found)
3472 - http://ns.logitem.co.jp./img/ir/stockholder/ (404 Not Found)
3473 - http://ns.logitem.co.jp./img/ir/vision/ (404 Not Found)
3474 - http://ns.logitem.co.jp./img/recruit/ (404 Not Found)
3475 - http://ns.logitem.co.jp./img/recruit/career/ (404 Not Found)
3476 - http://ns.logitem.co.jp./img/recruit/education/ (404 Not Found)
3477 - http://ns.logitem.co.jp./img/recruit/faq/ (404 Not Found)
3478 - http://ns.logitem.co.jp./img/recruit/flow/ (404 Not Found)
3479 - http://ns.logitem.co.jp./img/recruit/gyokai/ (404 Not Found)
3480 - http://ns.logitem.co.jp./img/recruit/index/ (404 Not Found)
3481 - http://ns.logitem.co.jp./img/recruit/outline/ (404 Not Found)
3482 - http://ns.logitem.co.jp./img/recruit/requested/ (404 Not Found)
3483 - http://ns.logitem.co.jp./img/recruit/seniors/ (404 Not Found)
3484 - http://ns.logitem.co.jp./img/recruit/syokusyu/ (404 Not Found)
3485 - http://ns.logitem.co.jp./img/recruit/visit/ (404 Not Found)
3486 - http://ns.logitem.co.jp./img/service/ (404 Not Found)
3487 - http://ns.logitem.co.jp./img/service/3pl/ (404 Not Found)
3488 - http://ns.logitem.co.jp./img/service/center_m/ (404 Not Found)
3489 - http://ns.logitem.co.jp./img/service/center_re/ (404 Not Found)
3490 - http://ns.logitem.co.jp./img/service/global/ (404 Not Found)
3491 - http://ns.logitem.co.jp./img/service/index/ (404 Not Found)
3492 - http://ns.logitem.co.jp./img/service/information/ (404 Not Found)
3493 - http://ns.logitem.co.jp./img/service/others/ (404 Not Found)
3494 - http://ns.logitem.co.jp./img/service/transportation/ (404 Not Found)
3495 - http://ns.logitem.co.jp./info/ (No open folder)
3496 - http://ns.logitem.co.jp./ir/ (No open folder)
3497 - http://ns.logitem.co.jp./js/ (404 Not Found)
3498 - http://ns.logitem.co.jp./news/ (404 Not Found)
3499 - http://ns.logitem.co.jp./news/pdf/ (404 Not Found)
3500 - http://ns.logitem.co.jp./recruit/ (No open folder)
3501 - http://ns.logitem.co.jp./service/ (No open folder)
3502 Total directories: 122
3503
3504+ Directory indexing found:
3505 Total directories with indexing: 0
3506
3507----------------------------------------------------------------------
3508
3509--Finished--
3510Summary information for domain logitem.co.jp.
3511-----------------------------------------
3512
3513 Domain Ips Information:
3514 IP: 202.248.236.200
3515 Type: SPF
3516 Is Active: True (reset ttl 64)
3517 Port: 443/tcp open ssl/http syn-ack ttl 234 Apache httpd
3518 Script Info: | ssl-cert: Subject: commonName=archive.mailgateway.nifcloud.com/organizationName=FUJITSU CLOUD TECHNOLOGIES LIMITED/stateOrProvinceName=Tokyo/countryName=JP
3519 Script Info: | Subject Alternative Name: DNS:archive.mailgateway.nifcloud.com
3520 Script Info: | Issuer: commonName=Cybertrust Japan Public CA G3/organizationName=Cybertrust Japan Co., Ltd./countryName=JP
3521 Script Info: | Public Key type: rsa
3522 Script Info: | Public Key bits: 2048
3523 Script Info: | Signature Algorithm: sha256WithRSAEncryption
3524 Script Info: | Not valid before: 2019-01-28T09:05:52
3525 Script Info: | Not valid after: 2021-01-28T14:59:00
3526 Script Info: | MD5: a97f 61f7 48ad b9bf 4e58 8644 1d22 de5e
3527 Script Info: |_SHA-1: 56fc 2c90 24e6 3c28 9e88 1e9e 2a76 2900 4ef8 428d
3528 Script Info: |_ssl-date: TLS randomness does not represent time
3529 Script Info: Device type: general purpose|broadband router|WAP|printer
3530 IP: 202.248.5.37
3531 HostName: ns01.logitem.co.jp Type: NS
3532 HostName: ns01.outs.web.ad.jp Type: PTR
3533 Country: Japan
3534 Is Active: True (reset ttl 64)
3535 Port: 53/tcp open domain syn-ack ttl 44 (generic dns response: NOTIMP)
3536 Script Info: | fingerprint-strings:
3537 Script Info: | DNSVersionBindReqTCP:
3538 Script Info: | version
3539 Script Info: |_ bind
3540 IP: 202.248.236.202
3541 HostName: mx.mailgateway.nifcloud.com Type: MX
3542 HostName: mx1.mail-filter.nifty.com Type: PTR
3543 Country: Japan
3544 Is Active: True (reset ttl 64)
3545 IP: 210.168.52.41
3546 HostName: www.logitem.co.jp. Type: A
3547 HostName: ns.logitem.co.jp. Type: A
3548 Country: Japan
3549 Is Active: True (reset ttl 64)
3550 Port: 80/tcp open http syn-ack ttl 44 Apache httpd
3551 Script Info: | http-methods:
3552 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
3553 Script Info: |_http-server-header: Apache
3554 Script Info: |_http-title: \xE6\x97\xA5\xE6\x9C\xAC\xE3\x83\xAD\xE3\x82\xB8\xE3\x83\x86\xE3\x83\xA0\xE6\xA0\xAA\xE5\xBC\x8F\xE4\xBC\x9A\xE7\xA4\xBE
3555 Port: 443/tcp open ssl/https? syn-ack ttl 40
3556 Script Info: |_ssl-date: 2019-08-01T23:53:05+00:00; +1s from scanner time.
3557 Script Info: Device type: general purpose|firewall|storage-misc|media device|WAP
3558 IP: 202.248.170.126
3559 HostName: firewall.logitem.co.jp. Type: A
3560 Country: Japan
3561 Is Active: True (reset ttl 64)
3562 IP: 54.238.150.68
3563 Type: SPF
3564 Is Active: True (reset ttl 64)
3565 Port: 110/tcp open pop3 syn-ack ttl 36
3566 Script Info: | fingerprint-strings:
3567 Script Info: | GenericLines, NULL:
3568 Script Info: | +OK webmail001t1c001.syncdot.com ready <4035.1564703692@webmail001t1c001.syncdot.com>
3569 Script Info: | HTTPOptions:
3570 Script Info: | +OK webmail001t1c001.syncdot.com ready <4035.1564703703@webmail001t1c001.syncdot.com>
3571 Script Info: |_ -ERR invalid command
3572 Port: 443/tcp open ssl/http syn-ack ttl 35 Apache httpd
3573 Script Info: | http-methods:
3574 Script Info: |_ Supported Methods: GET HEAD POST
3575 Script Info: |_http-server-header: Apache
3576 Script Info: |_http-title: 400 Bad Request
3577 Script Info: | ssl-cert: Subject: commonName=*.syncdot.com/organizationName=Fujitsu Systems Applications And Support Limited/stateOrProvinceName=MIYAGI/countryName=JP
3578 Script Info: | Subject Alternative Name: DNS:*.syncdot.com, DNS:syncdot.com
3579 Script Info: | Issuer: commonName=JPRS Organization Validation Authority - G2/organizationName=Japan Registry Services Co., Ltd./countryName=JP
3580 Script Info: | Public Key type: rsa
3581 Script Info: | Public Key bits: 2048
3582 Script Info: | Signature Algorithm: sha256WithRSAEncryption
3583 Script Info: | Not valid before: 2018-08-03T07:02:04
3584 Script Info: | Not valid after: 2019-08-31T14:59:59
3585 Script Info: | MD5: a5b4 1261 99c6 4a91 c128 be9e dd47 f96d
3586 Script Info: |_SHA-1: 71b4 3281 ef63 8bed db0a c474 3b01 78c5 9a31 64f7
3587 Script Info: |_ssl-date: 2019-08-01T23:55:20+00:00; +1s from scanner time.
3588 Port: 587/tcp open smtp syn-ack ttl 37 Postfix smtpd
3589 Script Info: |_smtp-commands: webmail001t1c001.syncdot.com, PIPELINING, SIZE 30720000, ETRN, AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
3590 Os Info: Hosts: webmail001t1c001.syncdot.com, webmail001t1c001.syncdot.com
3591 IP: 202.248.236.208
3592 Type: SPF
3593 Is Active: True (reset ttl 64)
3594 Port: 587/tcp open smtp syn-ack ttl 233 qmail smtpd
3595 Script Info: | smtp-commands: audit1.mail-filter.nifty.com, ENHANCEDSTATUSCODES, PIPELINING, DSN, AUTH=PLAIN LOGIN CRAM-MD5, AUTH PLAIN LOGIN CRAM-MD5, DELIVERBY, HELP,
3596 Script Info: |_ qmail home page: http://pobox.com/~djb/qmail.html
3597 Script Info: Device type: general purpose|broadband router|WAP|printer
3598 Os Info: OS: Unix
3599 IP: 202.248.238.204
3600 Type: SPF
3601 Is Active: True (reset ttl 64)
3602 IP: 202.248.237.20
3603 Type: SPF
3604 Is Active: True (reset ttl 64)
3605 IP: 210.131.2.105
3606 Type: SPF
3607 Is Active: True (reset ttl 64)
3608 IP: 54.238.237.220
3609 Type: SPF
3610 Is Active: True (reset ttl 64)
3611 IP: 202.248.5.5
3612 HostName: ns03.logitem.co.jp Type: NS
3613 HostName: ns03.outs.web.ad.jp Type: PTR
3614 Country: Japan
3615 Is Active: True (reset ttl 64)
3616 Port: 53/tcp open domain syn-ack ttl 42 (generic dns response: NOTIMP)
3617 Script Info: | fingerprint-strings:
3618 Script Info: | DNSVersionBindReqTCP:
3619 Script Info: | version
3620 Script Info: |_ bind
3621 IP: 54.238.200.209
3622 Type: SPF
3623 Is Active: True (reset ttl 64)
3624 Port: 110/tcp open pop3 syn-ack ttl 35
3625 Script Info: | fingerprint-strings:
3626 Script Info: | GenericLines, NULL:
3627 Script Info: | +OK webmail001t1a001.syncdot.com ready <21242.1564703884@webmail001t1a001.syncdot.com>
3628 Script Info: | HTTPOptions:
3629 Script Info: | +OK webmail001t1a001.syncdot.com ready <11864.1564703896@webmail001t1a001.syncdot.com>
3630 Script Info: |_ -ERR invalid command
3631 Port: 443/tcp open ssl/http syn-ack ttl 36 Apache httpd
3632 Script Info: | http-methods:
3633 Script Info: |_ Supported Methods: GET HEAD POST
3634 Script Info: |_http-server-header: Apache
3635 Script Info: |_http-title: 400 Bad Request
3636 Script Info: | ssl-cert: Subject: commonName=*.syncdot.com/organizationName=Fujitsu Systems Applications And Support Limited/stateOrProvinceName=MIYAGI/countryName=JP
3637 Script Info: | Subject Alternative Name: DNS:*.syncdot.com, DNS:syncdot.com
3638 Script Info: | Issuer: commonName=JPRS Organization Validation Authority - G2/organizationName=Japan Registry Services Co., Ltd./countryName=JP
3639 Script Info: | Public Key type: rsa
3640 Script Info: | Public Key bits: 2048
3641 Script Info: | Signature Algorithm: sha256WithRSAEncryption
3642 Script Info: | Not valid before: 2018-08-03T07:02:04
3643 Script Info: | Not valid after: 2019-08-31T14:59:59
3644 Script Info: | MD5: a5b4 1261 99c6 4a91 c128 be9e dd47 f96d
3645 Script Info: |_SHA-1: 71b4 3281 ef63 8bed db0a c474 3b01 78c5 9a31 64f7
3646 Script Info: |_ssl-date: 2019-08-01T23:58:34+00:00; 0s from scanner time.
3647 Port: 587/tcp open smtp syn-ack ttl 35 Postfix smtpd
3648 Script Info: |_smtp-commands: webmail001t1a001.syncdot.com, PIPELINING, SIZE 30720000, ETRN, AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
3649 Os Info: Hosts: webmail001t1a001.syncdot.com, webmail001t1a001.syncdot.com
3650 IP: 54.238.207.248
3651 Type: SPF
3652 Is Active: True (reset ttl 64)
3653 Port: 587/tcp open smtp syn-ack ttl 35 Postfix smtpd
3654 Script Info: |_smtp-commands: archived001t1a001.syncdot.com, PIPELINING, SIZE 32000000, VRFY, ETRN, AUTH GS2-IAKERB GS2-KRB5 SCRAM-SHA-1 GSSAPI GSS-SPNEGO DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
3655 Os Info: Host: archived001t1a001.syncdot.com
3656 IP: 210.131.2.67
3657 Type: SPF
3658 Is Active: True (reset ttl 64)
3659#####################################################################################################################################
3660Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:41 EDT
3661Nmap scan report for 210.168.52.41
3662Host is up (0.45s latency).
3663Not shown: 471 filtered ports, 3 closed ports
3664Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
3665PORT STATE SERVICE
366680/tcp open http
3667443/tcp open https
3668####################################################################################################################################
3669Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:43 EDT
3670Nmap scan report for 210.168.52.41
3671Host is up (0.17s latency).
3672Not shown: 2 filtered ports
3673PORT STATE SERVICE
367453/udp open|filtered domain
367567/udp open|filtered dhcps
367668/udp open|filtered dhcpc
367769/udp open|filtered tftp
367888/udp open|filtered kerberos-sec
3679123/udp open|filtered ntp
3680139/udp open|filtered netbios-ssn
3681161/udp open|filtered snmp
3682162/udp open|filtered snmptrap
3683389/udp open|filtered ldap
3684520/udp open|filtered route
36852049/udp open|filtered nfs
3686#######################################################################################################################################
3687Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:43 EDT
3688Nmap scan report for 210.168.52.41
3689Host is up.
3690
3691PORT STATE SERVICE VERSION
369267/udp open|filtered dhcps
3693|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
3694Too many fingerprints match this host to give specific OS details
3695
3696TRACEROUTE (using proto 1/icmp)
3697HOP RTT ADDRESS
36981 172.16 ms 10.247.200.1
36992 173.19 ms 213.184.122.97
37003 172.30 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
37014 172.34 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
37025 235.61 ms bzq-219-189-154.dsl.bezeqint.net (62.219.189.154)
37036 231.56 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
37047 298.59 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
37058 359.97 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
37069 471.63 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
370710 ...
370811 455.80 ms 61.206.169.254
370912 454.01 ms 202.93.95.182
371013 453.96 ms 202.93.95.153
371114 456.91 ms 203.141.47.66
371215 453.36 ms 158.205.134.6
371316 456.46 ms 158.205.192.237
371417 470.71 ms 158.205.188.130
371518 454.44 ms 158.205.188.138
371619 454.52 ms 158.205.110.238
371720 ... 30
3718#############################################################################################################################
3719Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:45 EDT
3720Nmap scan report for 210.168.52.41
3721Host is up.
3722
3723PORT STATE SERVICE VERSION
372468/udp open|filtered dhcpc
3725Too many fingerprints match this host to give specific OS details
3726
3727TRACEROUTE (using proto 1/icmp)
3728HOP RTT ADDRESS
37291 167.27 ms 10.247.200.1
37302 168.65 ms 213.184.122.97
37313 167.46 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
37324 167.71 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
37335 230.98 ms bzq-219-189-154.dsl.bezeqint.net (62.219.189.154)
37346 226.96 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
37357 294.55 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
37368 355.41 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
37379 466.89 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
373810 ...
373911 454.43 ms 61.206.169.254
374012 446.02 ms 202.93.95.182
374113 446.45 ms 202.93.95.153
374214 449.44 ms 203.141.47.66
374315 459.51 ms 158.205.134.6
374416 453.47 ms 158.205.192.237
374517 456.60 ms 158.205.188.130
374618 449.27 ms 158.205.188.138
374719 454.79 ms 158.205.110.238
374820 ... 30
3749###################################################################################################################################
3750Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:47 EDT
3751Nmap scan report for 210.168.52.41
3752Host is up.
3753
3754PORT STATE SERVICE VERSION
375569/udp open|filtered tftp
3756Too many fingerprints match this host to give specific OS details
3757
3758TRACEROUTE (using proto 1/icmp)
3759HOP RTT ADDRESS
37601 169.33 ms 10.247.200.1
37612 170.54 ms 213.184.122.97
37623 169.40 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
37634 169.60 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
37645 234.20 ms bzq-219-189-154.cablep.bezeqint.net (62.219.189.154)
37656 228.76 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
37667 295.75 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
37678 357.21 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
37689 468.97 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
376910 ...
377011 460.90 ms 61.206.169.254
377112 449.87 ms 202.93.95.182
377213 449.81 ms 202.93.95.153
377314 454.62 ms 203.141.47.66
377415 452.85 ms 158.205.134.6
377516 453.09 ms 158.205.192.237
377617 459.84 ms 158.205.188.130
377718 478.41 ms 158.205.188.138
377819 456.61 ms 158.205.110.238
377920 ... 30
3780#######################################################################################################################################
3781Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:49 EDT
3782Nmap scan report for 210.168.52.41
3783Host is up (0.42s latency).
3784
3785PORT STATE SERVICE VERSION
378680/tcp open http Apache httpd
3787|_http-server-header: Apache
3788| http-vuln-cve2011-3192:
3789| VULNERABLE:
3790| Apache byterange filter DoS
3791| State: VULNERABLE
3792| IDs: OSVDB:74721 CVE:CVE-2011-3192
3793| The Apache web server is vulnerable to a denial of service attack when numerous
3794| overlapping byte ranges are requested.
3795| Disclosure date: 2011-08-19
3796| References:
3797| http://osvdb.org/74721
3798| http://seclists.org/fulldisclosure/2011/Aug/175
3799| http://nessus.org/plugins/index.php?view=single&id=55976
3800| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
3801|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
3802| vulscan: VulDB - https://vuldb.com:
3803| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3804| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3805| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3806| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3807| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3808| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3809| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3810| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3811| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3812| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3813| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3814| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3815| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3816| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3817| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3818| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3819| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3820| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
3821| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3822| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3823| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
3824| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
3825| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
3826| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
3827| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3828| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3829| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
3830| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
3831| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
3832| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
3833| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3834| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
3835| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
3836| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
3837| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
3838| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
3839| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
3840| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
3841| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
3842| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3843| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3844| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3845| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3846| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3847| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3848| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3849| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3850| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3851| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3852| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3853| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3854| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3855| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3856| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3857| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3858| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3859| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3860| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3861| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3862| [130629] Apache Guacamole Cookie Flag weak encryption
3863| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3864| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3865| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3866| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3867| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3868| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3869| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3870| [130123] Apache Airflow up to 1.8.2 information disclosure
3871| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3872| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3873| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3874| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3875| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3876| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3877| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3878| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3879| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3880| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3881| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3882| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3883| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3884| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3885| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3886| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3887| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3888| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3889| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3890| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3891| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3892| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3893| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3894| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3895| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3896| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3897| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3898| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3899| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3900| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3901| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3902| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3903| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3904| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3905| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3906| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3907| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3908| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3909| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3910| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3911| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3912| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3913| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3914| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3915| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3916| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3917| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3918| [127007] Apache Spark Request Code Execution
3919| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3920| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3921| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3922| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3923| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3924| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3925| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3926| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3927| [126346] Apache Tomcat Path privilege escalation
3928| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3929| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3930| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3931| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3932| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3933| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3934| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3935| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3936| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3937| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3938| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3939| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3940| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3941| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3942| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3943| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3944| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3945| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3946| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3947| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3948| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3949| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3950| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3951| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3952| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3953| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3954| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3955| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3956| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3957| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3958| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3959| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3960| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3961| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3962| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3963| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3964| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3965| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3966| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3967| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3968| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3969| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3970| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3971| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3972| [123197] Apache Sentry up to 2.0.0 privilege escalation
3973| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3974| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3975| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3976| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3977| [122800] Apache Spark 1.3.0 REST API weak authentication
3978| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3979| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3980| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3981| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3982| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3983| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3984| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3985| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3986| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3987| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3988| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3989| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3990| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3991| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3992| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3993| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3994| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3995| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3996| [121354] Apache CouchDB HTTP API Code Execution
3997| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3998| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3999| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4000| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4001| [120168] Apache CXF weak authentication
4002| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4003| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4004| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4005| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4006| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4007| [119306] Apache MXNet Network Interface privilege escalation
4008| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4009| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4010| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4011| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4012| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4013| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4014| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4015| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4016| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4017| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4018| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4019| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4020| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4021| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4022| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4023| [117115] Apache Tika up to 1.17 tika-server command injection
4024| [116929] Apache Fineract getReportType Parameter privilege escalation
4025| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4026| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4027| [116926] Apache Fineract REST Hand Parameter privilege escalation
4028| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4029| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4030| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4031| [115883] Apache Hive up to 2.3.2 privilege escalation
4032| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4033| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4034| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4035| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4036| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4037| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4038| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4039| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4040| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4041| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4042| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4043| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4044| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4045| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4046| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4047| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4048| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4049| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4050| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4051| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4052| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4053| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4054| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4055| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4056| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4057| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4058| [113895] Apache Geode up to 1.3.x Code Execution
4059| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4060| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4061| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4062| [113747] Apache Tomcat Servlets privilege escalation
4063| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4064| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4065| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4066| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4067| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4068| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4069| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4070| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4071| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4072| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4073| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4074| [112885] Apache Allura up to 1.8.0 File information disclosure
4075| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4076| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4077| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4078| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4079| [112625] Apache POI up to 3.16 Loop denial of service
4080| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4081| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4082| [112339] Apache NiFi 1.5.0 Header privilege escalation
4083| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4084| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4085| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4086| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4087| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4088| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4089| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4090| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4091| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4092| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4093| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4094| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4095| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4096| [112114] Oracle 9.1 Apache Log4j privilege escalation
4097| [112113] Oracle 9.1 Apache Log4j privilege escalation
4098| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4099| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4100| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4101| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4102| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4103| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4104| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4105| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4106| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4107| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4108| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4109| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4110| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4111| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4112| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4113| [110701] Apache Fineract Query Parameter sql injection
4114| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4115| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4116| [110393] Apple macOS up to 10.13.2 apache information disclosure
4117| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4118| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4119| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4120| [110106] Apache CXF Fediz Spring cross site request forgery
4121| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4122| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4123| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4124| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4125| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4126| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4127| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4128| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4129| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4130| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4131| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4132| [108938] Apple macOS up to 10.13.1 apache denial of service
4133| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4134| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4135| [108935] Apple macOS up to 10.13.1 apache denial of service
4136| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4137| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4138| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4139| [108931] Apple macOS up to 10.13.1 apache denial of service
4140| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4141| [108929] Apple macOS up to 10.13.1 apache denial of service
4142| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4143| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4144| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4145| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4146| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4147| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4148| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4149| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
4150| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4151| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4152| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4153| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4154| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4155| [108782] Apache Xerces2 XML Service denial of service
4156| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4157| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4158| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4159| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4160| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4161| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4162| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4163| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4164| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4165| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4166| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4167| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4168| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4169| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4170| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4171| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4172| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4173| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4174| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4175| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4176| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4177| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4178| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4179| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4180| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4181| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
4182| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
4183| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4184| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
4185| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4186| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4187| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4188| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
4189| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
4190| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4191| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4192| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4193| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4194| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4195| [107639] Apache NiFi 1.4.0 XML External Entity
4196| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4197| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4198| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4199| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4200| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4201| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4202| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4203| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4204| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4205| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4206| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4207| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4208| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4209| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4210| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4211| [107084] Apache Struts up to 2.3.19 cross site scripting
4212| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4213| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4214| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4215| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4216| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4217| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4218| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4219| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4220| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4221| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4222| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4223| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4224| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4225| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4226| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4227| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4228| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4229| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4230| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4231| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4232| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4233| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4234| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4235| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4236| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4237| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4238| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4239| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4240| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4241| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4242| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4243| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4244| [105643] Apache Pony Mail up to 0.8b weak authentication
4245| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4246| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4247| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4248| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4249| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4250| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4251| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4252| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4253| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4254| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4255| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4256| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4257| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4258| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4259| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4260| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4261| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4262| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4263| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4264| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4265| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4266| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4267| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4268| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4269| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4270| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4271| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4272| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4273| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4274| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4275| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4276| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4277| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4278| [103690] Apache OpenMeetings 1.0.0 sql injection
4279| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4280| [103688] Apache OpenMeetings 1.0.0 weak encryption
4281| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4282| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4283| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4284| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4285| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4286| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4287| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4288| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4289| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4290| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4291| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4292| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4293| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4294| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4295| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4296| [103352] Apache Solr Node weak authentication
4297| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4298| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4299| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4300| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
4301| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4302| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4303| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4304| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4305| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4306| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4307| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4308| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4309| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4310| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4311| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4312| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4313| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4314| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4315| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4316| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
4317| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4318| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4319| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4320| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4321| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4322| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4323| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4324| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4325| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4326| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4327| [99937] Apache Batik up to 1.8 privilege escalation
4328| [99936] Apache FOP up to 2.1 privilege escalation
4329| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4330| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4331| [99930] Apache Traffic Server up to 6.2.0 denial of service
4332| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4333| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4334| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4335| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4336| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4337| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4338| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4339| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4340| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4341| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4342| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4343| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4344| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4345| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4346| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4347| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4348| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4349| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4350| [98605] Apple macOS up to 10.12.3 Apache denial of service
4351| [98604] Apple macOS up to 10.12.3 Apache denial of service
4352| [98603] Apple macOS up to 10.12.3 Apache denial of service
4353| [98602] Apple macOS up to 10.12.3 Apache denial of service
4354| [98601] Apple macOS up to 10.12.3 Apache denial of service
4355| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4356| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4357| [98199] Apache Camel Validation XML External Entity
4358| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4359| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4360| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4361| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4362| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4363| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4364| [97081] Apache Tomcat HTTPS Request denial of service
4365| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4366| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4367| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4368| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4369| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4370| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4371| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4372| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4373| [95311] Apache storm UI Daemon privilege escalation
4374| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4375| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4376| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4377| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4378| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4379| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4380| [94540] Apache Tika 1.9 tika-server File information disclosure
4381| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4382| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4383| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4384| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4385| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4386| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4387| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4388| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4389| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4390| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4391| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4392| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4393| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4394| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4395| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4396| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4397| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4398| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4399| [93532] Apache Commons Collections Library Java privilege escalation
4400| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4401| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4402| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4403| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4404| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4405| [93098] Apache Commons FileUpload privilege escalation
4406| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4407| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4408| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4409| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4410| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4411| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4412| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4413| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4414| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4415| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4416| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4417| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4418| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4419| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4420| [92549] Apache Tomcat on Red Hat privilege escalation
4421| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4422| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4423| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4424| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4425| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4426| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4427| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4428| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4429| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4430| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4431| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4432| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4433| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4434| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4435| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4436| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4437| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4438| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4439| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4440| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4441| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4442| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4443| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4444| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4445| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4446| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4447| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4448| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4449| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4450| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4451| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4452| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4453| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4454| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4455| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4456| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4457| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4458| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4459| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4460| [90263] Apache Archiva Header denial of service
4461| [90262] Apache Archiva Deserialize privilege escalation
4462| [90261] Apache Archiva XML DTD Connection privilege escalation
4463| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4464| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4465| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4466| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4467| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4468| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4469| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4470| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4471| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4472| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4473| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4474| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4475| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4476| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4477| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4478| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4479| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4480| [87765] Apache James Server 2.3.2 Command privilege escalation
4481| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4482| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4483| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4484| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4485| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4486| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4487| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4488| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4489| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4490| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4491| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4492| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4493| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4494| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4495| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4496| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4497| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4498| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
4499| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4500| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4501| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4502| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4503| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4504| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4505| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4506| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4507| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4508| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4509| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4510| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4511| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4512| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4513| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4514| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4515| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4516| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4517| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4518| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4519| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4520| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4521| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4522| [82076] Apache Ranger up to 0.5.1 privilege escalation
4523| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4524| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4525| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4526| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4527| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4528| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4529| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4530| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4531| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4532| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4533| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4534| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4535| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4536| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4537| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4538| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4539| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4540| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4541| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4542| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4543| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4544| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4545| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4546| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4547| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4548| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4549| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4550| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4551| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4552| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4553| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4554| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4555| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4556| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4557| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4558| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4559| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4560| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4561| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4562| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4563| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4564| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4565| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4566| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4567| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4568| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4569| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4570| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4571| [78989] Apache Ambari up to 2.1.1 Open Redirect
4572| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4573| [78987] Apache Ambari up to 2.0.x cross site scripting
4574| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4575| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4576| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4577| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4578| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4579| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4580| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4581| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4582| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4583| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4584| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4585| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4586| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4587| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4588| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4589| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4590| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4591| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4592| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4593| [76567] Apache Struts 2.3.20 unknown vulnerability
4594| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4595| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4596| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4597| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4598| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4599| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4600| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4601| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4602| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4603| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4604| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4605| [74793] Apache Tomcat File Upload denial of service
4606| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4607| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4608| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4609| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4610| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4611| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4612| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4613| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4614| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4615| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4616| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4617| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4618| [74468] Apache Batik up to 1.6 denial of service
4619| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4620| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4621| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4622| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4623| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4624| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4625| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4626| [73731] Apache XML Security unknown vulnerability
4627| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4628| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4629| [73593] Apache Traffic Server up to 5.1.0 denial of service
4630| [73511] Apache POI up to 3.10 Deadlock denial of service
4631| [73510] Apache Solr up to 4.3.0 cross site scripting
4632| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4633| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4634| [73173] Apache CloudStack Stack-Based unknown vulnerability
4635| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4636| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4637| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4638| [72890] Apache Qpid 0.30 unknown vulnerability
4639| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4640| [72878] Apache Cordova 3.5.0 cross site request forgery
4641| [72877] Apache Cordova 3.5.0 cross site request forgery
4642| [72876] Apache Cordova 3.5.0 cross site request forgery
4643| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4644| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4645| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4646| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4647| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4648| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4649| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4650| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4651| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4652| [71629] Apache Axis2/C spoofing
4653| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4654| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4655| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4656| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4657| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4658| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4659| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4660| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4661| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4662| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4663| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4664| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4665| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4666| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4667| [70809] Apache POI up to 3.11 Crash denial of service
4668| [70808] Apache POI up to 3.10 unknown vulnerability
4669| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4670| [70749] Apache Axis up to 1.4 getCN spoofing
4671| [70701] Apache Traffic Server up to 3.3.5 denial of service
4672| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4673| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4674| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4675| [70661] Apache Subversion up to 1.6.17 denial of service
4676| [70660] Apache Subversion up to 1.6.17 spoofing
4677| [70659] Apache Subversion up to 1.6.17 spoofing
4678| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4679| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4680| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4681| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4682| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4683| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4684| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4685| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4686| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4687| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4688| [69846] Apache HBase up to 0.94.8 information disclosure
4689| [69783] Apache CouchDB up to 1.2.0 memory corruption
4690| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4691| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
4692| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4693| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4694| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4695| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4696| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4697| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4698| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4699| [69431] Apache Archiva up to 1.3.6 cross site scripting
4700| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4701| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4702| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
4703| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4704| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4705| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4706| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4707| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4708| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4709| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4710| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4711| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4712| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4713| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4714| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4715| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4716| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4717| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4718| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4719| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4720| [66356] Apache Wicket up to 6.8.0 information disclosure
4721| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4722| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4723| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4724| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4725| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4726| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4727| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4728| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4729| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4730| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4731| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4732| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4733| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4734| [65668] Apache Solr 4.0.0 Updater denial of service
4735| [65665] Apache Solr up to 4.3.0 denial of service
4736| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4737| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4738| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4739| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4740| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4741| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4742| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4743| [65410] Apache Struts 2.3.15.3 cross site scripting
4744| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4745| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4746| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4747| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4748| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4749| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4750| [65340] Apache Shindig 2.5.0 information disclosure
4751| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4752| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4753| [10826] Apache Struts 2 File privilege escalation
4754| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4755| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4756| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4757| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4758| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
4759| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4760| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4761| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4762| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4763| [64722] Apache XML Security for C++ Heap-based memory corruption
4764| [64719] Apache XML Security for C++ Heap-based memory corruption
4765| [64718] Apache XML Security for C++ verify denial of service
4766| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4767| [64716] Apache XML Security for C++ spoofing
4768| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4769| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4770| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4771| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4772| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4773| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4774| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4775| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4776| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4777| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4778| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4779| [64467] Apache Geronimo 3.0 memory corruption
4780| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4781| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4782| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4783| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4784| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4785| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4786| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4787| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4788| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4789| [8873] Apache Struts 2.3.14 privilege escalation
4790| [8872] Apache Struts 2.3.14 privilege escalation
4791| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4792| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4793| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4794| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4795| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4796| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4797| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4798| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4799| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4800| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4801| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4802| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4803| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4804| [8427] Apache Tomcat Session Transaction weak authentication
4805| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4806| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4807| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4808| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4809| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4810| [63747] Apache Rave up to 0.20 User Account information disclosure
4811| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4812| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4813| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4814| [7687] Apache CXF up to 2.7.2 Token weak authentication
4815| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4816| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4817| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4818| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4819| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4820| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4821| [63090] Apache Tomcat up to 4.1.24 denial of service
4822| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4823| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4824| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4825| [62833] Apache CXF -/2.6.0 spoofing
4826| [62832] Apache Axis2 up to 1.6.2 spoofing
4827| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4828| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4829| [62826] Apache Libcloud up to 0.11.0 spoofing
4830| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4831| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4832| [62661] Apache Axis2 unknown vulnerability
4833| [62658] Apache Axis2 unknown vulnerability
4834| [62467] Apache Qpid up to 0.17 denial of service
4835| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4836| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4837| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4838| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4839| [62035] Apache Struts up to 2.3.4 denial of service
4840| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
4841| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4842| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4843| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4844| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4845| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4846| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4847| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4848| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4849| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4850| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4851| [61229] Apache Sling up to 2.1.1 denial of service
4852| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4853| [61094] Apache Roller up to 5.0 cross site scripting
4854| [61093] Apache Roller up to 5.0 cross site request forgery
4855| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4856| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4857| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
4858| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4859| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4860| [60708] Apache Qpid 0.12 unknown vulnerability
4861| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4862| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4863| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4864| [4882] Apache Wicket up to 1.5.4 directory traversal
4865| [4881] Apache Wicket up to 1.4.19 cross site scripting
4866| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4867| [60352] Apache Struts up to 2.2.3 memory corruption
4868| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4869| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4870| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4871| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4872| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4873| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4874| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4875| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4876| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4877| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4878| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4879| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4880| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4881| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4882| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4883| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4884| [59888] Apache Tomcat up to 6.0.6 denial of service
4885| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4886| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4887| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
4888| [59850] Apache Geronimo up to 2.2.1 denial of service
4889| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4890| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4891| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4892| [58413] Apache Tomcat up to 6.0.10 spoofing
4893| [58381] Apache Wicket up to 1.4.17 cross site scripting
4894| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4895| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4896| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4897| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4898| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4899| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4900| [57568] Apache Archiva up to 1.3.4 cross site scripting
4901| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4902| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4903| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4904| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4905| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4906| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4907| [57025] Apache Tomcat up to 7.0.11 information disclosure
4908| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4909| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4910| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4911| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4912| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4913| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4914| [56512] Apache Continuum up to 1.4.0 cross site scripting
4915| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
4916| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
4917| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4918| [56441] Apache Tomcat up to 7.0.6 denial of service
4919| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4920| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4921| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4922| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4923| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4924| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4925| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4926| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4927| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4928| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4929| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4930| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4931| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4932| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4933| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4934| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4935| [54012] Apache Tomcat up to 6.0.10 denial of service
4936| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4937| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4938| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4939| [52894] Apache Tomcat up to 6.0.7 information disclosure
4940| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4941| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4942| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4943| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4944| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4945| [52584] Apache CouchDB up to 0.10.1 information disclosure
4946| [51757] Apache HTTP Server 2.0.44 cross site scripting
4947| [51756] Apache HTTP Server 2.0.44 spoofing
4948| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4949| [51690] Apache Tomcat up to 6.0 directory traversal
4950| [51689] Apache Tomcat up to 6.0 information disclosure
4951| [51688] Apache Tomcat up to 6.0 directory traversal
4952| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4953| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4954| [50626] Apache Solr 1.0.0 cross site scripting
4955| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4956| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4957| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4958| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4959| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4960| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4961| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4962| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4963| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4964| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4965| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4966| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4967| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4968| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
4969| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4970| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4971| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4972| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4973| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4974| [47214] Apachefriends xampp 1.6.8 spoofing
4975| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4976| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4977| [47065] Apache Tomcat 4.1.23 cross site scripting
4978| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4979| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4980| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4981| [86625] Apache Struts directory traversal
4982| [44461] Apache Tomcat up to 5.5.0 information disclosure
4983| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4984| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4985| [43663] Apache Tomcat up to 6.0.16 directory traversal
4986| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4987| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4988| [43516] Apache Tomcat up to 4.1.20 directory traversal
4989| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4990| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4991| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4992| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4993| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4994| [40924] Apache Tomcat up to 6.0.15 information disclosure
4995| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4996| [40922] Apache Tomcat up to 6.0 information disclosure
4997| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4998| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4999| [40656] Apache Tomcat 5.5.20 information disclosure
5000| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5001| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5002| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5003| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5004| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5005| [40234] Apache Tomcat up to 6.0.15 directory traversal
5006| [40221] Apache HTTP Server 2.2.6 information disclosure
5007| [40027] David Castro Apache Authcas 0.4 sql injection
5008| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
5009| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5010| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
5011| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5012| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5013| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5014| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5015| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5016| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5017| [38524] Apache Geronimo 2.0 unknown vulnerability
5018| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5019| [38331] Apache Tomcat 4.1.24 information disclosure
5020| [38330] Apache Tomcat 4.1.24 information disclosure
5021| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5022| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5023| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5024| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5025| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5026| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5027| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5028| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5029| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5030| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5031| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5032| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5033| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5034| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5035| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5036| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5037| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5038| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5039| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5040| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5041| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5042| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5043| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5044| [34252] Apache HTTP Server denial of service
5045| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5046| [33877] Apache Opentaps 0.9.3 cross site scripting
5047| [33876] Apache Open For Business Project unknown vulnerability
5048| [33875] Apache Open For Business Project cross site scripting
5049| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
5050| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5051| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
5052| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
5053| [31663] vbPortal Apache HTTP Server index.php directory traversal
5054| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
5055| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
5056| [30623] Apache James 2.2.0 SMTP Server denial of service
5057| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
5058|
5059| MITRE CVE - https://cve.mitre.org:
5060| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5061| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5062| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5063| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5064| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5065| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5066| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5067| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5068| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5069| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5070| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5071| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5072| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5073| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5074| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5075| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5076| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5077| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5078| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5079| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5080| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5081| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5082| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5083| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5084| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5085| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5086| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5087| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5088| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5089| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5090| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5091| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5092| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5093| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5094| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5095| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5096| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5097| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5098| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5099| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5100| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5101| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5102| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5103| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5104| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5105| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5106| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5107| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5108| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5109| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5110| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5111| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5112| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5113| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5114| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5115| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5116| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5117| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5118| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5119| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5120| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5121| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5122| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5123| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5124| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5125| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5126| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5127| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5128| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5129| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5130| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5131| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5132| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5133| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5134| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5135| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5136| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5137| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5138| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5139| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5140| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5141| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5142| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5143| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5144| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5145| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5146| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5147| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5148| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5149| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5150| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5151| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5152| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5153| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5154| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5155| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5156| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5157| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5158| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5159| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5160| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5161| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5162| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5163| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5164| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5165| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5166| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5167| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5168| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5169| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5170| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5171| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5172| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5173| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5174| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5175| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5176| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5177| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5178| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5179| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5180| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5181| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5182| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5183| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5184| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5185| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5186| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5187| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5188| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5189| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5190| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5191| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5192| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5193| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5194| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5195| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5196| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5197| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5198| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5199| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5200| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5201| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5202| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5203| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5204| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5205| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5206| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5207| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5208| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5209| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5210| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5211| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5212| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5213| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5214| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5215| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5216| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5217| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5218| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5219| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5220| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5221| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5222| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5223| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5224| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5225| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5226| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5227| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5228| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5229| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5230| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5231| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5232| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5233| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5234| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5235| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5236| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5237| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5238| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5239| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5240| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5241| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5242| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5243| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5244| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5245| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5246| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5247| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5248| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5249| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5250| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5251| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5252| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5253| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5254| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5255| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5256| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5257| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5258| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5259| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5260| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5261| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5262| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5263| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5264| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5265| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5266| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5267| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5268| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5269| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5270| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5271| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5272| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5273| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5274| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5275| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5276| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5277| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5278| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5279| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5280| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5281| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5282| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5283| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5284| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5285| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5286| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5287| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5288| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5289| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5290| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5291| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5292| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5293| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5294| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5295| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5296| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5297| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5298| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5299| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5300| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5301| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5302| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5303| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5304| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5305| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5306| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5307| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5308| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5309| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5310| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5311| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5312| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5313| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5314| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5315| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5316| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5317| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5318| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5319| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5320| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5321| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5322| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5323| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5324| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5325| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5326| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5327| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5328| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5329| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5330| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5331| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5332| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5333| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5334| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5335| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5336| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5337| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5338| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5339| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5340| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5341| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5342| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5343| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5344| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5345| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5346| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5347| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5348| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5349| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5350| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5351| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5352| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5353| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5354| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5355| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5356| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5357| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5358| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5359| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5360| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5361| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5362| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5363| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5364| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5365| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5366| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5367| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5368| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5369| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5370| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5371| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5372| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5373| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5374| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5375| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5376| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5377| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5378| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5379| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5380| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5381| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5382| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5383| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5384| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5385| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5386| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5387| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5388| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5389| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5390| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5391| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5392| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5393| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5394| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5395| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5396| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5397| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5398| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5399| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5400| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5401| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5402| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5403| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5404| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5405| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5406| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5407| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5408| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5409| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5410| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5411| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5412| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5413| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5414| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5415| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5416| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5417| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5418| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5419| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5420| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5421| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5422| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5423| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5424| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5425| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5426| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5427| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5428| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5429| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5430| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5431| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5432| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5433| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5434| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5435| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5436| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5437| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5438| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5439| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5440| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5441| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5442| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5443| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5444| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5445| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5446| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5447| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5448| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5449| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5450| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5451| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5452| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5453| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5454| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5455| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5456| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5457| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5458| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5459| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5460| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5461| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5462| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5463| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5464| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5465| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5466| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5467| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5468| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5469| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5470| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5471| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5472| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5473| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5474| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5475| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5476| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5477| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5478| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5479| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5480| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5481| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5482| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5483| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5484| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5485| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5486| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5487| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5488| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5489| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5490| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5491| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5492| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5493| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5494| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5495| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5496| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5497| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5498| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5499| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5500| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5501| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5502| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5503| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5504| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5505| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5506| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5507| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5508| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5509| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5510| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5511| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5512| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5513| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5514| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5515| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5516| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5517| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5518| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5519| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5520| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5521| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5522| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5523| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5524| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5525| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5526| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5527| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5528| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5529| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5530| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5531| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5532| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5533| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5534| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5535| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5536| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5537| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5538| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5539| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5540| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5541| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5542| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5543| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5544| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5545| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5546| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5547| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5548| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5549| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5550| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5551| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5552| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5553| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5554| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5555| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5556| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5557| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5558| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5559| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5560| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5561| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5562| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5563| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5564| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5565| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5566| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5567| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5568| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5569| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5570| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5571| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5572| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5573| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5574| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5575| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5576| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5577| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5578| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5579| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5580| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5581| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5582| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5583| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5584| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5585| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5586| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5587| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5588| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5589| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5590| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5591| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5592| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5593| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5594| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5595| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5596| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5597| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5598| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5599| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5600| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5601| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5602| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5603| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5604| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5605| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5606| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5607| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5608| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5609| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5610| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5611| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5612| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5613| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5614| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5615| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5616| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5617| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5618| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5619| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5620| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5621| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5622| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5623| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5624| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5625| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5626| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5627| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5628| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5629| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5630| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5631| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5632| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5633| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5634| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5635| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5636| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5637| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5638| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5639| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5640| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5641| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5642| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5643| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5644| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5645| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5646| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5647| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5648| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5649| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5650| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5651| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5652| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5653| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5654| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5655| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5656| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5657| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5658| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5659| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5660| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5661| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5662| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5663| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5664| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5665| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5666| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5667| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5668| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5669|
5670| SecurityFocus - https://www.securityfocus.com/bid/:
5671| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5672| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5673| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5674| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5675| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5676| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5677| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5678| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5679| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5680| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5681| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5682| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5683| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5684| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5685| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5686| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5687| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5688| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5689| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5690| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5691| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5692| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5693| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5694| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5695| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5696| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5697| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5698| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5699| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5700| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5701| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5702| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5703| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5704| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5705| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5706| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5707| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5708| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5709| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5710| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5711| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5712| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5713| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5714| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5715| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5716| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5717| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5718| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5719| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5720| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5721| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5722| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5723| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5724| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5725| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5726| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5727| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5728| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5729| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5730| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5731| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5732| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5733| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5734| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5735| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5736| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5737| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5738| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5739| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5740| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5741| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5742| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5743| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5744| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5745| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5746| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5747| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5748| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5749| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5750| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5751| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5752| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5753| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5754| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5755| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5756| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5757| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5758| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5759| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5760| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5761| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5762| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5763| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5764| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5765| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5766| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5767| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5768| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5769| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5770| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5771| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5772| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5773| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5774| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5775| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5776| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5777| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5778| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5779| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5780| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5781| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5782| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5783| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5784| [100447] Apache2Triad Multiple Security Vulnerabilities
5785| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5786| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5787| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5788| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5789| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5790| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5791| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5792| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5793| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5794| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5795| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5796| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5797| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5798| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5799| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5800| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5801| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5802| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5803| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5804| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5805| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5806| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5807| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5808| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5809| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5810| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5811| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5812| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5813| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5814| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5815| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5816| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5817| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5818| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5819| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5820| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5821| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5822| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5823| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5824| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5825| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5826| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5827| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5828| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5829| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5830| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5831| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5832| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5833| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5834| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5835| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5836| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5837| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5838| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5839| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5840| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5841| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5842| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5843| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5844| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5845| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5846| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5847| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5848| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5849| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5850| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5851| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5852| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5853| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5854| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5855| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5856| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5857| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5858| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5859| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5860| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5861| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5862| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5863| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5864| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5865| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5866| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5867| [95675] Apache Struts Remote Code Execution Vulnerability
5868| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5869| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5870| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5871| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5872| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5873| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5874| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5875| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5876| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5877| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5878| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5879| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5880| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5881| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5882| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5883| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5884| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5885| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5886| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5887| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5888| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5889| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5890| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5891| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5892| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5893| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5894| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5895| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5896| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5897| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5898| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5899| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5900| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5901| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5902| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5903| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5904| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5905| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5906| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5907| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5908| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5909| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5910| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5911| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5912| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5913| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5914| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5915| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5916| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5917| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5918| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5919| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5920| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5921| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5922| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5923| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5924| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5925| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5926| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5927| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5928| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5929| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5930| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5931| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5932| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5933| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5934| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5935| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5936| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5937| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5938| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5939| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5940| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5941| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5942| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5943| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5944| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5945| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5946| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5947| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5948| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5949| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5950| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5951| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5952| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5953| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5954| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5955| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5956| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5957| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5958| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5959| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5960| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5961| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5962| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5963| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5964| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5965| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5966| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5967| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5968| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5969| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5970| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5971| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5972| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5973| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5974| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5975| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5976| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5977| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5978| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5979| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5980| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5981| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5982| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5983| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5984| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5985| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5986| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5987| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5988| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5989| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5990| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5991| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5992| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5993| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5994| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5995| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5996| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5997| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5998| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5999| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6000| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6001| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6002| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6003| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6004| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6005| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6006| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6007| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6008| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6009| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6010| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6011| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6012| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6013| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6014| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6015| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6016| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6017| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6018| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6019| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6020| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6021| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6022| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6023| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6024| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6025| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6026| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6027| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6028| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6029| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6030| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6031| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6032| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6033| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6034| [76933] Apache James Server Unspecified Command Execution Vulnerability
6035| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6036| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6037| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6038| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6039| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6040| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6041| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6042| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6043| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6044| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6045| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6046| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6047| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6048| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6049| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6050| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6051| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6052| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6053| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6054| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6055| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6056| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6057| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6058| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6059| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6060| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6061| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6062| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6063| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6064| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6065| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6066| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6067| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6068| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6069| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6070| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6071| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6072| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6073| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6074| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6075| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6076| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6077| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6078| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6079| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6080| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6081| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6082| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6083| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6084| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6085| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6086| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6087| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6088| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6089| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6090| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6091| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6092| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6093| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6094| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6095| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6096| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6097| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6098| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6099| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6100| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6101| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6102| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6103| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6104| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6105| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6106| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6107| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6108| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6109| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6110| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6111| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6112| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6113| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6114| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6115| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6116| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6117| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6118| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6119| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6120| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6121| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6122| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6123| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6124| [68229] Apache Harmony PRNG Entropy Weakness
6125| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6126| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6127| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6128| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6129| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6130| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6131| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6132| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6133| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6134| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6135| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6136| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6137| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6138| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6139| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6140| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6141| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6142| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6143| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6144| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6145| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6146| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6147| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6148| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6149| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6150| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6151| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6152| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6153| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6154| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6155| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6156| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6157| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6158| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6159| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6160| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6161| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6162| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6163| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6164| [64780] Apache CloudStack Unauthorized Access Vulnerability
6165| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6166| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6167| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6168| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6169| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6170| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6171| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6172| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6173| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6174| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6175| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6176| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6177| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6178| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6179| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6180| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6181| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6182| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6183| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6184| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6185| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6186| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6187| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6188| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6189| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6190| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6191| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6192| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6193| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6194| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6195| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6196| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6197| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6198| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6199| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6200| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6201| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6202| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6203| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6204| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6205| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6206| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6207| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6208| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6209| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6210| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6211| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6212| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6213| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6214| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6215| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6216| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6217| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6218| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6219| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6220| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6221| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6222| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6223| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6224| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6225| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6226| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6227| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6228| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6229| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6230| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6231| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6232| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6233| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6234| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6235| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6236| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6237| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6238| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6239| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6240| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6241| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6242| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6243| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6244| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6245| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6246| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6247| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6248| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6249| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6250| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6251| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6252| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6253| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6254| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6255| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6256| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6257| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6258| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6259| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6260| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6261| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6262| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6263| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6264| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6265| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6266| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6267| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6268| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6269| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6270| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6271| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6272| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6273| [54798] Apache Libcloud Man In The Middle Vulnerability
6274| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6275| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6276| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6277| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6278| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6279| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6280| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6281| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6282| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6283| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6284| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6285| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6286| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6287| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6288| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6289| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6290| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6291| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6292| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6293| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6294| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6295| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6296| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6297| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6298| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6299| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6300| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6301| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6302| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6303| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6304| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6305| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6306| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6307| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6308| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6309| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6310| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6311| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6312| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6313| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6314| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6315| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6316| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6317| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6318| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6319| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6320| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6321| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6322| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6323| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6324| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6325| [49290] Apache Wicket Cross Site Scripting Vulnerability
6326| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6327| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6328| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6329| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6330| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6331| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6332| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6333| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6334| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6335| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6336| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6337| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6338| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6339| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6340| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6341| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6342| [46953] Apache MPM-ITK Module Security Weakness
6343| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6344| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6345| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6346| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6347| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6348| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6349| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6350| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6351| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6352| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6353| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6354| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6355| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6356| [44616] Apache Shiro Directory Traversal Vulnerability
6357| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6358| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6359| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6360| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6361| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6362| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6363| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6364| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6365| [42492] Apache CXF XML DTD Processing Security Vulnerability
6366| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6367| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6368| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6369| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6370| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6371| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6372| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6373| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6374| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6375| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6376| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6377| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6378| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6379| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6380| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6381| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6382| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6383| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6384| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6385| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6386| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6387| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6388| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6389| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6390| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6391| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6392| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6393| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6394| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6395| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6396| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6397| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6398| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6399| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6400| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6401| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6402| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6403| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6404| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6405| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6406| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6407| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6408| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6409| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6410| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6411| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6412| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6413| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6414| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6415| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6416| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6417| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6418| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6419| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6420| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6421| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6422| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6423| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6424| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6425| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6426| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6427| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6428| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6429| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6430| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6431| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6432| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6433| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6434| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6435| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6436| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6437| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6438| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6439| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6440| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6441| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6442| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6443| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6444| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6445| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6446| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6447| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6448| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6449| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6450| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6451| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6452| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6453| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6454| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6455| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6456| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6457| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6458| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6459| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6460| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6461| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6462| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6463| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6464| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6465| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6466| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6467| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6468| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6469| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6470| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6471| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6472| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6473| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6474| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6475| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6476| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6477| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6478| [20527] Apache Mod_TCL Remote Format String Vulnerability
6479| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6480| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6481| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6482| [19106] Apache Tomcat Information Disclosure Vulnerability
6483| [18138] Apache James SMTP Denial Of Service Vulnerability
6484| [17342] Apache Struts Multiple Remote Vulnerabilities
6485| [17095] Apache Log4Net Denial Of Service Vulnerability
6486| [16916] Apache mod_python FileSession Code Execution Vulnerability
6487| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6488| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6489| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6490| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6491| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6492| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6493| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6494| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6495| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6496| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6497| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6498| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6499| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6500| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6501| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6502| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6503| [14106] Apache HTTP Request Smuggling Vulnerability
6504| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6505| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6506| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6507| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6508| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6509| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6510| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6511| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6512| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6513| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6514| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6515| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6516| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6517| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6518| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6519| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6520| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6521| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6522| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6523| [11094] Apache mod_ssl Denial Of Service Vulnerability
6524| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6525| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6526| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6527| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6528| [10478] ClueCentral Apache Suexec Patch Security Weakness
6529| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6530| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6531| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6532| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6533| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6534| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6535| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6536| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6537| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6538| [9733] Apache Cygwin Directory Traversal Vulnerability
6539| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6540| [9590] Apache-SSL Client Certificate Forging Vulnerability
6541| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6542| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6543| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6544| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6545| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6546| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6547| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6548| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6549| [8898] Red Hat Apache Directory Index Default Configuration Error
6550| [8883] Apache Cocoon Directory Traversal Vulnerability
6551| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6552| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6553| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6554| [8707] Apache htpasswd Password Entropy Weakness
6555| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6556| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6557| [8226] Apache HTTP Server Multiple Vulnerabilities
6558| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6559| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6560| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6561| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6562| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6563| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6564| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6565| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6566| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6567| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6568| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6569| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6570| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6571| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6572| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6573| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6574| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6575| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6576| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6577| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6578| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6579| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6580| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6581| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6582| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6583| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6584| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6585| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6586| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6587| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6588| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6589| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6590| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6591| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6592| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6593| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6594| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6595| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6596| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6597| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6598| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6599| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6600| [5485] Apache 2.0 Path Disclosure Vulnerability
6601| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6602| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6603| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6604| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6605| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6606| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6607| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6608| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6609| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6610| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6611| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6612| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6613| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6614| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6615| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6616| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6617| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6618| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6619| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6620| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6621| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6622| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6623| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6624| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6625| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6626| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6627| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6628| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6629| [3596] Apache Split-Logfile File Append Vulnerability
6630| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6631| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6632| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6633| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6634| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6635| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6636| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6637| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6638| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6639| [3169] Apache Server Address Disclosure Vulnerability
6640| [3009] Apache Possible Directory Index Disclosure Vulnerability
6641| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6642| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6643| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6644| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6645| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6646| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6647| [2216] Apache Web Server DoS Vulnerability
6648| [2182] Apache /tmp File Race Vulnerability
6649| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6650| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6651| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6652| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6653| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6654| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6655| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6656| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6657| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6658| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6659| [1457] Apache::ASP source.asp Example Script Vulnerability
6660| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6661| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6662|
6663| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6664| [86258] Apache CloudStack text fields cross-site scripting
6665| [85983] Apache Subversion mod_dav_svn module denial of service
6666| [85875] Apache OFBiz UEL code execution
6667| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6668| [85871] Apache HTTP Server mod_session_dbd unspecified
6669| [85756] Apache Struts OGNL expression command execution
6670| [85755] Apache Struts DefaultActionMapper class open redirect
6671| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6672| [85574] Apache HTTP Server mod_dav denial of service
6673| [85573] Apache Struts Showcase App OGNL code execution
6674| [85496] Apache CXF denial of service
6675| [85423] Apache Geronimo RMI classloader code execution
6676| [85326] Apache Santuario XML Security for C++ buffer overflow
6677| [85323] Apache Santuario XML Security for Java spoofing
6678| [85319] Apache Qpid Python client SSL spoofing
6679| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6680| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6681| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6682| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6683| [84952] Apache Tomcat CVE-2012-3544 denial of service
6684| [84763] Apache Struts CVE-2013-2135 security bypass
6685| [84762] Apache Struts CVE-2013-2134 security bypass
6686| [84719] Apache Subversion CVE-2013-2088 command execution
6687| [84718] Apache Subversion CVE-2013-2112 denial of service
6688| [84717] Apache Subversion CVE-2013-1968 denial of service
6689| [84577] Apache Tomcat security bypass
6690| [84576] Apache Tomcat symlink
6691| [84543] Apache Struts CVE-2013-2115 security bypass
6692| [84542] Apache Struts CVE-2013-1966 security bypass
6693| [84154] Apache Tomcat session hijacking
6694| [84144] Apache Tomcat denial of service
6695| [84143] Apache Tomcat information disclosure
6696| [84111] Apache HTTP Server command execution
6697| [84043] Apache Virtual Computing Lab cross-site scripting
6698| [84042] Apache Virtual Computing Lab cross-site scripting
6699| [83782] Apache CloudStack information disclosure
6700| [83781] Apache CloudStack security bypass
6701| [83720] Apache ActiveMQ cross-site scripting
6702| [83719] Apache ActiveMQ denial of service
6703| [83718] Apache ActiveMQ denial of service
6704| [83263] Apache Subversion denial of service
6705| [83262] Apache Subversion denial of service
6706| [83261] Apache Subversion denial of service
6707| [83259] Apache Subversion denial of service
6708| [83035] Apache mod_ruid2 security bypass
6709| [82852] Apache Qpid federation_tag security bypass
6710| [82851] Apache Qpid qpid::framing::Buffer denial of service
6711| [82758] Apache Rave User RPC API information disclosure
6712| [82663] Apache Subversion svn_fs_file_length() denial of service
6713| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6714| [82641] Apache Qpid AMQP denial of service
6715| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6716| [82618] Apache Commons FileUpload symlink
6717| [82360] Apache HTTP Server manager interface cross-site scripting
6718| [82359] Apache HTTP Server hostnames cross-site scripting
6719| [82338] Apache Tomcat log/logdir information disclosure
6720| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6721| [82268] Apache OpenJPA deserialization command execution
6722| [81981] Apache CXF UsernameTokens security bypass
6723| [81980] Apache CXF WS-Security security bypass
6724| [81398] Apache OFBiz cross-site scripting
6725| [81240] Apache CouchDB directory traversal
6726| [81226] Apache CouchDB JSONP code execution
6727| [81225] Apache CouchDB Futon user interface cross-site scripting
6728| [81211] Apache Axis2/C SSL spoofing
6729| [81167] Apache CloudStack DeployVM information disclosure
6730| [81166] Apache CloudStack AddHost API information disclosure
6731| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6732| [80518] Apache Tomcat cross-site request forgery security bypass
6733| [80517] Apache Tomcat FormAuthenticator security bypass
6734| [80516] Apache Tomcat NIO denial of service
6735| [80408] Apache Tomcat replay-countermeasure security bypass
6736| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6737| [80317] Apache Tomcat slowloris denial of service
6738| [79984] Apache Commons HttpClient SSL spoofing
6739| [79983] Apache CXF SSL spoofing
6740| [79830] Apache Axis2/Java SSL spoofing
6741| [79829] Apache Axis SSL spoofing
6742| [79809] Apache Tomcat DIGEST security bypass
6743| [79806] Apache Tomcat parseHeaders() denial of service
6744| [79540] Apache OFBiz unspecified
6745| [79487] Apache Axis2 SAML security bypass
6746| [79212] Apache Cloudstack code execution
6747| [78734] Apache CXF SOAP Action security bypass
6748| [78730] Apache Qpid broker denial of service
6749| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6750| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6751| [78562] Apache mod_pagespeed module security bypass
6752| [78454] Apache Axis2 security bypass
6753| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6754| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6755| [78321] Apache Wicket unspecified cross-site scripting
6756| [78183] Apache Struts parameters denial of service
6757| [78182] Apache Struts cross-site request forgery
6758| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6759| [77987] mod_rpaf module for Apache denial of service
6760| [77958] Apache Struts skill name code execution
6761| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6762| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6763| [77568] Apache Qpid broker security bypass
6764| [77421] Apache Libcloud spoofing
6765| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6766| [77046] Oracle Solaris Apache HTTP Server information disclosure
6767| [76837] Apache Hadoop information disclosure
6768| [76802] Apache Sling CopyFrom denial of service
6769| [76692] Apache Hadoop symlink
6770| [76535] Apache Roller console cross-site request forgery
6771| [76534] Apache Roller weblog cross-site scripting
6772| [76152] Apache CXF elements security bypass
6773| [76151] Apache CXF child policies security bypass
6774| [75983] MapServer for Windows Apache file include
6775| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6776| [75558] Apache POI denial of service
6777| [75545] PHP apache_request_headers() buffer overflow
6778| [75302] Apache Qpid SASL security bypass
6779| [75211] Debian GNU/Linux apache 2 cross-site scripting
6780| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6781| [74871] Apache OFBiz FlexibleStringExpander code execution
6782| [74870] Apache OFBiz multiple cross-site scripting
6783| [74750] Apache Hadoop unspecified spoofing
6784| [74319] Apache Struts XSLTResult.java file upload
6785| [74313] Apache Traffic Server header buffer overflow
6786| [74276] Apache Wicket directory traversal
6787| [74273] Apache Wicket unspecified cross-site scripting
6788| [74181] Apache HTTP Server mod_fcgid module denial of service
6789| [73690] Apache Struts OGNL code execution
6790| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6791| [73100] Apache MyFaces in directory traversal
6792| [73096] Apache APR hash denial of service
6793| [73052] Apache Struts name cross-site scripting
6794| [73030] Apache CXF UsernameToken security bypass
6795| [72888] Apache Struts lastName cross-site scripting
6796| [72758] Apache HTTP Server httpOnly information disclosure
6797| [72757] Apache HTTP Server MPM denial of service
6798| [72585] Apache Struts ParameterInterceptor security bypass
6799| [72438] Apache Tomcat Digest security bypass
6800| [72437] Apache Tomcat Digest security bypass
6801| [72436] Apache Tomcat DIGEST security bypass
6802| [72425] Apache Tomcat parameter denial of service
6803| [72422] Apache Tomcat request object information disclosure
6804| [72377] Apache HTTP Server scoreboard security bypass
6805| [72345] Apache HTTP Server HTTP request denial of service
6806| [72229] Apache Struts ExceptionDelegator command execution
6807| [72089] Apache Struts ParameterInterceptor directory traversal
6808| [72088] Apache Struts CookieInterceptor command execution
6809| [72047] Apache Geronimo hash denial of service
6810| [72016] Apache Tomcat hash denial of service
6811| [71711] Apache Struts OGNL expression code execution
6812| [71654] Apache Struts interfaces security bypass
6813| [71620] Apache ActiveMQ failover denial of service
6814| [71617] Apache HTTP Server mod_proxy module information disclosure
6815| [71508] Apache MyFaces EL security bypass
6816| [71445] Apache HTTP Server mod_proxy security bypass
6817| [71203] Apache Tomcat servlets privilege escalation
6818| [71181] Apache HTTP Server ap_pregsub() denial of service
6819| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6820| [70336] Apache HTTP Server mod_proxy information disclosure
6821| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6822| [69472] Apache Tomcat AJP security bypass
6823| [69396] Apache HTTP Server ByteRange filter denial of service
6824| [69394] Apache Wicket multi window support cross-site scripting
6825| [69176] Apache Tomcat XML information disclosure
6826| [69161] Apache Tomcat jsvc information disclosure
6827| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6828| [68541] Apache Tomcat sendfile information disclosure
6829| [68420] Apache XML Security denial of service
6830| [68238] Apache Tomcat JMX information disclosure
6831| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6832| [67804] Apache Subversion control rules information disclosure
6833| [67803] Apache Subversion control rules denial of service
6834| [67802] Apache Subversion baselined denial of service
6835| [67672] Apache Archiva multiple cross-site scripting
6836| [67671] Apache Archiva multiple cross-site request forgery
6837| [67564] Apache APR apr_fnmatch() denial of service
6838| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6839| [67515] Apache Tomcat annotations security bypass
6840| [67480] Apache Struts s:submit information disclosure
6841| [67414] Apache APR apr_fnmatch() denial of service
6842| [67356] Apache Struts javatemplates cross-site scripting
6843| [67354] Apache Struts Xwork cross-site scripting
6844| [66676] Apache Tomcat HTTP BIO information disclosure
6845| [66675] Apache Tomcat web.xml security bypass
6846| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6847| [66241] Apache HttpComponents information disclosure
6848| [66154] Apache Tomcat ServletSecurity security bypass
6849| [65971] Apache Tomcat ServletSecurity security bypass
6850| [65876] Apache Subversion mod_dav_svn denial of service
6851| [65343] Apache Continuum unspecified cross-site scripting
6852| [65162] Apache Tomcat NIO connector denial of service
6853| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6854| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6855| [65159] Apache Tomcat ServletContect security bypass
6856| [65050] Apache CouchDB web-based administration UI cross-site scripting
6857| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6858| [64473] Apache Subversion blame -g denial of service
6859| [64472] Apache Subversion walk() denial of service
6860| [64407] Apache Axis2 CVE-2010-0219 code execution
6861| [63926] Apache Archiva password privilege escalation
6862| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6863| [63493] Apache Archiva credentials cross-site request forgery
6864| [63477] Apache Tomcat HttpOnly session hijacking
6865| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6866| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6867| [62959] Apache Shiro filters security bypass
6868| [62790] Apache Perl cgi module denial of service
6869| [62576] Apache Qpid exchange denial of service
6870| [62575] Apache Qpid AMQP denial of service
6871| [62354] Apache Qpid SSL denial of service
6872| [62235] Apache APR-util apr_brigade_split_line() denial of service
6873| [62181] Apache XML-RPC SAX Parser information disclosure
6874| [61721] Apache Traffic Server cache poisoning
6875| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6876| [61186] Apache CouchDB Futon cross-site request forgery
6877| [61169] Apache CXF DTD denial of service
6878| [61070] Apache Jackrabbit search.jsp SQL injection
6879| [61006] Apache SLMS Quoting cross-site request forgery
6880| [60962] Apache Tomcat time cross-site scripting
6881| [60883] Apache mod_proxy_http information disclosure
6882| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6883| [60264] Apache Tomcat Transfer-Encoding denial of service
6884| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6885| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6886| [59413] Apache mod_proxy_http timeout information disclosure
6887| [59058] Apache MyFaces unencrypted view state cross-site scripting
6888| [58827] Apache Axis2 xsd file include
6889| [58790] Apache Axis2 modules cross-site scripting
6890| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6891| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6892| [58056] Apache ActiveMQ .jsp source code disclosure
6893| [58055] Apache Tomcat realm name information disclosure
6894| [58046] Apache HTTP Server mod_auth_shadow security bypass
6895| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6896| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6897| [57429] Apache CouchDB algorithms information disclosure
6898| [57398] Apache ActiveMQ Web console cross-site request forgery
6899| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6900| [56653] Apache HTTP Server DNS spoofing
6901| [56652] Apache HTTP Server DNS cross-site scripting
6902| [56625] Apache HTTP Server request header information disclosure
6903| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6904| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6905| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6906| [55857] Apache Tomcat WAR files directory traversal
6907| [55856] Apache Tomcat autoDeploy attribute security bypass
6908| [55855] Apache Tomcat WAR directory traversal
6909| [55210] Intuit component for Joomla! Apache information disclosure
6910| [54533] Apache Tomcat 404 error page cross-site scripting
6911| [54182] Apache Tomcat admin default password
6912| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6913| [53666] Apache HTTP Server Solaris pollset support denial of service
6914| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6915| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6916| [53041] mod_proxy_ftp module for Apache denial of service
6917| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6918| [51953] Apache Tomcat Path Disclosure
6919| [51952] Apache Tomcat Path Traversal
6920| [51951] Apache stronghold-status Information Disclosure
6921| [51950] Apache stronghold-info Information Disclosure
6922| [51949] Apache PHP Source Code Disclosure
6923| [51948] Apache Multiviews Attack
6924| [51946] Apache JServ Environment Status Information Disclosure
6925| [51945] Apache error_log Information Disclosure
6926| [51944] Apache Default Installation Page Pattern Found
6927| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6928| [51942] Apache AXIS XML External Entity File Retrieval
6929| [51941] Apache AXIS Sample Servlet Information Leak
6930| [51940] Apache access_log Information Disclosure
6931| [51626] Apache mod_deflate denial of service
6932| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6933| [51365] Apache Tomcat RequestDispatcher security bypass
6934| [51273] Apache HTTP Server Incomplete Request denial of service
6935| [51195] Apache Tomcat XML information disclosure
6936| [50994] Apache APR-util xml/apr_xml.c denial of service
6937| [50993] Apache APR-util apr_brigade_vprintf denial of service
6938| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6939| [50930] Apache Tomcat j_security_check information disclosure
6940| [50928] Apache Tomcat AJP denial of service
6941| [50884] Apache HTTP Server XML ENTITY denial of service
6942| [50808] Apache HTTP Server AllowOverride privilege escalation
6943| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6944| [50059] Apache mod_proxy_ajp information disclosure
6945| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6946| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6947| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6948| [49921] Apache ActiveMQ Web interface cross-site scripting
6949| [49898] Apache Geronimo Services/Repository directory traversal
6950| [49725] Apache Tomcat mod_jk module information disclosure
6951| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6952| [49712] Apache Struts unspecified cross-site scripting
6953| [49213] Apache Tomcat cal2.jsp cross-site scripting
6954| [48934] Apache Tomcat POST doRead method information disclosure
6955| [48211] Apache Tomcat header HTTP request smuggling
6956| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6957| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6958| [47709] Apache Roller "
6959| [47104] Novell Netware ApacheAdmin console security bypass
6960| [47086] Apache HTTP Server OS fingerprinting unspecified
6961| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6962| [45791] Apache Tomcat RemoteFilterValve security bypass
6963| [44435] Oracle WebLogic Apache Connector buffer overflow
6964| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6965| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6966| [44156] Apache Tomcat RequestDispatcher directory traversal
6967| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6968| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6969| [42987] Apache HTTP Server mod_proxy module denial of service
6970| [42915] Apache Tomcat JSP files path disclosure
6971| [42914] Apache Tomcat MS-DOS path disclosure
6972| [42892] Apache Tomcat unspecified unauthorized access
6973| [42816] Apache Tomcat Host Manager cross-site scripting
6974| [42303] Apache 403 error cross-site scripting
6975| [41618] Apache-SSL ExpandCert() authentication bypass
6976| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6977| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6978| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6979| [40562] Apache Geronimo init information disclosure
6980| [40478] Novell Web Manager webadmin-apache.conf security bypass
6981| [40411] Apache Tomcat exception handling information disclosure
6982| [40409] Apache Tomcat native (APR based) connector weak security
6983| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6984| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6985| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6986| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6987| [39804] Apache Tomcat SingleSignOn information disclosure
6988| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6989| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6990| [39608] Apache HTTP Server balancer manager cross-site request forgery
6991| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6992| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6993| [39472] Apache HTTP Server mod_status cross-site scripting
6994| [39201] Apache Tomcat JULI logging weak security
6995| [39158] Apache HTTP Server Windows SMB shares information disclosure
6996| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6997| [38951] Apache::AuthCAS Perl module cookie SQL injection
6998| [38800] Apache HTTP Server 413 error page cross-site scripting
6999| [38211] Apache Geronimo SQLLoginModule authentication bypass
7000| [37243] Apache Tomcat WebDAV directory traversal
7001| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7002| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7003| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7004| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7005| [36782] Apache Geronimo MEJB unauthorized access
7006| [36586] Apache HTTP Server UTF-7 cross-site scripting
7007| [36468] Apache Geronimo LoginModule security bypass
7008| [36467] Apache Tomcat functions.jsp cross-site scripting
7009| [36402] Apache Tomcat calendar cross-site request forgery
7010| [36354] Apache HTTP Server mod_proxy module denial of service
7011| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7012| [36336] Apache Derby lock table privilege escalation
7013| [36335] Apache Derby schema privilege escalation
7014| [36006] Apache Tomcat "
7015| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7016| [35999] Apache Tomcat \"
7017| [35795] Apache Tomcat CookieExample cross-site scripting
7018| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7019| [35384] Apache HTTP Server mod_cache module denial of service
7020| [35097] Apache HTTP Server mod_status module cross-site scripting
7021| [35095] Apache HTTP Server Prefork MPM module denial of service
7022| [34984] Apache HTTP Server recall_headers information disclosure
7023| [34966] Apache HTTP Server MPM content spoofing
7024| [34965] Apache HTTP Server MPM information disclosure
7025| [34963] Apache HTTP Server MPM multiple denial of service
7026| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7027| [34869] Apache Tomcat JSP example Web application cross-site scripting
7028| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7029| [34496] Apache Tomcat JK Connector security bypass
7030| [34377] Apache Tomcat hello.jsp cross-site scripting
7031| [34212] Apache Tomcat SSL configuration security bypass
7032| [34210] Apache Tomcat Accept-Language cross-site scripting
7033| [34209] Apache Tomcat calendar application cross-site scripting
7034| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7035| [34167] Apache Axis WSDL file path disclosure
7036| [34068] Apache Tomcat AJP connector information disclosure
7037| [33584] Apache HTTP Server suEXEC privilege escalation
7038| [32988] Apache Tomcat proxy module directory traversal
7039| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7040| [32708] Debian Apache tty privilege escalation
7041| [32441] ApacheStats extract() PHP call unspecified
7042| [32128] Apache Tomcat default account
7043| [31680] Apache Tomcat RequestParamExample cross-site scripting
7044| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7045| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7046| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7047| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7048| [29550] Apache mod_tcl set_var() format string
7049| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7050| [28357] Apache HTTP Server mod_alias script source information disclosure
7051| [28063] Apache mod_rewrite off-by-one buffer overflow
7052| [27902] Apache Tomcat URL information disclosure
7053| [26786] Apache James SMTP server denial of service
7054| [25680] libapache2 /tmp/svn file upload
7055| [25614] Apache Struts lookupMap cross-site scripting
7056| [25613] Apache Struts ActionForm denial of service
7057| [25612] Apache Struts isCancelled() security bypass
7058| [24965] Apache mod_python FileSession command execution
7059| [24716] Apache James spooler memory leak denial of service
7060| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7061| [24158] Apache Geronimo jsp-examples cross-site scripting
7062| [24030] Apache auth_ldap module multiple format strings
7063| [24008] Apache mod_ssl custom error message denial of service
7064| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7065| [23612] Apache mod_imap referer field cross-site scripting
7066| [23173] Apache Struts error message cross-site scripting
7067| [22942] Apache Tomcat directory listing denial of service
7068| [22858] Apache Multi-Processing Module code allows denial of service
7069| [22602] RHSA-2005:582 updates for Apache httpd not installed
7070| [22520] Apache mod-auth-shadow "
7071| [22466] ApacheTop symlink
7072| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7073| [22006] Apache HTTP Server byte-range filter denial of service
7074| [21567] Apache mod_ssl off-by-one buffer overflow
7075| [21195] Apache HTTP Server header HTTP request smuggling
7076| [20383] Apache HTTP Server htdigest buffer overflow
7077| [19681] Apache Tomcat AJP12 request denial of service
7078| [18993] Apache HTTP server check_forensic symlink attack
7079| [18790] Apache Tomcat Manager cross-site scripting
7080| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7081| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7082| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7083| [17961] Apache Web server ServerTokens has not been set
7084| [17930] Apache HTTP Server HTTP GET request denial of service
7085| [17785] Apache mod_include module buffer overflow
7086| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7087| [17473] Apache HTTP Server Satisfy directive allows access to resources
7088| [17413] Apache htpasswd buffer overflow
7089| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7090| [17382] Apache HTTP Server IPv6 apr_util denial of service
7091| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7092| [17273] Apache HTTP Server speculative mode denial of service
7093| [17200] Apache HTTP Server mod_ssl denial of service
7094| [16890] Apache HTTP Server server-info request has been detected
7095| [16889] Apache HTTP Server server-status request has been detected
7096| [16705] Apache mod_ssl format string attack
7097| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7098| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7099| [16230] Apache HTTP Server PHP denial of service
7100| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7101| [15958] Apache HTTP Server authentication modules memory corruption
7102| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7103| [15540] Apache HTTP Server socket starvation denial of service
7104| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7105| [15422] Apache HTTP Server mod_access information disclosure
7106| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7107| [15293] Apache for Cygwin "
7108| [15065] Apache-SSL has a default password
7109| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7110| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7111| [14751] Apache Mod_python output filter information disclosure
7112| [14125] Apache HTTP Server mod_userdir module information disclosure
7113| [14075] Apache HTTP Server mod_php file descriptor leak
7114| [13703] Apache HTTP Server account
7115| [13689] Apache HTTP Server configuration allows symlinks
7116| [13688] Apache HTTP Server configuration allows SSI
7117| [13687] Apache HTTP Server Server: header value
7118| [13685] Apache HTTP Server ServerTokens value
7119| [13684] Apache HTTP Server ServerSignature value
7120| [13672] Apache HTTP Server config allows directory autoindexing
7121| [13671] Apache HTTP Server default content
7122| [13670] Apache HTTP Server config file directive references outside content root
7123| [13668] Apache HTTP Server httpd not running in chroot environment
7124| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7125| [13664] Apache HTTP Server config file contains ScriptAlias entry
7126| [13663] Apache HTTP Server CGI support modules loaded
7127| [13661] Apache HTTP Server config file contains AddHandler entry
7128| [13660] Apache HTTP Server 500 error page not CGI script
7129| [13659] Apache HTTP Server 413 error page not CGI script
7130| [13658] Apache HTTP Server 403 error page not CGI script
7131| [13657] Apache HTTP Server 401 error page not CGI script
7132| [13552] Apache HTTP Server mod_cgid module information disclosure
7133| [13550] Apache GET request directory traversal
7134| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7135| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7136| [13429] Apache Tomcat non-HTTP request denial of service
7137| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7138| [13295] Apache weak password encryption
7139| [13254] Apache Tomcat .jsp cross-site scripting
7140| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7141| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7142| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7143| [12662] Apache HTTP Server rotatelogs denial of service
7144| [12554] Apache Tomcat stores password in plain text
7145| [12553] Apache HTTP Server redirects and subrequests denial of service
7146| [12552] Apache HTTP Server FTP proxy server denial of service
7147| [12551] Apache HTTP Server prefork MPM denial of service
7148| [12550] Apache HTTP Server weaker than expected encryption
7149| [12549] Apache HTTP Server type-map file denial of service
7150| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7151| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7152| [12091] Apache HTTP Server apr_password_validate denial of service
7153| [12090] Apache HTTP Server apr_psprintf code execution
7154| [11804] Apache HTTP Server mod_access_referer denial of service
7155| [11750] Apache HTTP Server could leak sensitive file descriptors
7156| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7157| [11703] Apache long slash path allows directory listing
7158| [11695] Apache HTTP Server LF (Line Feed) denial of service
7159| [11694] Apache HTTP Server filestat.c denial of service
7160| [11438] Apache HTTP Server MIME message boundaries information disclosure
7161| [11412] Apache HTTP Server error log terminal escape sequence injection
7162| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7163| [11195] Apache Tomcat web.xml could be used to read files
7164| [11194] Apache Tomcat URL appended with a null character could list directories
7165| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7166| [11126] Apache HTTP Server illegal character file disclosure
7167| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7168| [11124] Apache HTTP Server DOS device name denial of service
7169| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7170| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7171| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7172| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7173| [10499] Apache HTTP Server WebDAV HTTP POST view source
7174| [10457] Apache HTTP Server mod_ssl "
7175| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7176| [10414] Apache HTTP Server htdigest multiple buffer overflows
7177| [10413] Apache HTTP Server htdigest temporary file race condition
7178| [10412] Apache HTTP Server htpasswd temporary file race condition
7179| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7180| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7181| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7182| [10280] Apache HTTP Server shared memory scorecard overwrite
7183| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7184| [10241] Apache HTTP Server Host: header cross-site scripting
7185| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7186| [10208] Apache HTTP Server mod_dav denial of service
7187| [10206] HP VVOS Apache mod_ssl denial of service
7188| [10200] Apache HTTP Server stderr denial of service
7189| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7190| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7191| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7192| [10098] Slapper worm targets OpenSSL/Apache systems
7193| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7194| [9875] Apache HTTP Server .var file request could disclose installation path
7195| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7196| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7197| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7198| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7199| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7200| [9396] Apache Tomcat null character to threads denial of service
7201| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7202| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7203| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7204| [8932] Apache Tomcat example class information disclosure
7205| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7206| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7207| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7208| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7209| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7210| [8400] Apache HTTP Server mod_frontpage buffer overflows
7211| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7212| [8308] Apache "
7213| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7214| [8119] Apache and PHP OPTIONS request reveals "
7215| [8054] Apache is running on the system
7216| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7217| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7218| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7219| [7836] Apache HTTP Server log directory denial of service
7220| [7815] Apache for Windows "
7221| [7810] Apache HTTP request could result in unexpected behavior
7222| [7599] Apache Tomcat reveals installation path
7223| [7494] Apache "
7224| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7225| [7363] Apache Web Server hidden HTTP requests
7226| [7249] Apache mod_proxy denial of service
7227| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7228| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7229| [7059] Apache "
7230| [7057] Apache "
7231| [7056] Apache "
7232| [7055] Apache "
7233| [7054] Apache "
7234| [6997] Apache Jakarta Tomcat error message may reveal information
7235| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7236| [6970] Apache crafted HTTP request could reveal the internal IP address
7237| [6921] Apache long slash path allows directory listing
7238| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7239| [6527] Apache Web Server for Windows and OS2 denial of service
7240| [6316] Apache Jakarta Tomcat may reveal JSP source code
7241| [6305] Apache Jakarta Tomcat directory traversal
7242| [5926] Linux Apache symbolic link
7243| [5659] Apache Web server discloses files when used with php script
7244| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7245| [5204] Apache WebDAV directory listings
7246| [5197] Apache Web server reveals CGI script source code
7247| [5160] Apache Jakarta Tomcat default installation
7248| [5099] Trustix Secure Linux installs Apache with world writable access
7249| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7250| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7251| [4931] Apache source.asp example file allows users to write to files
7252| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7253| [4205] Apache Jakarta Tomcat delivers file contents
7254| [2084] Apache on Debian by default serves the /usr/doc directory
7255| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7256| [697] Apache HTTP server beck exploit
7257| [331] Apache cookies buffer overflow
7258|
7259| Exploit-DB - https://www.exploit-db.com:
7260| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7261| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7262| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7263| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7264| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7265| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7266| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7267| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7268| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7269| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7270| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7271| [29859] Apache Roller OGNL Injection
7272| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7273| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7274| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7275| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7276| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7277| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7278| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7279| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7280| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7281| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7282| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7283| [27096] Apache Geronimo 1.0 Error Page XSS
7284| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7285| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7286| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7287| [25986] Plesk Apache Zeroday Remote Exploit
7288| [25980] Apache Struts includeParams Remote Code Execution
7289| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7290| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7291| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7292| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7293| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7294| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7295| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7296| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7297| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7298| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7299| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7300| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7301| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7302| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7303| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7304| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7305| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7306| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7307| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7308| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7309| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7310| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7311| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7312| [21719] Apache 2.0 Path Disclosure Vulnerability
7313| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7314| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7315| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7316| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7317| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7318| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7319| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7320| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7321| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7322| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7323| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7324| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7325| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7326| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7327| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7328| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7329| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7330| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7331| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7332| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7333| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7334| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7335| [20558] Apache 1.2 Web Server DoS Vulnerability
7336| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7337| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7338| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7339| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7340| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7341| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7342| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7343| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7344| [19231] PHP apache_request_headers Function Buffer Overflow
7345| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7346| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7347| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7348| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7349| [18442] Apache httpOnly Cookie Disclosure
7350| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7351| [18221] Apache HTTP Server Denial of Service
7352| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7353| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7354| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7355| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7356| [16782] Apache Win32 Chunked Encoding
7357| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7358| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7359| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7360| [15319] Apache 2.2 (Windows) Local Denial of Service
7361| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7362| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7363| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7364| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7365| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7366| [12330] Apache OFBiz - Multiple XSS
7367| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7368| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7369| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7370| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7371| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7372| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7373| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7374| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7375| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7376| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7377| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7378| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7379| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7380| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7381| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7382| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7383| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7384| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7385| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7386| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7387| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7388| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7389| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7390| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7391| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7392| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7393| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7394| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7395| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7396| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7397| [466] htpasswd Apache 1.3.31 - Local Exploit
7398| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7399| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7400| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7401| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7402| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7403| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7404| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7405| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7406| [9] Apache HTTP Server 2.x Memory Leak Exploit
7407|
7408| OpenVAS (Nessus) - http://www.openvas.org:
7409| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7410| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7411| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7412| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7413| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7414| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7415| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7416| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7417| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7418| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7419| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7420| [900571] Apache APR-Utils Version Detection
7421| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7422| [900496] Apache Tiles Multiple XSS Vulnerability
7423| [900493] Apache Tiles Version Detection
7424| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7425| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7426| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7427| [870175] RedHat Update for apache RHSA-2008:0004-01
7428| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7429| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7430| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7431| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7432| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7433| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7434| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7435| [855821] Solaris Update for Apache 1.3 122912-19
7436| [855812] Solaris Update for Apache 1.3 122911-19
7437| [855737] Solaris Update for Apache 1.3 122911-17
7438| [855731] Solaris Update for Apache 1.3 122912-17
7439| [855695] Solaris Update for Apache 1.3 122911-16
7440| [855645] Solaris Update for Apache 1.3 122912-16
7441| [855587] Solaris Update for kernel update and Apache 108529-29
7442| [855566] Solaris Update for Apache 116973-07
7443| [855531] Solaris Update for Apache 116974-07
7444| [855524] Solaris Update for Apache 2 120544-14
7445| [855494] Solaris Update for Apache 1.3 122911-15
7446| [855478] Solaris Update for Apache Security 114145-11
7447| [855472] Solaris Update for Apache Security 113146-12
7448| [855179] Solaris Update for Apache 1.3 122912-15
7449| [855147] Solaris Update for kernel update and Apache 108528-29
7450| [855077] Solaris Update for Apache 2 120543-14
7451| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7452| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7453| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7454| [841209] Ubuntu Update for apache2 USN-1627-1
7455| [840900] Ubuntu Update for apache2 USN-1368-1
7456| [840798] Ubuntu Update for apache2 USN-1259-1
7457| [840734] Ubuntu Update for apache2 USN-1199-1
7458| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7459| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7460| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7461| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7462| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7463| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7464| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7465| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7466| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7467| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7468| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7469| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7470| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7471| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7472| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7473| [835188] HP-UX Update for Apache HPSBUX02308
7474| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7475| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7476| [835172] HP-UX Update for Apache HPSBUX02365
7477| [835168] HP-UX Update for Apache HPSBUX02313
7478| [835148] HP-UX Update for Apache HPSBUX01064
7479| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7480| [835131] HP-UX Update for Apache HPSBUX00256
7481| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7482| [835104] HP-UX Update for Apache HPSBUX00224
7483| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7484| [835101] HP-UX Update for Apache HPSBUX01232
7485| [835080] HP-UX Update for Apache HPSBUX02273
7486| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7487| [835044] HP-UX Update for Apache HPSBUX01019
7488| [835040] HP-UX Update for Apache PHP HPSBUX00207
7489| [835025] HP-UX Update for Apache HPSBUX00197
7490| [835023] HP-UX Update for Apache HPSBUX01022
7491| [835022] HP-UX Update for Apache HPSBUX02292
7492| [835005] HP-UX Update for Apache HPSBUX02262
7493| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7494| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7495| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7496| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7497| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7498| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7499| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7500| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7501| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7502| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7503| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7504| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7505| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7506| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7507| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7508| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7509| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7510| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7511| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7512| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7513| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7514| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7515| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7516| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7517| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7518| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7519| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7520| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7521| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7522| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7523| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7524| [801942] Apache Archiva Multiple Vulnerabilities
7525| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7526| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7527| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7528| [801284] Apache Derby Information Disclosure Vulnerability
7529| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7530| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7531| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7532| [800680] Apache APR Version Detection
7533| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7534| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7535| [800677] Apache Roller Version Detection
7536| [800279] Apache mod_jk Module Version Detection
7537| [800278] Apache Struts Cross Site Scripting Vulnerability
7538| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7539| [800276] Apache Struts Version Detection
7540| [800271] Apache Struts Directory Traversal Vulnerability
7541| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7542| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7543| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7544| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7545| [103074] Apache Continuum Cross Site Scripting Vulnerability
7546| [103073] Apache Continuum Detection
7547| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7548| [101023] Apache Open For Business Weak Password security check
7549| [101020] Apache Open For Business HTML injection vulnerability
7550| [101019] Apache Open For Business service detection
7551| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7552| [100923] Apache Archiva Detection
7553| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7554| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7555| [100813] Apache Axis2 Detection
7556| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7557| [100795] Apache Derby Detection
7558| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7559| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7560| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7561| [100514] Apache Multiple Security Vulnerabilities
7562| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7563| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7564| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7565| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7566| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7567| [72612] FreeBSD Ports: apache22
7568| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7569| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7570| [71512] FreeBSD Ports: apache
7571| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7572| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7573| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7574| [70737] FreeBSD Ports: apache
7575| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7576| [70600] FreeBSD Ports: apache
7577| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7578| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7579| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7580| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7581| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7582| [67868] FreeBSD Ports: apache
7583| [66816] FreeBSD Ports: apache
7584| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7585| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7586| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7587| [66081] SLES11: Security update for Apache 2
7588| [66074] SLES10: Security update for Apache 2
7589| [66070] SLES9: Security update for Apache 2
7590| [65998] SLES10: Security update for apache2-mod_python
7591| [65893] SLES10: Security update for Apache 2
7592| [65888] SLES10: Security update for Apache 2
7593| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7594| [65510] SLES9: Security update for Apache 2
7595| [65472] SLES9: Security update for Apache
7596| [65467] SLES9: Security update for Apache
7597| [65450] SLES9: Security update for apache2
7598| [65390] SLES9: Security update for Apache2
7599| [65363] SLES9: Security update for Apache2
7600| [65309] SLES9: Security update for Apache and mod_ssl
7601| [65296] SLES9: Security update for webdav apache module
7602| [65283] SLES9: Security update for Apache2
7603| [65249] SLES9: Security update for Apache 2
7604| [65230] SLES9: Security update for Apache 2
7605| [65228] SLES9: Security update for Apache 2
7606| [65212] SLES9: Security update for apache2-mod_python
7607| [65209] SLES9: Security update for apache2-worker
7608| [65207] SLES9: Security update for Apache 2
7609| [65168] SLES9: Security update for apache2-mod_python
7610| [65142] SLES9: Security update for Apache2
7611| [65136] SLES9: Security update for Apache 2
7612| [65132] SLES9: Security update for apache
7613| [65131] SLES9: Security update for Apache 2 oes/CORE
7614| [65113] SLES9: Security update for apache2
7615| [65072] SLES9: Security update for apache and mod_ssl
7616| [65017] SLES9: Security update for Apache 2
7617| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7618| [64783] FreeBSD Ports: apache
7619| [64774] Ubuntu USN-802-2 (apache2)
7620| [64653] Ubuntu USN-813-2 (apache2)
7621| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7622| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7623| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7624| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7625| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7626| [64443] Ubuntu USN-802-1 (apache2)
7627| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7628| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7629| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7630| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7631| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7632| [64201] Ubuntu USN-787-1 (apache2)
7633| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7634| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7635| [63565] FreeBSD Ports: apache
7636| [63562] Ubuntu USN-731-1 (apache2)
7637| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7638| [61185] FreeBSD Ports: apache
7639| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7640| [60387] Slackware Advisory SSA:2008-045-02 apache
7641| [58826] FreeBSD Ports: apache-tomcat
7642| [58825] FreeBSD Ports: apache-tomcat
7643| [58804] FreeBSD Ports: apache
7644| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7645| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7646| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7647| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7648| [57335] Debian Security Advisory DSA 1167-1 (apache)
7649| [57201] Debian Security Advisory DSA 1131-1 (apache)
7650| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7651| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7652| [57145] FreeBSD Ports: apache
7653| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7654| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7655| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7656| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7657| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7658| [56067] FreeBSD Ports: apache
7659| [55803] Slackware Advisory SSA:2005-310-04 apache
7660| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7661| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7662| [55355] FreeBSD Ports: apache
7663| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7664| [55261] Debian Security Advisory DSA 805-1 (apache2)
7665| [55259] Debian Security Advisory DSA 803-1 (apache)
7666| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7667| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7668| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7669| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7670| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7671| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7672| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7673| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7674| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7675| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7676| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7677| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7678| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7679| [54439] FreeBSD Ports: apache
7680| [53931] Slackware Advisory SSA:2004-133-01 apache
7681| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7682| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7683| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7684| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7685| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7686| [53848] Debian Security Advisory DSA 131-1 (apache)
7687| [53784] Debian Security Advisory DSA 021-1 (apache)
7688| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7689| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7690| [53735] Debian Security Advisory DSA 187-1 (apache)
7691| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7692| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7693| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7694| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7695| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7696| [53282] Debian Security Advisory DSA 594-1 (apache)
7697| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7698| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7699| [53215] Debian Security Advisory DSA 525-1 (apache)
7700| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7701| [52529] FreeBSD Ports: apache+ssl
7702| [52501] FreeBSD Ports: apache
7703| [52461] FreeBSD Ports: apache
7704| [52390] FreeBSD Ports: apache
7705| [52389] FreeBSD Ports: apache
7706| [52388] FreeBSD Ports: apache
7707| [52383] FreeBSD Ports: apache
7708| [52339] FreeBSD Ports: apache+mod_ssl
7709| [52331] FreeBSD Ports: apache
7710| [52329] FreeBSD Ports: ru-apache+mod_ssl
7711| [52314] FreeBSD Ports: apache
7712| [52310] FreeBSD Ports: apache
7713| [15588] Detect Apache HTTPS
7714| [15555] Apache mod_proxy content-length buffer overflow
7715| [15554] Apache mod_include priviledge escalation
7716| [14771] Apache <= 1.3.33 htpasswd local overflow
7717| [14177] Apache mod_access rule bypass
7718| [13644] Apache mod_rootme Backdoor
7719| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7720| [12280] Apache Connection Blocking Denial of Service
7721| [12239] Apache Error Log Escape Sequence Injection
7722| [12123] Apache Tomcat source.jsp malformed request information disclosure
7723| [12085] Apache Tomcat servlet/JSP container default files
7724| [11438] Apache Tomcat Directory Listing and File disclosure
7725| [11204] Apache Tomcat Default Accounts
7726| [11092] Apache 2.0.39 Win32 directory traversal
7727| [11046] Apache Tomcat TroubleShooter Servlet Installed
7728| [11042] Apache Tomcat DOS Device Name XSS
7729| [11041] Apache Tomcat /servlet Cross Site Scripting
7730| [10938] Apache Remote Command Execution via .bat files
7731| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7732| [10773] MacOS X Finder reveals contents of Apache Web files
7733| [10766] Apache UserDir Sensitive Information Disclosure
7734| [10756] MacOS X Finder reveals contents of Apache Web directories
7735| [10752] Apache Auth Module SQL Insertion Attack
7736| [10704] Apache Directory Listing
7737| [10678] Apache /server-info accessible
7738| [10677] Apache /server-status accessible
7739| [10440] Check for Apache Multiple / vulnerability
7740|
7741| SecurityTracker - https://www.securitytracker.com:
7742| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7743| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7744| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7745| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7746| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7747| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7748| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7749| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7750| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7751| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7752| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7753| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7754| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7755| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7756| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7757| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7758| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7759| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7760| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7761| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7762| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7763| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7764| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7765| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7766| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7767| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7768| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7769| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7770| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7771| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7772| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7773| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7774| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7775| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7776| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7777| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7778| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7779| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7780| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7781| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7782| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7783| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7784| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7785| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7786| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7787| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7788| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7789| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7790| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7791| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7792| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7793| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7794| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7795| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7796| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7797| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7798| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7799| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7800| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7801| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7802| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7803| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7804| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7805| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7806| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7807| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7808| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7809| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7810| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7811| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7812| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7813| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7814| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7815| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7816| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7817| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7818| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7819| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7820| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7821| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7822| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7823| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7824| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7825| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7826| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7827| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7828| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7829| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7830| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7831| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7832| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7833| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7834| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7835| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7836| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7837| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7838| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7839| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7840| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7841| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7842| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7843| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7844| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7845| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7846| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7847| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7848| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7849| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7850| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7851| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7852| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7853| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7854| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7855| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7856| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7857| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7858| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7859| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7860| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7861| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7862| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7863| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7864| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7865| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7866| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7867| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7868| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7869| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7870| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7871| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7872| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7873| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7874| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7875| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7876| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7877| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7878| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7879| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7880| [1008920] Apache mod_digest May Validate Replayed Client Responses
7881| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7882| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7883| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7884| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7885| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7886| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7887| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7888| [1008029] Apache mod_alias Contains a Buffer Overflow
7889| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7890| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7891| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7892| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7893| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7894| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7895| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7896| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7897| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7898| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7899| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7900| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7901| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7902| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7903| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7904| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7905| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7906| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7907| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7908| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7909| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7910| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7911| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7912| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7913| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7914| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7915| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7916| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7917| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7918| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7919| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7920| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7921| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7922| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7923| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7924| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7925| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7926| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7927| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7928| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7929| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7930| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7931| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7932| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7933| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7934| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7935| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7936| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7937| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7938| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7939| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7940| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7941| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7942| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7943| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7944| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7945|
7946| OSVDB - http://www.osvdb.org:
7947| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7948| [96077] Apache CloudStack Global Settings Multiple Field XSS
7949| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7950| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7951| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7952| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7953| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7954| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7955| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7956| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7957| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7958| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7959| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7960| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7961| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7962| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7963| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7964| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7965| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7966| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7967| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7968| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7969| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7970| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7971| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7972| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7973| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7974| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7975| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7976| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7977| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7978| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7979| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7980| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7981| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7982| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7983| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7984| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7985| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7986| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7987| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7988| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7989| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7990| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7991| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7992| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7993| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7994| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7995| [94279] Apache Qpid CA Certificate Validation Bypass
7996| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7997| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7998| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7999| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8000| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8001| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8002| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8003| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8004| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8005| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8006| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8007| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8008| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8009| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8010| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8011| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8012| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8013| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8014| [93541] Apache Solr json.wrf Callback XSS
8015| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8016| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8017| [93520] Apache CloudStack Default SSL Key Weakness
8018| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8019| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8020| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8021| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8022| [93515] Apache HBase table.jsp name Parameter XSS
8023| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8024| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8025| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8026| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8027| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8028| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8029| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8030| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8031| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8032| [93252] Apache Tomcat FORM Authenticator Session Fixation
8033| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8034| [93171] Apache Sling HtmlResponse Error Message XSS
8035| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8036| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8037| [93168] Apache Click ErrorReport.java id Parameter XSS
8038| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8039| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8040| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8041| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8042| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8043| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8044| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8045| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8046| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8047| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8048| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8049| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8050| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8051| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8052| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8053| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8054| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8055| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8056| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8057| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8058| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8059| [93144] Apache Solr Admin Command Execution CSRF
8060| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8061| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8062| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8063| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8064| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8065| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8066| [92748] Apache CloudStack VM Console Access Restriction Bypass
8067| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8068| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8069| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8070| [92706] Apache ActiveMQ Debug Log Rendering XSS
8071| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8072| [92270] Apache Tomcat Unspecified CSRF
8073| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8074| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8075| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8076| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8077| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8078| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8079| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8080| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8081| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8082| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8083| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8084| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8085| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8086| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8087| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8088| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8089| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8090| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8091| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8092| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8093| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8094| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8095| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8096| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8097| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8098| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8099| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8100| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8101| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8102| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8103| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8104| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8105| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8106| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8107| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8108| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8109| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8110| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8111| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8112| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8113| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8114| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8115| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8116| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8117| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8118| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8119| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8120| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8121| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8122| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8123| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8124| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8125| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8126| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8127| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8128| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8129| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8130| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8131| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8132| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8133| [86901] Apache Tomcat Error Message Path Disclosure
8134| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8135| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8136| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8137| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8138| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8139| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8140| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8141| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8142| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8143| [85430] Apache mod_pagespeed Module Unspecified XSS
8144| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8145| [85249] Apache Wicket Unspecified XSS
8146| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8147| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8148| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8149| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8150| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8151| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8152| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8153| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8154| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8155| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8156| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8157| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8158| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8159| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8160| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8161| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8162| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8163| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8164| [83339] Apache Roller Blogger Roll Unspecified XSS
8165| [83270] Apache Roller Unspecified Admin Action CSRF
8166| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8167| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8168| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8169| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8170| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8171| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8172| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8173| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8174| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8175| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8176| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8177| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8178| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8179| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8180| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8181| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8182| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8183| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8184| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8185| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8186| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8187| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8188| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8189| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8190| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8191| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8192| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8193| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8194| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8195| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8196| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8197| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8198| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8199| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8200| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8201| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8202| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8203| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8204| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8205| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8206| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8207| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8208| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8209| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8210| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8211| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8212| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8213| [77593] Apache Struts Conversion Error OGNL Expression Injection
8214| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8215| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8216| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8217| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8218| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8219| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8220| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8221| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8222| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8223| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8224| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8225| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8226| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8227| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8228| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8229| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8230| [74725] Apache Wicket Multi Window Support Unspecified XSS
8231| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8232| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8233| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8234| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8235| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8236| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8237| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8238| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8239| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8240| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8241| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8242| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8243| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8244| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8245| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8246| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8247| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8248| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8249| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8250| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8251| [73154] Apache Archiva Multiple Unspecified CSRF
8252| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8253| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8254| [72238] Apache Struts Action / Method Names <
8255| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8256| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8257| [71557] Apache Tomcat HTML Manager Multiple XSS
8258| [71075] Apache Archiva User Management Page XSS
8259| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8260| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8261| [70924] Apache Continuum Multiple Admin Function CSRF
8262| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8263| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8264| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8265| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8266| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8267| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8268| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8269| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8270| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8271| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8272| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8273| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8274| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8275| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8276| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8277| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8278| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8279| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8280| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8281| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8282| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8283| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8284| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8285| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8286| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8287| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8288| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8289| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8290| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8291| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8292| [65054] Apache ActiveMQ Jetty Error Handler XSS
8293| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8294| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8295| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8296| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8297| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8298| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8299| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8300| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8301| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8302| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8303| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8304| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8305| [63895] Apache HTTP Server mod_headers Unspecified Issue
8306| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8307| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8308| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8309| [63140] Apache Thrift Service Malformed Data Remote DoS
8310| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8311| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8312| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8313| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8314| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8315| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8316| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8317| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8318| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8319| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8320| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8321| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8322| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8323| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8324| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8325| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8326| [60678] Apache Roller Comment Email Notification Manipulation DoS
8327| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8328| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8329| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8330| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8331| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8332| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8333| [60232] PHP on Apache php.exe Direct Request Remote DoS
8334| [60176] Apache Tomcat Windows Installer Admin Default Password
8335| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8336| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8337| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8338| [59944] Apache Hadoop jobhistory.jsp XSS
8339| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8340| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8341| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8342| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8343| [59019] Apache mod_python Cookie Salting Weakness
8344| [59018] Apache Harmony Error Message Handling Overflow
8345| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8346| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8347| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8348| [59010] Apache Solr get-file.jsp XSS
8349| [59009] Apache Solr action.jsp XSS
8350| [59008] Apache Solr analysis.jsp XSS
8351| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8352| [59006] Apache Beehive select / checkbox Tag XSS
8353| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8354| [59004] Apache Beehive Error Message XSS
8355| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8356| [59002] Apache Jetspeed default-page.psml URI XSS
8357| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8358| [59000] Apache CXF Unsigned Message Policy Bypass
8359| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8360| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8361| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8362| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8363| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8364| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8365| [58993] Apache Hadoop browseBlock.jsp XSS
8366| [58991] Apache Hadoop browseDirectory.jsp XSS
8367| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8368| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8369| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8370| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8371| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8372| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8373| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8374| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8375| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8376| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8377| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8378| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8379| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8380| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8381| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8382| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8383| [58974] Apache Sling /apps Script User Session Management Access Weakness
8384| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8385| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8386| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8387| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8388| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8389| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8390| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8391| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8392| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8393| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8394| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8395| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8396| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8397| [58805] Apache Derby Unauthenticated Database / Admin Access
8398| [58804] Apache Wicket Header Contribution Unspecified Issue
8399| [58803] Apache Wicket Session Fixation
8400| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8401| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8402| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8403| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8404| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8405| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8406| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8407| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8408| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8409| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8410| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8411| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8412| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8413| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8414| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8415| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8416| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8417| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8418| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8419| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8420| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8421| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8422| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8423| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8424| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8425| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8426| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8427| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8428| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8429| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8430| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8431| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8432| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8433| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8434| [58755] Apache Harmony DRLVM Non-public Class Member Access
8435| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8436| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8437| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8438| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8439| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8440| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8441| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8442| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8443| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8444| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8445| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8446| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8447| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8448| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8449| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8450| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8451| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8452| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8453| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8454| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8455| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8456| [58724] Apache Roller Logout Functionality Failure Session Persistence
8457| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8458| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8459| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8460| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8461| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8462| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8463| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8464| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8465| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8466| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8467| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8468| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8469| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8470| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8471| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8472| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8473| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8474| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8475| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8476| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8477| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8478| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8479| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8480| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8481| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8482| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8483| [58687] Apache Axis Invalid wsdl Request XSS
8484| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8485| [58685] Apache Velocity Template Designer Privileged Code Execution
8486| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8487| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8488| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8489| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8490| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8491| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8492| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8493| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8494| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8495| [58667] Apache Roller Database Cleartext Passwords Disclosure
8496| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8497| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8498| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8499| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8500| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8501| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8502| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8503| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8504| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8505| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8506| [56984] Apache Xerces2 Java Malformed XML Input DoS
8507| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8508| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8509| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8510| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8511| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8512| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8513| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8514| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8515| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8516| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8517| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8518| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8519| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8520| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8521| [55056] Apache Tomcat Cross-application TLD File Manipulation
8522| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8523| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8524| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8525| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8526| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8527| [54589] Apache Jserv Nonexistent JSP Request XSS
8528| [54122] Apache Struts s:a / s:url Tag href Element XSS
8529| [54093] Apache ActiveMQ Web Console JMS Message XSS
8530| [53932] Apache Geronimo Multiple Admin Function CSRF
8531| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8532| [53930] Apache Geronimo /console/portal/ URI XSS
8533| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8534| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8535| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8536| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8537| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8538| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8539| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8540| [53380] Apache Struts Unspecified XSS
8541| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8542| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8543| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8544| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8545| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8546| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8547| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8548| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8549| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8550| [51151] Apache Roller Search Function q Parameter XSS
8551| [50482] PHP with Apache php_value Order Unspecified Issue
8552| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8553| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8554| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8555| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8556| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8557| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8558| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8559| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8560| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8561| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8562| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8563| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8564| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8565| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8566| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8567| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8568| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8569| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8570| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8571| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8572| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8573| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8574| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8575| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8576| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8577| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8578| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8579| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8580| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8581| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8582| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8583| [43452] Apache Tomcat HTTP Request Smuggling
8584| [43309] Apache Geronimo LoginModule Login Method Bypass
8585| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8586| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8587| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8588| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8589| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8590| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8591| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8592| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8593| [42091] Apache Maven Site Plugin Installation Permission Weakness
8594| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8595| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8596| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8597| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8598| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8599| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8600| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8601| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8602| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8603| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8604| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8605| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8606| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8607| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8608| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8609| [40262] Apache HTTP Server mod_status refresh XSS
8610| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8611| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8612| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8613| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8614| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8615| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8616| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8617| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8618| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8619| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8620| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8621| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8622| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8623| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8624| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8625| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8626| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8627| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8628| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8629| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8630| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8631| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8632| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8633| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8634| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8635| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8636| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8637| [36079] Apache Tomcat Manager Uploaded Filename XSS
8638| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8639| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8640| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8641| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8642| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8643| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8644| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8645| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8646| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8647| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8648| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8649| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8650| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8651| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8652| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8653| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8654| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8655| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8656| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8657| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8658| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8659| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8660| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8661| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8662| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8663| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8664| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8665| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8666| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8667| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8668| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8669| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8670| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8671| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8672| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8673| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8674| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8675| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8676| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8677| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8678| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8679| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8680| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8681| [24365] Apache Struts Multiple Function Error Message XSS
8682| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8683| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8684| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8685| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8686| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8687| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8688| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8689| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8690| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8691| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8692| [22459] Apache Geronimo Error Page XSS
8693| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8694| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8695| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8696| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8697| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8698| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8699| [21021] Apache Struts Error Message XSS
8700| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8701| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8702| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8703| [20439] Apache Tomcat Directory Listing Saturation DoS
8704| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8705| [20285] Apache HTTP Server Log File Control Character Injection
8706| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8707| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8708| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8709| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8710| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8711| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8712| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8713| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8714| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8715| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8716| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8717| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8718| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8719| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8720| [18233] Apache HTTP Server htdigest user Variable Overfow
8721| [17738] Apache HTTP Server HTTP Request Smuggling
8722| [16586] Apache HTTP Server Win32 GET Overflow DoS
8723| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8724| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8725| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8726| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8727| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8728| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8729| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8730| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8731| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8732| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8733| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8734| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8735| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8736| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8737| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8738| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8739| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8740| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8741| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8742| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8743| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8744| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8745| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8746| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8747| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8748| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8749| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8750| [13304] Apache Tomcat realPath.jsp Path Disclosure
8751| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8752| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8753| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8754| [12848] Apache HTTP Server htdigest realm Variable Overflow
8755| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8756| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8757| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8758| [12557] Apache HTTP Server prefork MPM accept Error DoS
8759| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8760| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8761| [12231] Apache Tomcat web.xml Arbitrary File Access
8762| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8763| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8764| [12178] Apache Jakarta Lucene results.jsp XSS
8765| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8766| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8767| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8768| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8769| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8770| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8771| [10471] Apache Xerces-C++ XML Parser DoS
8772| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8773| [10068] Apache HTTP Server htpasswd Local Overflow
8774| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8775| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8776| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8777| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8778| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8779| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8780| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8781| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8782| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8783| [9714] Apache Authentication Module Threaded MPM DoS
8784| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8785| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8786| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8787| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8788| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8789| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8790| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8791| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8792| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8793| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8794| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8795| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8796| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8797| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8798| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8799| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8800| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8801| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8802| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8803| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8804| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8805| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8806| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8807| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8808| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8809| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8810| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8811| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8812| [9208] Apache Tomcat .jsp Encoded Newline XSS
8813| [9204] Apache Tomcat ROOT Application XSS
8814| [9203] Apache Tomcat examples Application XSS
8815| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8816| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8817| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8818| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8819| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8820| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8821| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8822| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8823| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8824| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8825| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8826| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8827| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8828| [7611] Apache HTTP Server mod_alias Local Overflow
8829| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8830| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8831| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8832| [6882] Apache mod_python Malformed Query String Variant DoS
8833| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8834| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8835| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8836| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8837| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8838| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8839| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8840| [5278] Apache Tomcat web.xml Restriction Bypass
8841| [5051] Apache Tomcat Null Character DoS
8842| [4973] Apache Tomcat servlet Mapping XSS
8843| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8844| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8845| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8846| [4568] mod_survey For Apache ENV Tags SQL Injection
8847| [4553] Apache HTTP Server ApacheBench Overflow DoS
8848| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8849| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8850| [4383] Apache HTTP Server Socket Race Condition DoS
8851| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8852| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8853| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8854| [4231] Apache Cocoon Error Page Server Path Disclosure
8855| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8856| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8857| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8858| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8859| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8860| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8861| [3322] mod_php for Apache HTTP Server Process Hijack
8862| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8863| [2885] Apache mod_python Malformed Query String DoS
8864| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8865| [2733] Apache HTTP Server mod_rewrite Local Overflow
8866| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8867| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8868| [2149] Apache::Gallery Privilege Escalation
8869| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8870| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8871| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8872| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8873| [872] Apache Tomcat Multiple Default Accounts
8874| [862] Apache HTTP Server SSI Error Page XSS
8875| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8876| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8877| [845] Apache Tomcat MSDOS Device XSS
8878| [844] Apache Tomcat Java Servlet Error Page XSS
8879| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8880| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8881| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8882| [775] Apache mod_python Module Importing Privilege Function Execution
8883| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8884| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8885| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8886| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8887| [637] Apache HTTP Server UserDir Directive Username Enumeration
8888| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8889| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8890| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8891| [561] Apache Web Servers mod_status /server-status Information Disclosure
8892| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8893| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8894| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8895| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8896| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8897| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8898| [376] Apache Tomcat contextAdmin Arbitrary File Access
8899| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8900| [222] Apache HTTP Server test-cgi Arbitrary File Access
8901| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8902| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8903|_
8904Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8905Device type: firewall|general purpose|WAP|webcam
8906Running (JUST GUESSING): Linux 2.6.X|2.4.X (89%), Fortinet embedded (89%), Tandberg embedded (85%)
8907OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:fortinet:fortianalyzer-400b cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.4 cpe:/h:tandberg:vcs
8908Aggressive OS guesses: Fortinet FortiAnalyzer-400B firewall (Linux 2.6) (89%), Linux 2.6.32 (87%), Linux 2.6.32 - 2.6.35 (86%), Linux 2.6.35 (86%), DD-WRT v24-sp1 (Linux 2.4) (85%), Tandberg VCS video conferencing system (85%)
8909No exact OS matches for host (test conditions non-ideal).
8910Network Distance: 22 hops
8911
8912TRACEROUTE (using port 80/tcp)
8913HOP RTT ADDRESS
89141 173.09 ms 10.247.200.1
89152 174.31 ms 213.184.122.97
89163 175.29 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
89174 173.53 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
89185 173.75 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
89196 173.73 ms bzq-219-189-2.dsl.bezeqint.net (62.219.189.2)
89207 234.61 ms bzq-179-72-242.cust.bezeqint.net (212.179.72.242)
89218 257.34 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
89229 361.36 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
892310 472.82 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
892411 ...
892512 468.31 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
892613 444.90 ms 61.206.169.254
892714 450.26 ms 202.93.95.153
892815 442.89 ms 202.93.95.153
892916 446.65 ms 203.141.47.66
893017 461.59 ms 158.205.134.6
893118 470.17 ms 158.205.188.130
893219 454.38 ms 158.205.110.238
893320 449.73 ms 158.205.188.138
893421 442.16 ms 158.205.188.138
893522 462.09 ms 210.168.52.41
8936############################################################################################################################################
8937HTTP/1.1 200 OK
8938Date: Thu, 01 Aug 2019 23:51:59 GMT
8939Server: Apache
8940Last-Modified: Thu, 27 Jun 2019 07:43:03 GMT
8941ETag: "80003-9bd6-58c494fd32938"
8942Accept-Ranges: bytes
8943Content-Length: 39894
8944Content-Type: text/html
8945
8946HTTP/1.1 200 OK
8947Date: Thu, 01 Aug 2019 23:52:00 GMT
8948Server: Apache
8949Last-Modified: Thu, 27 Jun 2019 07:43:03 GMT
8950ETag: "80003-9bd6-58c494fd32938"
8951Accept-Ranges: bytes
8952Content-Length: 39894
8953Content-Type: text/html
8954########################################################################################################################################
8955Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:52 EDT
8956Nmap scan report for 210.168.52.41
8957Host is up.
8958
8959PORT STATE SERVICE VERSION
8960123/udp open|filtered ntp
8961Too many fingerprints match this host to give specific OS details
8962
8963TRACEROUTE (using proto 1/icmp)
8964HOP RTT ADDRESS
89651 172.06 ms 10.247.200.1
89662 173.02 ms 213.184.122.97
89673 172.12 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
89684 173.34 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
89695 236.00 ms bzq-219-189-154.dsl.bezeqint.net (62.219.189.154)
89706 225.66 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
89717 292.40 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
89728 354.03 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
89739 465.24 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
897410 ...
897511 451.30 ms 61.206.169.254
897612 450.98 ms 202.93.95.182
897713 450.89 ms 202.93.95.153
897814 454.30 ms 203.141.47.66
897915 448.01 ms 158.205.134.6
898016 452.46 ms 158.205.192.237
898117 456.15 ms 158.205.188.130
898218 448.66 ms 158.205.188.138
898319 452.85 ms 158.205.110.238
898420 ... 30
8985#########################################################################################################################################
8986Nmap scan report for 210.168.52.41
8987Host is up (0.41s latency).
8988
8989PORT STATE SERVICE VERSION
8990443/tcp open ssl/https?
8991|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
8992Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8993Device type: general purpose|firewall|WAP|webcam
8994Running (JUST GUESSING): Linux 2.6.X|2.4.X (89%), Fortinet embedded (87%), Tandberg embedded (85%)
8995OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6 cpe:/h:fortinet:fortianalyzer-400b cpe:/o:linux:linux_kernel:2.4 cpe:/h:tandberg:vcs
8996Aggressive OS guesses: Linux 2.6.32 (89%), Linux 2.6.32 - 2.6.35 (89%), Fortinet FortiAnalyzer-400B firewall (Linux 2.6) (87%), Linux 2.6.35 (86%), DD-WRT v24-sp1 (Linux 2.4) (85%), Tandberg VCS video conferencing system (85%)
8997No exact OS matches for host (test conditions non-ideal).
8998Network Distance: 20 hops
8999
9000TRACEROUTE (using port 443/tcp)
9001HOP RTT ADDRESS
90021 172.73 ms 10.247.200.1
90032 173.71 ms 213.184.122.97
90043 173.09 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
90054 175.59 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
90065 173.17 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
90076 238.37 ms bzq-179-72-242.cust.bezeqint.net (212.179.72.242)
90087 250.99 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
90098 292.84 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
90109 291.74 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
901110 353.92 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
901211 466.39 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
901312 471.17 ms 61.206.169.254
901413 445.49 ms 202.93.95.182
901514 455.55 ms 202.93.95.182
901615 459.72 ms 203.141.47.66
901716 458.51 ms 203.141.47.66
901817 445.93 ms 203.141.47.66
901918 470.40 ms 158.205.188.130
902019 464.10 ms 158.205.188.138
902120 443.45 ms 210.168.52.41
9022#######################################################################################################################################
9023Version: 1.11.13-static
9024OpenSSL 1.0.2-chacha (1.0.2g-dev)
9025
9026Connected to 210.168.52.41
9027
9028Testing SSL server 210.168.52.41 on port 443 using SNI name 210.168.52.41
9029
9030 TLS Fallback SCSV:
9031Server only supports TLSv1.0
9032
9033 TLS renegotiation:
9034Secure session renegotiation supported
9035
9036 TLS Compression:
9037Compression enabled (CRIME)
9038
9039 Heartbleed:
9040TLS 1.2 not vulnerable to heartbleed
9041TLS 1.1 not vulnerable to heartbleed
9042TLS 1.0 not vulnerable to heartbleed
9043
9044 Supported Server Cipher(s):
9045Preferred TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
9046Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
9047Accepted TLSv1.0 256 bits AES256-SHA
9048Accepted TLSv1.0 256 bits CAMELLIA256-SHA
9049Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
9050Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
9051Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
9052Accepted TLSv1.0 128 bits AES128-SHA
9053Accepted TLSv1.0 128 bits SEED-SHA
9054Accepted TLSv1.0 128 bits CAMELLIA128-SHA
9055Accepted TLSv1.0 128 bits RC4-SHA
9056Accepted TLSv1.0 128 bits RC4-MD5
9057Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
9058Accepted TLSv1.0 112 bits DES-CBC3-SHA
9059Accepted TLSv1.0 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
9060Accepted TLSv1.0 56 bits DES-CBC-SHA
9061Preferred SSLv3 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
9062Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
9063Accepted SSLv3 256 bits AES256-SHA
9064Accepted SSLv3 256 bits CAMELLIA256-SHA
9065Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
9066Accepted SSLv3 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
9067Accepted SSLv3 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
9068Accepted SSLv3 128 bits AES128-SHA
9069Accepted SSLv3 128 bits SEED-SHA
9070Accepted SSLv3 128 bits CAMELLIA128-SHA
9071Accepted SSLv3 128 bits RC4-SHA
9072Accepted SSLv3 128 bits RC4-MD5
9073Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
9074Accepted SSLv3 112 bits DES-CBC3-SHA
9075Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
9076Accepted SSLv3 56 bits DES-CBC-SHA
9077
9078 SSL Certificate:
9079Signature Algorithm: sha256WithRSAEncryption
9080RSA Key Strength: 2048
9081
9082Subject: www.logitem.co.jp
9083Altnames: DNS:www.logitem.co.jp, DNS:logitem.co.jp
9084Issuer: AlphaSSL CA - SHA256 - G2
9085
9086Not valid before: Feb 14 05:22:50 2019 GMT
9087Not valid after: Apr 5 01:47:59 2020 GMT
9088######################################################################################################################################
9089-+------------------------------------------------+----------+----------+
9090| App Name | URL to Application | Potential Exploit | Username | Password |
9091+-----------------+-----------------------------------+------------------------------------------------+----------+----------+
9092| Linksys WRT54GL | http://210.168.52.41:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
9093+-----------------+-----------------------------------+------------------------------------------------+----------+----------+
9094#######################################################################################################################################
9095Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 19:58 EDT
9096NSE: Loaded 45 scripts for scanning.
9097NSE: Script Pre-scanning.
9098NSE: Starting runlevel 1 (of 2) scan.
9099Initiating NSE at 19:58
9100Completed NSE at 19:58, 0.00s elapsed
9101NSE: Starting runlevel 2 (of 2) scan.
9102Initiating NSE at 19:58
9103Completed NSE at 19:58, 0.00s elapsed
9104Initiating Ping Scan at 19:58
9105Scanning 210.168.52.41 [4 ports]
9106Completed Ping Scan at 19:58, 0.52s elapsed (1 total hosts)
9107Initiating Parallel DNS resolution of 1 host. at 19:58
9108Completed Parallel DNS resolution of 1 host. at 19:58, 0.02s elapsed
9109Initiating Connect Scan at 19:58
9110Scanning 210.168.52.41 [65535 ports]
9111Discovered open port 443/tcp on 210.168.52.41
9112Discovered open port 80/tcp on 210.168.52.41
9113Connect Scan Timing: About 3.21% done; ETC: 20:15 (0:15:36 remaining)
9114Connect Scan Timing: About 18.17% done; ETC: 20:04 (0:04:35 remaining)
9115Connect Scan Timing: About 41.92% done; ETC: 20:02 (0:02:06 remaining)
9116Connect Scan Timing: About 69.69% done; ETC: 20:01 (0:00:53 remaining)
9117Completed Connect Scan at 20:01, 149.91s elapsed (65535 total ports)
9118Initiating Service scan at 20:01
9119Scanning 2 services on 210.168.52.41
9120Completed Service scan at 20:01, 14.93s elapsed (2 services on 1 host)
9121Initiating OS detection (try #1) against 210.168.52.41
9122Retrying OS detection (try #2) against 210.168.52.41
9123Initiating Traceroute at 20:01
9124Completed Traceroute at 20:01, 6.65s elapsed
9125Initiating Parallel DNS resolution of 18 hosts. at 20:01
9126Completed Parallel DNS resolution of 18 hosts. at 20:01, 1.02s elapsed
9127NSE: Script scanning 210.168.52.41.
9128NSE: Starting runlevel 1 (of 2) scan.
9129Initiating NSE at 20:01
9130Completed NSE at 20:02, 8.24s elapsed
9131NSE: Starting runlevel 2 (of 2) scan.
9132Initiating NSE at 20:02
9133Completed NSE at 20:02, 0.92s elapsed
9134Nmap scan report for 210.168.52.41
9135Host is up, received syn-ack ttl 41 (0.16s latency).
9136Scanned at 2019-08-01 19:58:55 EDT for 191s
9137Not shown: 65530 filtered ports
9138Reason: 65530 no-responses
9139PORT STATE SERVICE REASON VERSION
914025/tcp closed smtp conn-refused
914180/tcp open http syn-ack Apache httpd
9142|_http-server-header: Apache
9143| vulscan: VulDB - https://vuldb.com:
9144| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9145| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9146| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9147| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9148| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9149| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9150| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9151| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9152| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9153| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9154| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9155| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9156| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9157| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9158| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9159| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9160| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9161| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
9162| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9163| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9164| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
9165| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
9166| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
9167| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
9168| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9169| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9170| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
9171| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
9172| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
9173| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
9174| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9175| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
9176| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
9177| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
9178| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
9179| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
9180| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
9181| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
9182| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
9183| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9184| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9185| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9186| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9187| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9188| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9189| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9190| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9191| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9192| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9193| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9194| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9195| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9196| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9197| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9198| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9199| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9200| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9201| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9202| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9203| [130629] Apache Guacamole Cookie Flag weak encryption
9204| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9205| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9206| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9207| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9208| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9209| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9210| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9211| [130123] Apache Airflow up to 1.8.2 information disclosure
9212| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9213| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9214| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9215| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9216| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9217| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9218| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9219| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9220| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9221| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9222| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9223| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9224| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9225| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9226| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9227| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9228| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9229| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9230| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9231| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9232| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9233| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9234| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9235| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9236| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9237| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9238| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9239| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9240| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9241| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9242| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9243| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9244| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9245| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9246| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9247| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9248| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9249| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9250| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9251| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9252| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9253| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9254| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9255| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9256| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9257| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9258| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9259| [127007] Apache Spark Request Code Execution
9260| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9261| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9262| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9263| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9264| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9265| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9266| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9267| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9268| [126346] Apache Tomcat Path privilege escalation
9269| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9270| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9271| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9272| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9273| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9274| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9275| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9276| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9277| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9278| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9279| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9280| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9281| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9282| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9283| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9284| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9285| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9286| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9287| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9288| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9289| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9290| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9291| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9292| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9293| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9294| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9295| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9296| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9297| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9298| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9299| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9300| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9301| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9302| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9303| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9304| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9305| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9306| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9307| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9308| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9309| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9310| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9311| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9312| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9313| [123197] Apache Sentry up to 2.0.0 privilege escalation
9314| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9315| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9316| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9317| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9318| [122800] Apache Spark 1.3.0 REST API weak authentication
9319| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9320| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9321| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9322| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9323| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9324| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9325| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9326| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9327| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9328| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9329| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9330| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9331| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9332| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9333| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9334| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9335| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9336| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9337| [121354] Apache CouchDB HTTP API Code Execution
9338| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9339| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9340| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9341| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9342| [120168] Apache CXF weak authentication
9343| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9344| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9345| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9346| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9347| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9348| [119306] Apache MXNet Network Interface privilege escalation
9349| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9350| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9351| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9352| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9353| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9354| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9355| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9356| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9357| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9358| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9359| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9360| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9361| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9362| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9363| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9364| [117115] Apache Tika up to 1.17 tika-server command injection
9365| [116929] Apache Fineract getReportType Parameter privilege escalation
9366| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9367| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9368| [116926] Apache Fineract REST Hand Parameter privilege escalation
9369| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9370| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9371| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9372| [115883] Apache Hive up to 2.3.2 privilege escalation
9373| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9374| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9375| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9376| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9377| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9378| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9379| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9380| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9381| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9382| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9383| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9384| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9385| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9386| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9387| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9388| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9389| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9390| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9391| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9392| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9393| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9394| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9395| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9396| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9397| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9398| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9399| [113895] Apache Geode up to 1.3.x Code Execution
9400| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9401| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9402| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9403| [113747] Apache Tomcat Servlets privilege escalation
9404| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9405| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9406| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9407| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9408| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9409| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9410| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9411| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9412| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9413| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9414| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9415| [112885] Apache Allura up to 1.8.0 File information disclosure
9416| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9417| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9418| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9419| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9420| [112625] Apache POI up to 3.16 Loop denial of service
9421| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9422| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9423| [112339] Apache NiFi 1.5.0 Header privilege escalation
9424| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9425| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9426| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9427| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9428| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9429| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9430| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9431| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9432| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9433| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9434| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9435| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9436| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9437| [112114] Oracle 9.1 Apache Log4j privilege escalation
9438| [112113] Oracle 9.1 Apache Log4j privilege escalation
9439| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9440| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9441| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9442| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9443| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9444| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9445| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9446| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9447| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9448| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9449| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9450| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9451| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9452| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9453| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9454| [110701] Apache Fineract Query Parameter sql injection
9455| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9456| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9457| [110393] Apple macOS up to 10.13.2 apache information disclosure
9458| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9459| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9460| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
9461| [110106] Apache CXF Fediz Spring cross site request forgery
9462| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
9463| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
9464| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
9465| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
9466| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
9467| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
9468| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
9469| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
9470| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
9471| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
9472| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
9473| [108938] Apple macOS up to 10.13.1 apache denial of service
9474| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
9475| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
9476| [108935] Apple macOS up to 10.13.1 apache denial of service
9477| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
9478| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
9479| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
9480| [108931] Apple macOS up to 10.13.1 apache denial of service
9481| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
9482| [108929] Apple macOS up to 10.13.1 apache denial of service
9483| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
9484| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
9485| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
9486| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
9487| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
9488| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
9489| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
9490| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
9491| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
9492| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
9493| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
9494| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
9495| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
9496| [108782] Apache Xerces2 XML Service denial of service
9497| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
9498| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
9499| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
9500| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
9501| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
9502| [108629] Apache OFBiz up to 10.04.01 privilege escalation
9503| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
9504| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
9505| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
9506| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
9507| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
9508| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
9509| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
9510| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
9511| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
9512| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
9513| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
9514| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
9515| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
9516| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
9517| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9518| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
9519| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
9520| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9521| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
9522| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
9523| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
9524| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
9525| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
9526| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
9527| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
9528| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
9529| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
9530| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
9531| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
9532| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
9533| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
9534| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
9535| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
9536| [107639] Apache NiFi 1.4.0 XML External Entity
9537| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9538| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9539| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9540| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9541| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9542| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9543| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9544| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9545| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9546| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9547| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9548| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9549| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9550| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9551| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9552| [107084] Apache Struts up to 2.3.19 cross site scripting
9553| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9554| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9555| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9556| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9557| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9558| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9559| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9560| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9561| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9562| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9563| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9564| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9565| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9566| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9567| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9568| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9569| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9570| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9571| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9572| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9573| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9574| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9575| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9576| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9577| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9578| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9579| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9580| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9581| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9582| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9583| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9584| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9585| [105643] Apache Pony Mail up to 0.8b weak authentication
9586| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9587| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9588| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9589| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9590| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9591| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9592| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9593| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9594| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9595| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9596| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9597| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9598| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9599| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9600| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9601| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9602| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9603| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9604| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9605| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9606| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9607| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9608| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9609| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9610| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9611| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9612| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9613| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9614| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9615| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9616| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9617| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9618| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9619| [103690] Apache OpenMeetings 1.0.0 sql injection
9620| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9621| [103688] Apache OpenMeetings 1.0.0 weak encryption
9622| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9623| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9624| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9625| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9626| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9627| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9628| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9629| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9630| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9631| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9632| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9633| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9634| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9635| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9636| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9637| [103352] Apache Solr Node weak authentication
9638| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9639| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9640| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9641| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
9642| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9643| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9644| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9645| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9646| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9647| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9648| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9649| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9650| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9651| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9652| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9653| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9654| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9655| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9656| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9657| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
9658| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9659| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9660| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9661| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9662| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9663| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9664| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9665| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9666| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9667| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9668| [99937] Apache Batik up to 1.8 privilege escalation
9669| [99936] Apache FOP up to 2.1 privilege escalation
9670| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9671| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9672| [99930] Apache Traffic Server up to 6.2.0 denial of service
9673| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9674| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9675| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9676| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9677| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9678| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9679| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9680| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9681| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9682| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9683| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9684| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9685| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9686| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9687| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9688| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9689| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9690| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9691| [98605] Apple macOS up to 10.12.3 Apache denial of service
9692| [98604] Apple macOS up to 10.12.3 Apache denial of service
9693| [98603] Apple macOS up to 10.12.3 Apache denial of service
9694| [98602] Apple macOS up to 10.12.3 Apache denial of service
9695| [98601] Apple macOS up to 10.12.3 Apache denial of service
9696| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9697| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9698| [98199] Apache Camel Validation XML External Entity
9699| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9700| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9701| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9702| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9703| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9704| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9705| [97081] Apache Tomcat HTTPS Request denial of service
9706| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9707| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9708| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9709| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9710| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9711| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9712| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9713| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9714| [95311] Apache storm UI Daemon privilege escalation
9715| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9716| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9717| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9718| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9719| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9720| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9721| [94540] Apache Tika 1.9 tika-server File information disclosure
9722| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9723| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9724| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9725| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9726| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9727| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9728| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9729| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9730| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9731| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9732| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9733| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9734| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9735| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9736| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9737| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9738| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9739| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9740| [93532] Apache Commons Collections Library Java privilege escalation
9741| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9742| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9743| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9744| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9745| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9746| [93098] Apache Commons FileUpload privilege escalation
9747| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9748| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9749| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9750| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9751| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9752| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9753| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9754| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9755| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9756| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9757| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9758| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9759| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9760| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9761| [92549] Apache Tomcat on Red Hat privilege escalation
9762| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9763| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9764| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9765| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9766| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9767| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9768| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9769| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9770| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9771| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9772| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9773| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9774| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9775| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9776| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9777| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9778| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9779| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9780| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9781| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9782| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9783| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9784| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9785| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9786| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9787| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9788| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9789| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9790| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9791| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9792| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9793| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9794| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9795| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9796| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9797| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9798| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9799| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9800| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9801| [90263] Apache Archiva Header denial of service
9802| [90262] Apache Archiva Deserialize privilege escalation
9803| [90261] Apache Archiva XML DTD Connection privilege escalation
9804| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9805| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9806| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9807| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9808| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9809| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9810| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9811| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9812| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9813| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9814| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9815| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9816| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9817| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9818| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9819| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9820| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9821| [87765] Apache James Server 2.3.2 Command privilege escalation
9822| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9823| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9824| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9825| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9826| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9827| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9828| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9829| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9830| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9831| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9832| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9833| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9834| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9835| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9836| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9837| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9838| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9839| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
9840| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9841| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9842| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9843| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9844| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9845| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9846| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9847| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9848| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9849| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9850| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9851| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9852| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9853| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9854| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9855| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9856| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9857| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9858| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9859| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9860| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9861| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9862| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9863| [82076] Apache Ranger up to 0.5.1 privilege escalation
9864| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9865| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9866| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9867| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9868| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9869| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9870| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9871| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9872| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9873| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9874| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9875| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9876| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9877| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9878| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9879| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9880| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9881| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9882| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9883| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9884| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9885| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9886| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9887| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9888| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9889| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9890| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9891| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9892| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9893| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9894| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9895| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9896| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9897| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9898| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9899| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9900| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9901| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9902| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9903| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9904| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9905| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9906| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9907| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9908| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9909| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9910| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9911| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9912| [78989] Apache Ambari up to 2.1.1 Open Redirect
9913| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9914| [78987] Apache Ambari up to 2.0.x cross site scripting
9915| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9916| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9917| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9918| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9919| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9920| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9921| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9922| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9923| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9924| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9925| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9926| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9927| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9928| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9929| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9930| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9931| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9932| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9933| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9934| [76567] Apache Struts 2.3.20 unknown vulnerability
9935| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9936| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9937| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9938| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9939| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9940| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9941| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9942| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9943| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9944| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9945| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9946| [74793] Apache Tomcat File Upload denial of service
9947| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9948| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9949| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9950| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9951| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9952| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9953| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9954| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9955| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9956| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9957| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9958| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9959| [74468] Apache Batik up to 1.6 denial of service
9960| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9961| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9962| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9963| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9964| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9965| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9966| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9967| [73731] Apache XML Security unknown vulnerability
9968| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9969| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9970| [73593] Apache Traffic Server up to 5.1.0 denial of service
9971| [73511] Apache POI up to 3.10 Deadlock denial of service
9972| [73510] Apache Solr up to 4.3.0 cross site scripting
9973| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9974| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9975| [73173] Apache CloudStack Stack-Based unknown vulnerability
9976| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9977| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9978| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9979| [72890] Apache Qpid 0.30 unknown vulnerability
9980| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9981| [72878] Apache Cordova 3.5.0 cross site request forgery
9982| [72877] Apache Cordova 3.5.0 cross site request forgery
9983| [72876] Apache Cordova 3.5.0 cross site request forgery
9984| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9985| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9986| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9987| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9988| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9989| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9990| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9991| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9992| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9993| [71629] Apache Axis2/C spoofing
9994| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9995| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9996| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9997| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9998| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9999| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10000| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10001| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10002| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10003| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10004| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10005| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10006| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10007| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10008| [70809] Apache POI up to 3.11 Crash denial of service
10009| [70808] Apache POI up to 3.10 unknown vulnerability
10010| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10011| [70749] Apache Axis up to 1.4 getCN spoofing
10012| [70701] Apache Traffic Server up to 3.3.5 denial of service
10013| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10014| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10015| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10016| [70661] Apache Subversion up to 1.6.17 denial of service
10017| [70660] Apache Subversion up to 1.6.17 spoofing
10018| [70659] Apache Subversion up to 1.6.17 spoofing
10019| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10020| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10021| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10022| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10023| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10024| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10025| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10026| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10027| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10028| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10029| [69846] Apache HBase up to 0.94.8 information disclosure
10030| [69783] Apache CouchDB up to 1.2.0 memory corruption
10031| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10032| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
10033| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10034| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10035| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10036| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10037| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10038| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10039| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10040| [69431] Apache Archiva up to 1.3.6 cross site scripting
10041| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10042| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10043| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
10044| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10045| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10046| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10047| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10048| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10049| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10050| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10051| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10052| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10053| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10054| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10055| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10056| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10057| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10058| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10059| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10060| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10061| [66356] Apache Wicket up to 6.8.0 information disclosure
10062| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10063| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10064| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10065| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10066| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10067| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10068| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10069| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10070| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10071| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10072| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10073| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10074| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10075| [65668] Apache Solr 4.0.0 Updater denial of service
10076| [65665] Apache Solr up to 4.3.0 denial of service
10077| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10078| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10079| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10080| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10081| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10082| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10083| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10084| [65410] Apache Struts 2.3.15.3 cross site scripting
10085| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10086| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10087| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10088| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10089| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10090| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10091| [65340] Apache Shindig 2.5.0 information disclosure
10092| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10093| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10094| [10826] Apache Struts 2 File privilege escalation
10095| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10096| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10097| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10098| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10099| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
10100| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10101| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10102| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10103| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10104| [64722] Apache XML Security for C++ Heap-based memory corruption
10105| [64719] Apache XML Security for C++ Heap-based memory corruption
10106| [64718] Apache XML Security for C++ verify denial of service
10107| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10108| [64716] Apache XML Security for C++ spoofing
10109| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10110| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10111| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10112| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10113| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10114| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10115| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10116| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10117| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10118| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10119| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10120| [64467] Apache Geronimo 3.0 memory corruption
10121| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10122| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10123| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10124| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10125| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10126| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10127| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10128| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10129| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10130| [8873] Apache Struts 2.3.14 privilege escalation
10131| [8872] Apache Struts 2.3.14 privilege escalation
10132| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10133| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10134| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10135| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10136| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10137| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10138| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10139| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10140| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10141| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10142| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10143| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10144| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10145| [8427] Apache Tomcat Session Transaction weak authentication
10146| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10147| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10148| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10149| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10150| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10151| [63747] Apache Rave up to 0.20 User Account information disclosure
10152| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10153| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10154| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10155| [7687] Apache CXF up to 2.7.2 Token weak authentication
10156| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10157| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10158| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10159| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10160| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10161| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10162| [63090] Apache Tomcat up to 4.1.24 denial of service
10163| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10164| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10165| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10166| [62833] Apache CXF -/2.6.0 spoofing
10167| [62832] Apache Axis2 up to 1.6.2 spoofing
10168| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10169| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10170| [62826] Apache Libcloud up to 0.11.0 spoofing
10171| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10172| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10173| [62661] Apache Axis2 unknown vulnerability
10174| [62658] Apache Axis2 unknown vulnerability
10175| [62467] Apache Qpid up to 0.17 denial of service
10176| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10177| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10178| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10179| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10180| [62035] Apache Struts up to 2.3.4 denial of service
10181| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
10182| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10183| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10184| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10185| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10186| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10187| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10188| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10189| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10190| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10191| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10192| [61229] Apache Sling up to 2.1.1 denial of service
10193| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10194| [61094] Apache Roller up to 5.0 cross site scripting
10195| [61093] Apache Roller up to 5.0 cross site request forgery
10196| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10197| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10198| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
10199| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10200| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10201| [60708] Apache Qpid 0.12 unknown vulnerability
10202| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10203| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10204| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10205| [4882] Apache Wicket up to 1.5.4 directory traversal
10206| [4881] Apache Wicket up to 1.4.19 cross site scripting
10207| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10208| [60352] Apache Struts up to 2.2.3 memory corruption
10209| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10210| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10211| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10212| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10213| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10214| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10215| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10216| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10217| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10218| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10219| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10220| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10221| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10222| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10223| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10224| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10225| [59888] Apache Tomcat up to 6.0.6 denial of service
10226| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10227| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10228| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
10229| [59850] Apache Geronimo up to 2.2.1 denial of service
10230| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10231| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10232| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10233| [58413] Apache Tomcat up to 6.0.10 spoofing
10234| [58381] Apache Wicket up to 1.4.17 cross site scripting
10235| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10236| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10237| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10238| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10239| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10240| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10241| [57568] Apache Archiva up to 1.3.4 cross site scripting
10242| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10243| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10244| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10245| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10246| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10247| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10248| [57025] Apache Tomcat up to 7.0.11 information disclosure
10249| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10250| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10251| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10252| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10253| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10254| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10255| [56512] Apache Continuum up to 1.4.0 cross site scripting
10256| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
10257| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
10258| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10259| [56441] Apache Tomcat up to 7.0.6 denial of service
10260| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10261| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10262| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10263| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10264| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10265| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10266| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10267| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10268| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10269| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10270| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10271| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10272| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10273| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10274| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10275| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10276| [54012] Apache Tomcat up to 6.0.10 denial of service
10277| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10278| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10279| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10280| [52894] Apache Tomcat up to 6.0.7 information disclosure
10281| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10282| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10283| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10284| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10285| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10286| [52584] Apache CouchDB up to 0.10.1 information disclosure
10287| [51757] Apache HTTP Server 2.0.44 cross site scripting
10288| [51756] Apache HTTP Server 2.0.44 spoofing
10289| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10290| [51690] Apache Tomcat up to 6.0 directory traversal
10291| [51689] Apache Tomcat up to 6.0 information disclosure
10292| [51688] Apache Tomcat up to 6.0 directory traversal
10293| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10294| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10295| [50626] Apache Solr 1.0.0 cross site scripting
10296| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10297| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10298| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10299| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10300| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10301| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10302| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10303| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10304| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10305| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10306| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10307| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10308| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10309| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
10310| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10311| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10312| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10313| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10314| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10315| [47214] Apachefriends xampp 1.6.8 spoofing
10316| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10317| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10318| [47065] Apache Tomcat 4.1.23 cross site scripting
10319| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10320| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10321| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10322| [86625] Apache Struts directory traversal
10323| [44461] Apache Tomcat up to 5.5.0 information disclosure
10324| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10325| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10326| [43663] Apache Tomcat up to 6.0.16 directory traversal
10327| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10328| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10329| [43516] Apache Tomcat up to 4.1.20 directory traversal
10330| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10331| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10332| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10333| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10334| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10335| [40924] Apache Tomcat up to 6.0.15 information disclosure
10336| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10337| [40922] Apache Tomcat up to 6.0 information disclosure
10338| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10339| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10340| [40656] Apache Tomcat 5.5.20 information disclosure
10341| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10342| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10343| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10344| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10345| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10346| [40234] Apache Tomcat up to 6.0.15 directory traversal
10347| [40221] Apache HTTP Server 2.2.6 information disclosure
10348| [40027] David Castro Apache Authcas 0.4 sql injection
10349| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
10350| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10351| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
10352| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10353| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10354| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10355| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10356| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10357| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10358| [38524] Apache Geronimo 2.0 unknown vulnerability
10359| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10360| [38331] Apache Tomcat 4.1.24 information disclosure
10361| [38330] Apache Tomcat 4.1.24 information disclosure
10362| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10363| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10364| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10365| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10366| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10367| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10368| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10369| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10370| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10371| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10372| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10373| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10374| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10375| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10376| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10377| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10378| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10379| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10380| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10381| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10382| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10383| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10384| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10385| [34252] Apache HTTP Server denial of service
10386| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10387| [33877] Apache Opentaps 0.9.3 cross site scripting
10388| [33876] Apache Open For Business Project unknown vulnerability
10389| [33875] Apache Open For Business Project cross site scripting
10390| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
10391| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10392| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
10393| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
10394| [31663] vbPortal Apache HTTP Server index.php directory traversal
10395| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
10396| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
10397| [30623] Apache James 2.2.0 SMTP Server denial of service
10398| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
10399|
10400| MITRE CVE - https://cve.mitre.org:
10401| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10402| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10403| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10404| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10405| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10406| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10407| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10408| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10409| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10410| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10411| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10412| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10413| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10414| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10415| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10416| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10417| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10418| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10419| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10420| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10421| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10422| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10423| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10424| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10425| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10426| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10427| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10428| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10429| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10430| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10431| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10432| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10433| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10434| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10435| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10436| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10437| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10438| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10439| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10440| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10441| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10442| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10443| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10444| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10445| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10446| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10447| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10448| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10449| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10450| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10451| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10452| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10453| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10454| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10455| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10456| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10457| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10458| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10459| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10460| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10461| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10462| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10463| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10464| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10465| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10466| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10467| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10468| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10469| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10470| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10471| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10472| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
10473| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
10474| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
10475| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
10476| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
10477| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
10478| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
10479| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
10480| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
10481| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
10482| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10483| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
10484| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
10485| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
10486| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
10487| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
10488| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
10489| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
10490| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
10491| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
10492| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
10493| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
10494| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
10495| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
10496| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
10497| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
10498| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
10499| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
10500| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
10501| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
10502| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
10503| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
10504| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
10505| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
10506| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
10507| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
10508| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
10509| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
10510| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
10511| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
10512| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
10513| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
10514| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
10515| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
10516| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
10517| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
10518| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
10519| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
10520| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
10521| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
10522| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
10523| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
10524| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
10525| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10526| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10527| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
10528| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
10529| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
10530| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
10531| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
10532| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
10533| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
10534| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
10535| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
10536| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
10537| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
10538| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
10539| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
10540| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
10541| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
10542| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
10543| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10544| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10545| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10546| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10547| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10548| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10549| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10550| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10551| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10552| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10553| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10554| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10555| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10556| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10557| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10558| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10559| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10560| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10561| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10562| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10563| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10564| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10565| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10566| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10567| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10568| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10569| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10570| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10571| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10572| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10573| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10574| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10575| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10576| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10577| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10578| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10579| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10580| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10581| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10582| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10583| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10584| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10585| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10586| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10587| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10588| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10589| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10590| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10591| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10592| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10593| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10594| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10595| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10596| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10597| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10598| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10599| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10600| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10601| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10602| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10603| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10604| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10605| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10606| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10607| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10608| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10609| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10610| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10611| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10612| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10613| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10614| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10615| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10616| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10617| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10618| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10619| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10620| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10621| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10622| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10623| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10624| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10625| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10626| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10627| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10628| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10629| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10630| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10631| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10632| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10633| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10634| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10635| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10636| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10637| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10638| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10639| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10640| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10641| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10642| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10643| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10644| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10645| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10646| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10647| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10648| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10649| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10650| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10651| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10652| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10653| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10654| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10655| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10656| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10657| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10658| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10659| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10660| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10661| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10662| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10663| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10664| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10665| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10666| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10667| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10668| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10669| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10670| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10671| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10672| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10673| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10674| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10675| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10676| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10677| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10678| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10679| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10680| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10681| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10682| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10683| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10684| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10685| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10686| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10687| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10688| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10689| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10690| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10691| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10692| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10693| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10694| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10695| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10696| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10697| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10698| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10699| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10700| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10701| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10702| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10703| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10704| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10705| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10706| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10707| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10708| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10709| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10710| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10711| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10712| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10713| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10714| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10715| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10716| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10717| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10718| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10719| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10720| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10721| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10722| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10723| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10724| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10725| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10726| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10727| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10728| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10729| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10730| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10731| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10732| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10733| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10734| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10735| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10736| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10737| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10738| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10739| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10740| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10741| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10742| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10743| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10744| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10745| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10746| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10747| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10748| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10749| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10750| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10751| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10752| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10753| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10754| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10755| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10756| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10757| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10758| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10759| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10760| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10761| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10762| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10763| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10764| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10765| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10766| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10767| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10768| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10769| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10770| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10771| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10772| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10773| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10774| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10775| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10776| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10777| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10778| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10779| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10780| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10781| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10782| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10783| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10784| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10785| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10786| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10787| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10788| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10789| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10790| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10791| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10792| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10793| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10794| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10795| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10796| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10797| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10798| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10799| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10800| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10801| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10802| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10803| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10804| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10805| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10806| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10807| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10808| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10809| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10810| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10811| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10812| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10813| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10814| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10815| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10816| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10817| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10818| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10819| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10820| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10821| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10822| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10823| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10824| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10825| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10826| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10827| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10828| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10829| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10830| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10831| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10832| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10833| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10834| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10835| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10836| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10837| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10838| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10839| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10840| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10841| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10842| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10843| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10844| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10845| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10846| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10847| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10848| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10849| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10850| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10851| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10852| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10853| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10854| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10855| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10856| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10857| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10858| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10859| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10860| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10861| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10862| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10863| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10864| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10865| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10866| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10867| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10868| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10869| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10870| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10871| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10872| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10873| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10874| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10875| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10876| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10877| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10878| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10879| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10880| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10881| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10882| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10883| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10884| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10885| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10886| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10887| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10888| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10889| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10890| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10891| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10892| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10893| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10894| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10895| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10896| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10897| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10898| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10899| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10900| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10901| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10902| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10903| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10904| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10905| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10906| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10907| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10908| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10909| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10910| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10911| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10912| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10913| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10914| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10915| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10916| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10917| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10918| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10919| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10920| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10921| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10922| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10923| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10924| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10925| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10926| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10927| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10928| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10929| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10930| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10931| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10932| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10933| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10934| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10935| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10936| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10937| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10938| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10939| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10940| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10941| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10942| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10943| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10944| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10945| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10946| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10947| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10948| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10949| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10950| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10951| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10952| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10953| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10954| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10955| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10956| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10957| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10958| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10959| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10960| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10961| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10962| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10963| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10964| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10965| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10966| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10967| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10968| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10969| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10970| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10971| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10972| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10973| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10974| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10975| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10976| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10977| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10978| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10979| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10980| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10981| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10982| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10983| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10984| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10985| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10986| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10987| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10988| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10989| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10990| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10991| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10992| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10993| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10994| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10995| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10996| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10997| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10998| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10999| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11000| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11001| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11002| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11003| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11004| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11005| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11006| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11007| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11008| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11009| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11010|
11011| SecurityFocus - https://www.securityfocus.com/bid/:
11012| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11013| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11014| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11015| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11016| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11017| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11018| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11019| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11020| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11021| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11022| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11023| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11024| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11025| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11026| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11027| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11028| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11029| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11030| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11031| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11032| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11033| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11034| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11035| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11036| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11037| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11038| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11039| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11040| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11041| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11042| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11043| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11044| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11045| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11046| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11047| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11048| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11049| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11050| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11051| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11052| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11053| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11054| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11055| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11056| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11057| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11058| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11059| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11060| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11061| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11062| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11063| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11064| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11065| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11066| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11067| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11068| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11069| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11070| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11071| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
11072| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11073| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11074| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11075| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11076| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11077| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11078| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11079| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11080| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11081| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11082| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11083| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11084| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11085| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11086| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11087| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11088| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11089| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11090| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11091| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11092| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11093| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11094| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11095| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
11096| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11097| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11098| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11099| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11100| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11101| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11102| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11103| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11104| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11105| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11106| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11107| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11108| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11109| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11110| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11111| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11112| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11113| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11114| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11115| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11116| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11117| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11118| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11119| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11120| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11121| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11122| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11123| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11124| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11125| [100447] Apache2Triad Multiple Security Vulnerabilities
11126| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11127| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11128| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11129| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11130| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11131| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11132| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11133| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11134| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11135| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11136| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11137| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11138| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11139| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11140| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11141| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11142| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11143| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11144| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11145| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11146| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11147| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11148| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11149| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11150| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11151| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11152| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11153| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11154| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11155| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11156| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11157| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11158| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11159| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11160| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11161| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11162| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11163| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11164| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11165| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11166| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11167| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11168| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11169| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11170| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11171| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11172| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11173| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11174| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11175| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11176| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11177| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11178| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11179| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11180| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11181| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11182| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11183| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11184| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11185| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11186| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11187| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11188| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11189| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11190| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11191| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11192| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11193| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11194| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11195| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11196| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11197| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11198| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11199| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11200| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11201| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11202| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11203| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11204| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11205| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11206| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11207| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11208| [95675] Apache Struts Remote Code Execution Vulnerability
11209| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11210| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11211| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11212| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11213| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11214| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11215| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11216| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11217| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11218| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11219| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11220| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11221| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11222| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11223| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11224| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11225| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11226| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11227| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11228| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11229| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11230| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11231| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11232| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11233| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11234| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11235| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11236| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11237| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11238| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11239| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11240| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11241| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11242| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11243| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11244| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11245| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11246| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11247| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11248| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11249| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11250| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11251| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11252| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11253| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11254| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11255| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11256| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11257| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11258| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11259| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11260| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11261| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11262| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11263| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11264| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11265| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11266| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11267| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11268| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11269| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11270| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11271| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11272| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11273| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11274| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11275| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11276| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11277| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11278| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11279| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11280| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11281| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11282| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11283| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11284| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11285| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11286| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11287| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11288| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11289| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11290| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11291| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11292| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11293| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11294| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11295| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11296| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11297| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11298| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11299| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11300| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11301| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11302| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11303| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11304| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11305| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11306| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11307| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11308| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11309| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11310| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11311| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11312| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11313| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11314| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11315| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11316| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11317| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11318| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11319| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11320| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11321| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11322| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11323| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11324| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11325| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11326| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11327| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11328| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11329| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11330| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11331| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11332| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11333| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11334| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11335| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11336| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11337| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11338| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11339| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11340| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11341| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11342| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11343| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11344| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11345| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11346| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11347| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11348| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11349| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11350| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11351| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11352| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11353| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11354| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11355| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11356| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11357| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11358| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11359| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11360| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11361| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11362| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11363| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11364| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11365| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11366| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11367| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11368| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11369| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11370| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11371| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11372| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11373| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11374| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11375| [76933] Apache James Server Unspecified Command Execution Vulnerability
11376| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11377| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11378| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11379| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11380| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11381| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11382| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11383| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11384| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11385| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11386| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11387| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11388| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11389| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11390| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11391| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11392| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11393| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11394| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11395| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11396| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11397| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11398| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11399| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11400| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11401| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11402| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11403| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11404| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11405| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11406| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11407| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11408| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11409| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11410| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11411| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11412| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11413| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11414| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11415| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11416| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11417| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11418| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11419| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11420| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11421| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11422| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11423| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11424| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11425| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11426| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11427| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11428| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11429| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11430| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11431| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11432| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11433| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11434| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11435| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11436| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11437| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11438| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11439| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11440| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11441| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11442| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11443| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11444| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11445| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11446| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11447| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11448| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11449| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11450| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11451| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11452| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11453| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11454| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11455| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11456| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11457| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11458| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11459| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11460| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11461| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11462| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11463| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11464| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11465| [68229] Apache Harmony PRNG Entropy Weakness
11466| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11467| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11468| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11469| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11470| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11471| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11472| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
11473| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
11474| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
11475| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
11476| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
11477| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
11478| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
11479| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
11480| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
11481| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
11482| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
11483| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
11484| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
11485| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
11486| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
11487| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
11488| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
11489| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
11490| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
11491| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
11492| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
11493| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
11494| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
11495| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
11496| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
11497| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
11498| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
11499| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
11500| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
11501| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
11502| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
11503| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
11504| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
11505| [64780] Apache CloudStack Unauthorized Access Vulnerability
11506| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
11507| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
11508| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
11509| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
11510| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
11511| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
11512| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
11513| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
11514| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
11515| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
11516| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
11517| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11518| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
11519| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
11520| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
11521| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
11522| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
11523| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
11524| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
11525| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
11526| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
11527| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
11528| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
11529| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
11530| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
11531| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
11532| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
11533| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
11534| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
11535| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
11536| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
11537| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
11538| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
11539| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
11540| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
11541| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
11542| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
11543| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11544| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11545| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11546| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11547| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11548| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11549| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11550| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11551| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11552| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11553| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11554| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11555| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11556| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11557| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11558| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11559| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11560| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11561| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11562| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11563| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11564| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11565| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11566| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11567| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11568| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11569| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11570| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11571| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11572| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11573| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11574| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11575| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11576| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11577| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11578| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11579| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11580| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11581| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11582| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11583| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11584| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11585| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11586| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11587| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11588| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11589| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11590| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11591| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11592| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11593| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11594| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11595| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11596| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11597| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11598| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11599| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11600| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11601| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11602| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11603| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11604| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11605| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11606| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11607| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11608| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11609| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11610| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11611| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11612| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11613| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11614| [54798] Apache Libcloud Man In The Middle Vulnerability
11615| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11616| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11617| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11618| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11619| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11620| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11621| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11622| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11623| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11624| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11625| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11626| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11627| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11628| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11629| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11630| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11631| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11632| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11633| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11634| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11635| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11636| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11637| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11638| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11639| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11640| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11641| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11642| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11643| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11644| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11645| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11646| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11647| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11648| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11649| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11650| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11651| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11652| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11653| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11654| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11655| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11656| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11657| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11658| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11659| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11660| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11661| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11662| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11663| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11664| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11665| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11666| [49290] Apache Wicket Cross Site Scripting Vulnerability
11667| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11668| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11669| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11670| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11671| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11672| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11673| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11674| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11675| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11676| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11677| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11678| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11679| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11680| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11681| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11682| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11683| [46953] Apache MPM-ITK Module Security Weakness
11684| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11685| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11686| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11687| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11688| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11689| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11690| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11691| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11692| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11693| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11694| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11695| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11696| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11697| [44616] Apache Shiro Directory Traversal Vulnerability
11698| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11699| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11700| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11701| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11702| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11703| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11704| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11705| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11706| [42492] Apache CXF XML DTD Processing Security Vulnerability
11707| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11708| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11709| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11710| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11711| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11712| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11713| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11714| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11715| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11716| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11717| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11718| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11719| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11720| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11721| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11722| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11723| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11724| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11725| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11726| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11727| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11728| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11729| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11730| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11731| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11732| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11733| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11734| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11735| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11736| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11737| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11738| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11739| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11740| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11741| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11742| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11743| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11744| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11745| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11746| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11747| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11748| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11749| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11750| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11751| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11752| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11753| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11754| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11755| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11756| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11757| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11758| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11759| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11760| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11761| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11762| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11763| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11764| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11765| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11766| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11767| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11768| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11769| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11770| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11771| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11772| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11773| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11774| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11775| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11776| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11777| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11778| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11779| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11780| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11781| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11782| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11783| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11784| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11785| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11786| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11787| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11788| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11789| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11790| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11791| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11792| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11793| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11794| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11795| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11796| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11797| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11798| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11799| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11800| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11801| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11802| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11803| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11804| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11805| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11806| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11807| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11808| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11809| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11810| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11811| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11812| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11813| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11814| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11815| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11816| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11817| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11818| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11819| [20527] Apache Mod_TCL Remote Format String Vulnerability
11820| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11821| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11822| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11823| [19106] Apache Tomcat Information Disclosure Vulnerability
11824| [18138] Apache James SMTP Denial Of Service Vulnerability
11825| [17342] Apache Struts Multiple Remote Vulnerabilities
11826| [17095] Apache Log4Net Denial Of Service Vulnerability
11827| [16916] Apache mod_python FileSession Code Execution Vulnerability
11828| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11829| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11830| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11831| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11832| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11833| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11834| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11835| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11836| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11837| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11838| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11839| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11840| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11841| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11842| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11843| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11844| [14106] Apache HTTP Request Smuggling Vulnerability
11845| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11846| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11847| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11848| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11849| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11850| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11851| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11852| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11853| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11854| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11855| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11856| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11857| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11858| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11859| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11860| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11861| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11862| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11863| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11864| [11094] Apache mod_ssl Denial Of Service Vulnerability
11865| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11866| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11867| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11868| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11869| [10478] ClueCentral Apache Suexec Patch Security Weakness
11870| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11871| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11872| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11873| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11874| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11875| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11876| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11877| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11878| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11879| [9733] Apache Cygwin Directory Traversal Vulnerability
11880| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11881| [9590] Apache-SSL Client Certificate Forging Vulnerability
11882| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11883| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11884| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11885| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11886| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11887| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11888| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11889| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11890| [8898] Red Hat Apache Directory Index Default Configuration Error
11891| [8883] Apache Cocoon Directory Traversal Vulnerability
11892| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11893| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11894| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11895| [8707] Apache htpasswd Password Entropy Weakness
11896| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11897| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11898| [8226] Apache HTTP Server Multiple Vulnerabilities
11899| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11900| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11901| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11902| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11903| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11904| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11905| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11906| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11907| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11908| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11909| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11910| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11911| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11912| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11913| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11914| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11915| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11916| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11917| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11918| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11919| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11920| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11921| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11922| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11923| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11924| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11925| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11926| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11927| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11928| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11929| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11930| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11931| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11932| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11933| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11934| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11935| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11936| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11937| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11938| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11939| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11940| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11941| [5485] Apache 2.0 Path Disclosure Vulnerability
11942| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11943| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11944| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11945| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11946| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11947| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11948| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11949| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11950| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11951| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11952| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11953| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11954| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11955| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11956| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11957| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11958| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11959| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11960| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11961| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11962| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11963| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11964| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11965| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11966| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11967| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11968| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11969| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11970| [3596] Apache Split-Logfile File Append Vulnerability
11971| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11972| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11973| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11974| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11975| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11976| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11977| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11978| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11979| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11980| [3169] Apache Server Address Disclosure Vulnerability
11981| [3009] Apache Possible Directory Index Disclosure Vulnerability
11982| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11983| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11984| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11985| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11986| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11987| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11988| [2216] Apache Web Server DoS Vulnerability
11989| [2182] Apache /tmp File Race Vulnerability
11990| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11991| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11992| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11993| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11994| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11995| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11996| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11997| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11998| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11999| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12000| [1457] Apache::ASP source.asp Example Script Vulnerability
12001| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12002| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12003|
12004| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12005| [86258] Apache CloudStack text fields cross-site scripting
12006| [85983] Apache Subversion mod_dav_svn module denial of service
12007| [85875] Apache OFBiz UEL code execution
12008| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12009| [85871] Apache HTTP Server mod_session_dbd unspecified
12010| [85756] Apache Struts OGNL expression command execution
12011| [85755] Apache Struts DefaultActionMapper class open redirect
12012| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12013| [85574] Apache HTTP Server mod_dav denial of service
12014| [85573] Apache Struts Showcase App OGNL code execution
12015| [85496] Apache CXF denial of service
12016| [85423] Apache Geronimo RMI classloader code execution
12017| [85326] Apache Santuario XML Security for C++ buffer overflow
12018| [85323] Apache Santuario XML Security for Java spoofing
12019| [85319] Apache Qpid Python client SSL spoofing
12020| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12021| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12022| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12023| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12024| [84952] Apache Tomcat CVE-2012-3544 denial of service
12025| [84763] Apache Struts CVE-2013-2135 security bypass
12026| [84762] Apache Struts CVE-2013-2134 security bypass
12027| [84719] Apache Subversion CVE-2013-2088 command execution
12028| [84718] Apache Subversion CVE-2013-2112 denial of service
12029| [84717] Apache Subversion CVE-2013-1968 denial of service
12030| [84577] Apache Tomcat security bypass
12031| [84576] Apache Tomcat symlink
12032| [84543] Apache Struts CVE-2013-2115 security bypass
12033| [84542] Apache Struts CVE-2013-1966 security bypass
12034| [84154] Apache Tomcat session hijacking
12035| [84144] Apache Tomcat denial of service
12036| [84143] Apache Tomcat information disclosure
12037| [84111] Apache HTTP Server command execution
12038| [84043] Apache Virtual Computing Lab cross-site scripting
12039| [84042] Apache Virtual Computing Lab cross-site scripting
12040| [83782] Apache CloudStack information disclosure
12041| [83781] Apache CloudStack security bypass
12042| [83720] Apache ActiveMQ cross-site scripting
12043| [83719] Apache ActiveMQ denial of service
12044| [83718] Apache ActiveMQ denial of service
12045| [83263] Apache Subversion denial of service
12046| [83262] Apache Subversion denial of service
12047| [83261] Apache Subversion denial of service
12048| [83259] Apache Subversion denial of service
12049| [83035] Apache mod_ruid2 security bypass
12050| [82852] Apache Qpid federation_tag security bypass
12051| [82851] Apache Qpid qpid::framing::Buffer denial of service
12052| [82758] Apache Rave User RPC API information disclosure
12053| [82663] Apache Subversion svn_fs_file_length() denial of service
12054| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12055| [82641] Apache Qpid AMQP denial of service
12056| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
12057| [82618] Apache Commons FileUpload symlink
12058| [82360] Apache HTTP Server manager interface cross-site scripting
12059| [82359] Apache HTTP Server hostnames cross-site scripting
12060| [82338] Apache Tomcat log/logdir information disclosure
12061| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12062| [82268] Apache OpenJPA deserialization command execution
12063| [81981] Apache CXF UsernameTokens security bypass
12064| [81980] Apache CXF WS-Security security bypass
12065| [81398] Apache OFBiz cross-site scripting
12066| [81240] Apache CouchDB directory traversal
12067| [81226] Apache CouchDB JSONP code execution
12068| [81225] Apache CouchDB Futon user interface cross-site scripting
12069| [81211] Apache Axis2/C SSL spoofing
12070| [81167] Apache CloudStack DeployVM information disclosure
12071| [81166] Apache CloudStack AddHost API information disclosure
12072| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12073| [80518] Apache Tomcat cross-site request forgery security bypass
12074| [80517] Apache Tomcat FormAuthenticator security bypass
12075| [80516] Apache Tomcat NIO denial of service
12076| [80408] Apache Tomcat replay-countermeasure security bypass
12077| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12078| [80317] Apache Tomcat slowloris denial of service
12079| [79984] Apache Commons HttpClient SSL spoofing
12080| [79983] Apache CXF SSL spoofing
12081| [79830] Apache Axis2/Java SSL spoofing
12082| [79829] Apache Axis SSL spoofing
12083| [79809] Apache Tomcat DIGEST security bypass
12084| [79806] Apache Tomcat parseHeaders() denial of service
12085| [79540] Apache OFBiz unspecified
12086| [79487] Apache Axis2 SAML security bypass
12087| [79212] Apache Cloudstack code execution
12088| [78734] Apache CXF SOAP Action security bypass
12089| [78730] Apache Qpid broker denial of service
12090| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12091| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12092| [78562] Apache mod_pagespeed module security bypass
12093| [78454] Apache Axis2 security bypass
12094| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12095| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12096| [78321] Apache Wicket unspecified cross-site scripting
12097| [78183] Apache Struts parameters denial of service
12098| [78182] Apache Struts cross-site request forgery
12099| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12100| [77987] mod_rpaf module for Apache denial of service
12101| [77958] Apache Struts skill name code execution
12102| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12103| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12104| [77568] Apache Qpid broker security bypass
12105| [77421] Apache Libcloud spoofing
12106| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12107| [77046] Oracle Solaris Apache HTTP Server information disclosure
12108| [76837] Apache Hadoop information disclosure
12109| [76802] Apache Sling CopyFrom denial of service
12110| [76692] Apache Hadoop symlink
12111| [76535] Apache Roller console cross-site request forgery
12112| [76534] Apache Roller weblog cross-site scripting
12113| [76152] Apache CXF elements security bypass
12114| [76151] Apache CXF child policies security bypass
12115| [75983] MapServer for Windows Apache file include
12116| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12117| [75558] Apache POI denial of service
12118| [75545] PHP apache_request_headers() buffer overflow
12119| [75302] Apache Qpid SASL security bypass
12120| [75211] Debian GNU/Linux apache 2 cross-site scripting
12121| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12122| [74871] Apache OFBiz FlexibleStringExpander code execution
12123| [74870] Apache OFBiz multiple cross-site scripting
12124| [74750] Apache Hadoop unspecified spoofing
12125| [74319] Apache Struts XSLTResult.java file upload
12126| [74313] Apache Traffic Server header buffer overflow
12127| [74276] Apache Wicket directory traversal
12128| [74273] Apache Wicket unspecified cross-site scripting
12129| [74181] Apache HTTP Server mod_fcgid module denial of service
12130| [73690] Apache Struts OGNL code execution
12131| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12132| [73100] Apache MyFaces in directory traversal
12133| [73096] Apache APR hash denial of service
12134| [73052] Apache Struts name cross-site scripting
12135| [73030] Apache CXF UsernameToken security bypass
12136| [72888] Apache Struts lastName cross-site scripting
12137| [72758] Apache HTTP Server httpOnly information disclosure
12138| [72757] Apache HTTP Server MPM denial of service
12139| [72585] Apache Struts ParameterInterceptor security bypass
12140| [72438] Apache Tomcat Digest security bypass
12141| [72437] Apache Tomcat Digest security bypass
12142| [72436] Apache Tomcat DIGEST security bypass
12143| [72425] Apache Tomcat parameter denial of service
12144| [72422] Apache Tomcat request object information disclosure
12145| [72377] Apache HTTP Server scoreboard security bypass
12146| [72345] Apache HTTP Server HTTP request denial of service
12147| [72229] Apache Struts ExceptionDelegator command execution
12148| [72089] Apache Struts ParameterInterceptor directory traversal
12149| [72088] Apache Struts CookieInterceptor command execution
12150| [72047] Apache Geronimo hash denial of service
12151| [72016] Apache Tomcat hash denial of service
12152| [71711] Apache Struts OGNL expression code execution
12153| [71654] Apache Struts interfaces security bypass
12154| [71620] Apache ActiveMQ failover denial of service
12155| [71617] Apache HTTP Server mod_proxy module information disclosure
12156| [71508] Apache MyFaces EL security bypass
12157| [71445] Apache HTTP Server mod_proxy security bypass
12158| [71203] Apache Tomcat servlets privilege escalation
12159| [71181] Apache HTTP Server ap_pregsub() denial of service
12160| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12161| [70336] Apache HTTP Server mod_proxy information disclosure
12162| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12163| [69472] Apache Tomcat AJP security bypass
12164| [69396] Apache HTTP Server ByteRange filter denial of service
12165| [69394] Apache Wicket multi window support cross-site scripting
12166| [69176] Apache Tomcat XML information disclosure
12167| [69161] Apache Tomcat jsvc information disclosure
12168| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12169| [68541] Apache Tomcat sendfile information disclosure
12170| [68420] Apache XML Security denial of service
12171| [68238] Apache Tomcat JMX information disclosure
12172| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12173| [67804] Apache Subversion control rules information disclosure
12174| [67803] Apache Subversion control rules denial of service
12175| [67802] Apache Subversion baselined denial of service
12176| [67672] Apache Archiva multiple cross-site scripting
12177| [67671] Apache Archiva multiple cross-site request forgery
12178| [67564] Apache APR apr_fnmatch() denial of service
12179| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12180| [67515] Apache Tomcat annotations security bypass
12181| [67480] Apache Struts s:submit information disclosure
12182| [67414] Apache APR apr_fnmatch() denial of service
12183| [67356] Apache Struts javatemplates cross-site scripting
12184| [67354] Apache Struts Xwork cross-site scripting
12185| [66676] Apache Tomcat HTTP BIO information disclosure
12186| [66675] Apache Tomcat web.xml security bypass
12187| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12188| [66241] Apache HttpComponents information disclosure
12189| [66154] Apache Tomcat ServletSecurity security bypass
12190| [65971] Apache Tomcat ServletSecurity security bypass
12191| [65876] Apache Subversion mod_dav_svn denial of service
12192| [65343] Apache Continuum unspecified cross-site scripting
12193| [65162] Apache Tomcat NIO connector denial of service
12194| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12195| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12196| [65159] Apache Tomcat ServletContect security bypass
12197| [65050] Apache CouchDB web-based administration UI cross-site scripting
12198| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12199| [64473] Apache Subversion blame -g denial of service
12200| [64472] Apache Subversion walk() denial of service
12201| [64407] Apache Axis2 CVE-2010-0219 code execution
12202| [63926] Apache Archiva password privilege escalation
12203| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12204| [63493] Apache Archiva credentials cross-site request forgery
12205| [63477] Apache Tomcat HttpOnly session hijacking
12206| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12207| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12208| [62959] Apache Shiro filters security bypass
12209| [62790] Apache Perl cgi module denial of service
12210| [62576] Apache Qpid exchange denial of service
12211| [62575] Apache Qpid AMQP denial of service
12212| [62354] Apache Qpid SSL denial of service
12213| [62235] Apache APR-util apr_brigade_split_line() denial of service
12214| [62181] Apache XML-RPC SAX Parser information disclosure
12215| [61721] Apache Traffic Server cache poisoning
12216| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12217| [61186] Apache CouchDB Futon cross-site request forgery
12218| [61169] Apache CXF DTD denial of service
12219| [61070] Apache Jackrabbit search.jsp SQL injection
12220| [61006] Apache SLMS Quoting cross-site request forgery
12221| [60962] Apache Tomcat time cross-site scripting
12222| [60883] Apache mod_proxy_http information disclosure
12223| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12224| [60264] Apache Tomcat Transfer-Encoding denial of service
12225| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12226| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12227| [59413] Apache mod_proxy_http timeout information disclosure
12228| [59058] Apache MyFaces unencrypted view state cross-site scripting
12229| [58827] Apache Axis2 xsd file include
12230| [58790] Apache Axis2 modules cross-site scripting
12231| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12232| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12233| [58056] Apache ActiveMQ .jsp source code disclosure
12234| [58055] Apache Tomcat realm name information disclosure
12235| [58046] Apache HTTP Server mod_auth_shadow security bypass
12236| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12237| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12238| [57429] Apache CouchDB algorithms information disclosure
12239| [57398] Apache ActiveMQ Web console cross-site request forgery
12240| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12241| [56653] Apache HTTP Server DNS spoofing
12242| [56652] Apache HTTP Server DNS cross-site scripting
12243| [56625] Apache HTTP Server request header information disclosure
12244| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12245| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12246| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12247| [55857] Apache Tomcat WAR files directory traversal
12248| [55856] Apache Tomcat autoDeploy attribute security bypass
12249| [55855] Apache Tomcat WAR directory traversal
12250| [55210] Intuit component for Joomla! Apache information disclosure
12251| [54533] Apache Tomcat 404 error page cross-site scripting
12252| [54182] Apache Tomcat admin default password
12253| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12254| [53666] Apache HTTP Server Solaris pollset support denial of service
12255| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12256| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12257| [53041] mod_proxy_ftp module for Apache denial of service
12258| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12259| [51953] Apache Tomcat Path Disclosure
12260| [51952] Apache Tomcat Path Traversal
12261| [51951] Apache stronghold-status Information Disclosure
12262| [51950] Apache stronghold-info Information Disclosure
12263| [51949] Apache PHP Source Code Disclosure
12264| [51948] Apache Multiviews Attack
12265| [51946] Apache JServ Environment Status Information Disclosure
12266| [51945] Apache error_log Information Disclosure
12267| [51944] Apache Default Installation Page Pattern Found
12268| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12269| [51942] Apache AXIS XML External Entity File Retrieval
12270| [51941] Apache AXIS Sample Servlet Information Leak
12271| [51940] Apache access_log Information Disclosure
12272| [51626] Apache mod_deflate denial of service
12273| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12274| [51365] Apache Tomcat RequestDispatcher security bypass
12275| [51273] Apache HTTP Server Incomplete Request denial of service
12276| [51195] Apache Tomcat XML information disclosure
12277| [50994] Apache APR-util xml/apr_xml.c denial of service
12278| [50993] Apache APR-util apr_brigade_vprintf denial of service
12279| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12280| [50930] Apache Tomcat j_security_check information disclosure
12281| [50928] Apache Tomcat AJP denial of service
12282| [50884] Apache HTTP Server XML ENTITY denial of service
12283| [50808] Apache HTTP Server AllowOverride privilege escalation
12284| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12285| [50059] Apache mod_proxy_ajp information disclosure
12286| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12287| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12288| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12289| [49921] Apache ActiveMQ Web interface cross-site scripting
12290| [49898] Apache Geronimo Services/Repository directory traversal
12291| [49725] Apache Tomcat mod_jk module information disclosure
12292| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12293| [49712] Apache Struts unspecified cross-site scripting
12294| [49213] Apache Tomcat cal2.jsp cross-site scripting
12295| [48934] Apache Tomcat POST doRead method information disclosure
12296| [48211] Apache Tomcat header HTTP request smuggling
12297| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12298| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12299| [47709] Apache Roller "
12300| [47104] Novell Netware ApacheAdmin console security bypass
12301| [47086] Apache HTTP Server OS fingerprinting unspecified
12302| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12303| [45791] Apache Tomcat RemoteFilterValve security bypass
12304| [44435] Oracle WebLogic Apache Connector buffer overflow
12305| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12306| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12307| [44156] Apache Tomcat RequestDispatcher directory traversal
12308| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12309| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12310| [42987] Apache HTTP Server mod_proxy module denial of service
12311| [42915] Apache Tomcat JSP files path disclosure
12312| [42914] Apache Tomcat MS-DOS path disclosure
12313| [42892] Apache Tomcat unspecified unauthorized access
12314| [42816] Apache Tomcat Host Manager cross-site scripting
12315| [42303] Apache 403 error cross-site scripting
12316| [41618] Apache-SSL ExpandCert() authentication bypass
12317| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12318| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12319| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12320| [40562] Apache Geronimo init information disclosure
12321| [40478] Novell Web Manager webadmin-apache.conf security bypass
12322| [40411] Apache Tomcat exception handling information disclosure
12323| [40409] Apache Tomcat native (APR based) connector weak security
12324| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12325| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12326| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12327| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12328| [39804] Apache Tomcat SingleSignOn information disclosure
12329| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12330| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12331| [39608] Apache HTTP Server balancer manager cross-site request forgery
12332| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12333| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12334| [39472] Apache HTTP Server mod_status cross-site scripting
12335| [39201] Apache Tomcat JULI logging weak security
12336| [39158] Apache HTTP Server Windows SMB shares information disclosure
12337| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12338| [38951] Apache::AuthCAS Perl module cookie SQL injection
12339| [38800] Apache HTTP Server 413 error page cross-site scripting
12340| [38211] Apache Geronimo SQLLoginModule authentication bypass
12341| [37243] Apache Tomcat WebDAV directory traversal
12342| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12343| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12344| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12345| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12346| [36782] Apache Geronimo MEJB unauthorized access
12347| [36586] Apache HTTP Server UTF-7 cross-site scripting
12348| [36468] Apache Geronimo LoginModule security bypass
12349| [36467] Apache Tomcat functions.jsp cross-site scripting
12350| [36402] Apache Tomcat calendar cross-site request forgery
12351| [36354] Apache HTTP Server mod_proxy module denial of service
12352| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12353| [36336] Apache Derby lock table privilege escalation
12354| [36335] Apache Derby schema privilege escalation
12355| [36006] Apache Tomcat "
12356| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12357| [35999] Apache Tomcat \"
12358| [35795] Apache Tomcat CookieExample cross-site scripting
12359| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12360| [35384] Apache HTTP Server mod_cache module denial of service
12361| [35097] Apache HTTP Server mod_status module cross-site scripting
12362| [35095] Apache HTTP Server Prefork MPM module denial of service
12363| [34984] Apache HTTP Server recall_headers information disclosure
12364| [34966] Apache HTTP Server MPM content spoofing
12365| [34965] Apache HTTP Server MPM information disclosure
12366| [34963] Apache HTTP Server MPM multiple denial of service
12367| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12368| [34869] Apache Tomcat JSP example Web application cross-site scripting
12369| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12370| [34496] Apache Tomcat JK Connector security bypass
12371| [34377] Apache Tomcat hello.jsp cross-site scripting
12372| [34212] Apache Tomcat SSL configuration security bypass
12373| [34210] Apache Tomcat Accept-Language cross-site scripting
12374| [34209] Apache Tomcat calendar application cross-site scripting
12375| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12376| [34167] Apache Axis WSDL file path disclosure
12377| [34068] Apache Tomcat AJP connector information disclosure
12378| [33584] Apache HTTP Server suEXEC privilege escalation
12379| [32988] Apache Tomcat proxy module directory traversal
12380| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12381| [32708] Debian Apache tty privilege escalation
12382| [32441] ApacheStats extract() PHP call unspecified
12383| [32128] Apache Tomcat default account
12384| [31680] Apache Tomcat RequestParamExample cross-site scripting
12385| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12386| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12387| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12388| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12389| [29550] Apache mod_tcl set_var() format string
12390| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12391| [28357] Apache HTTP Server mod_alias script source information disclosure
12392| [28063] Apache mod_rewrite off-by-one buffer overflow
12393| [27902] Apache Tomcat URL information disclosure
12394| [26786] Apache James SMTP server denial of service
12395| [25680] libapache2 /tmp/svn file upload
12396| [25614] Apache Struts lookupMap cross-site scripting
12397| [25613] Apache Struts ActionForm denial of service
12398| [25612] Apache Struts isCancelled() security bypass
12399| [24965] Apache mod_python FileSession command execution
12400| [24716] Apache James spooler memory leak denial of service
12401| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12402| [24158] Apache Geronimo jsp-examples cross-site scripting
12403| [24030] Apache auth_ldap module multiple format strings
12404| [24008] Apache mod_ssl custom error message denial of service
12405| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12406| [23612] Apache mod_imap referer field cross-site scripting
12407| [23173] Apache Struts error message cross-site scripting
12408| [22942] Apache Tomcat directory listing denial of service
12409| [22858] Apache Multi-Processing Module code allows denial of service
12410| [22602] RHSA-2005:582 updates for Apache httpd not installed
12411| [22520] Apache mod-auth-shadow "
12412| [22466] ApacheTop symlink
12413| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12414| [22006] Apache HTTP Server byte-range filter denial of service
12415| [21567] Apache mod_ssl off-by-one buffer overflow
12416| [21195] Apache HTTP Server header HTTP request smuggling
12417| [20383] Apache HTTP Server htdigest buffer overflow
12418| [19681] Apache Tomcat AJP12 request denial of service
12419| [18993] Apache HTTP server check_forensic symlink attack
12420| [18790] Apache Tomcat Manager cross-site scripting
12421| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12422| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12423| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12424| [17961] Apache Web server ServerTokens has not been set
12425| [17930] Apache HTTP Server HTTP GET request denial of service
12426| [17785] Apache mod_include module buffer overflow
12427| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12428| [17473] Apache HTTP Server Satisfy directive allows access to resources
12429| [17413] Apache htpasswd buffer overflow
12430| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12431| [17382] Apache HTTP Server IPv6 apr_util denial of service
12432| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12433| [17273] Apache HTTP Server speculative mode denial of service
12434| [17200] Apache HTTP Server mod_ssl denial of service
12435| [16890] Apache HTTP Server server-info request has been detected
12436| [16889] Apache HTTP Server server-status request has been detected
12437| [16705] Apache mod_ssl format string attack
12438| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12439| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12440| [16230] Apache HTTP Server PHP denial of service
12441| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12442| [15958] Apache HTTP Server authentication modules memory corruption
12443| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12444| [15540] Apache HTTP Server socket starvation denial of service
12445| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12446| [15422] Apache HTTP Server mod_access information disclosure
12447| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12448| [15293] Apache for Cygwin "
12449| [15065] Apache-SSL has a default password
12450| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12451| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12452| [14751] Apache Mod_python output filter information disclosure
12453| [14125] Apache HTTP Server mod_userdir module information disclosure
12454| [14075] Apache HTTP Server mod_php file descriptor leak
12455| [13703] Apache HTTP Server account
12456| [13689] Apache HTTP Server configuration allows symlinks
12457| [13688] Apache HTTP Server configuration allows SSI
12458| [13687] Apache HTTP Server Server: header value
12459| [13685] Apache HTTP Server ServerTokens value
12460| [13684] Apache HTTP Server ServerSignature value
12461| [13672] Apache HTTP Server config allows directory autoindexing
12462| [13671] Apache HTTP Server default content
12463| [13670] Apache HTTP Server config file directive references outside content root
12464| [13668] Apache HTTP Server httpd not running in chroot environment
12465| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12466| [13664] Apache HTTP Server config file contains ScriptAlias entry
12467| [13663] Apache HTTP Server CGI support modules loaded
12468| [13661] Apache HTTP Server config file contains AddHandler entry
12469| [13660] Apache HTTP Server 500 error page not CGI script
12470| [13659] Apache HTTP Server 413 error page not CGI script
12471| [13658] Apache HTTP Server 403 error page not CGI script
12472| [13657] Apache HTTP Server 401 error page not CGI script
12473| [13552] Apache HTTP Server mod_cgid module information disclosure
12474| [13550] Apache GET request directory traversal
12475| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
12476| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
12477| [13429] Apache Tomcat non-HTTP request denial of service
12478| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
12479| [13295] Apache weak password encryption
12480| [13254] Apache Tomcat .jsp cross-site scripting
12481| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
12482| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
12483| [12681] Apache HTTP Server mod_proxy could allow mail relaying
12484| [12662] Apache HTTP Server rotatelogs denial of service
12485| [12554] Apache Tomcat stores password in plain text
12486| [12553] Apache HTTP Server redirects and subrequests denial of service
12487| [12552] Apache HTTP Server FTP proxy server denial of service
12488| [12551] Apache HTTP Server prefork MPM denial of service
12489| [12550] Apache HTTP Server weaker than expected encryption
12490| [12549] Apache HTTP Server type-map file denial of service
12491| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
12492| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
12493| [12091] Apache HTTP Server apr_password_validate denial of service
12494| [12090] Apache HTTP Server apr_psprintf code execution
12495| [11804] Apache HTTP Server mod_access_referer denial of service
12496| [11750] Apache HTTP Server could leak sensitive file descriptors
12497| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
12498| [11703] Apache long slash path allows directory listing
12499| [11695] Apache HTTP Server LF (Line Feed) denial of service
12500| [11694] Apache HTTP Server filestat.c denial of service
12501| [11438] Apache HTTP Server MIME message boundaries information disclosure
12502| [11412] Apache HTTP Server error log terminal escape sequence injection
12503| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
12504| [11195] Apache Tomcat web.xml could be used to read files
12505| [11194] Apache Tomcat URL appended with a null character could list directories
12506| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
12507| [11126] Apache HTTP Server illegal character file disclosure
12508| [11125] Apache HTTP Server DOS device name HTTP POST code execution
12509| [11124] Apache HTTP Server DOS device name denial of service
12510| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
12511| [10938] Apache HTTP Server printenv test CGI cross-site scripting
12512| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
12513| [10575] Apache mod_php module could allow an attacker to take over the httpd process
12514| [10499] Apache HTTP Server WebDAV HTTP POST view source
12515| [10457] Apache HTTP Server mod_ssl "
12516| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
12517| [10414] Apache HTTP Server htdigest multiple buffer overflows
12518| [10413] Apache HTTP Server htdigest temporary file race condition
12519| [10412] Apache HTTP Server htpasswd temporary file race condition
12520| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
12521| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
12522| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
12523| [10280] Apache HTTP Server shared memory scorecard overwrite
12524| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
12525| [10241] Apache HTTP Server Host: header cross-site scripting
12526| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
12527| [10208] Apache HTTP Server mod_dav denial of service
12528| [10206] HP VVOS Apache mod_ssl denial of service
12529| [10200] Apache HTTP Server stderr denial of service
12530| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
12531| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
12532| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
12533| [10098] Slapper worm targets OpenSSL/Apache systems
12534| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
12535| [9875] Apache HTTP Server .var file request could disclose installation path
12536| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
12537| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
12538| [9623] Apache HTTP Server ap_log_rerror() path disclosure
12539| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
12540| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
12541| [9396] Apache Tomcat null character to threads denial of service
12542| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
12543| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12544| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12545| [8932] Apache Tomcat example class information disclosure
12546| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12547| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12548| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12549| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12550| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12551| [8400] Apache HTTP Server mod_frontpage buffer overflows
12552| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12553| [8308] Apache "
12554| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12555| [8119] Apache and PHP OPTIONS request reveals "
12556| [8054] Apache is running on the system
12557| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12558| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12559| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12560| [7836] Apache HTTP Server log directory denial of service
12561| [7815] Apache for Windows "
12562| [7810] Apache HTTP request could result in unexpected behavior
12563| [7599] Apache Tomcat reveals installation path
12564| [7494] Apache "
12565| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12566| [7363] Apache Web Server hidden HTTP requests
12567| [7249] Apache mod_proxy denial of service
12568| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12569| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12570| [7059] Apache "
12571| [7057] Apache "
12572| [7056] Apache "
12573| [7055] Apache "
12574| [7054] Apache "
12575| [6997] Apache Jakarta Tomcat error message may reveal information
12576| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12577| [6970] Apache crafted HTTP request could reveal the internal IP address
12578| [6921] Apache long slash path allows directory listing
12579| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12580| [6527] Apache Web Server for Windows and OS2 denial of service
12581| [6316] Apache Jakarta Tomcat may reveal JSP source code
12582| [6305] Apache Jakarta Tomcat directory traversal
12583| [5926] Linux Apache symbolic link
12584| [5659] Apache Web server discloses files when used with php script
12585| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12586| [5204] Apache WebDAV directory listings
12587| [5197] Apache Web server reveals CGI script source code
12588| [5160] Apache Jakarta Tomcat default installation
12589| [5099] Trustix Secure Linux installs Apache with world writable access
12590| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12591| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12592| [4931] Apache source.asp example file allows users to write to files
12593| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12594| [4205] Apache Jakarta Tomcat delivers file contents
12595| [2084] Apache on Debian by default serves the /usr/doc directory
12596| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12597| [697] Apache HTTP server beck exploit
12598| [331] Apache cookies buffer overflow
12599|
12600| Exploit-DB - https://www.exploit-db.com:
12601| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12602| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12603| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12604| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12605| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12606| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12607| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12608| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12609| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12610| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12611| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12612| [29859] Apache Roller OGNL Injection
12613| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12614| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12615| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12616| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12617| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12618| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12619| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12620| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12621| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12622| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12623| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12624| [27096] Apache Geronimo 1.0 Error Page XSS
12625| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12626| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12627| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12628| [25986] Plesk Apache Zeroday Remote Exploit
12629| [25980] Apache Struts includeParams Remote Code Execution
12630| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12631| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12632| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12633| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12634| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12635| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12636| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12637| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12638| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12639| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12640| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12641| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12642| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12643| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12644| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12645| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12646| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12647| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12648| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12649| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12650| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12651| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12652| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12653| [21719] Apache 2.0 Path Disclosure Vulnerability
12654| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12655| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12656| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12657| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12658| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12659| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12660| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12661| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12662| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12663| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12664| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12665| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12666| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12667| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12668| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12669| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12670| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12671| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12672| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12673| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12674| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12675| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12676| [20558] Apache 1.2 Web Server DoS Vulnerability
12677| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12678| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12679| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12680| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12681| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12682| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12683| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12684| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12685| [19231] PHP apache_request_headers Function Buffer Overflow
12686| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12687| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12688| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12689| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12690| [18442] Apache httpOnly Cookie Disclosure
12691| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12692| [18221] Apache HTTP Server Denial of Service
12693| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12694| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12695| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12696| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12697| [16782] Apache Win32 Chunked Encoding
12698| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12699| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12700| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12701| [15319] Apache 2.2 (Windows) Local Denial of Service
12702| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12703| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12704| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12705| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12706| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12707| [12330] Apache OFBiz - Multiple XSS
12708| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12709| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12710| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12711| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12712| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12713| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12714| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12715| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12716| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12717| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12718| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12719| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12720| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12721| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12722| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12723| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12724| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12725| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12726| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12727| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12728| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12729| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12730| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12731| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12732| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12733| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12734| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12735| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12736| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12737| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12738| [466] htpasswd Apache 1.3.31 - Local Exploit
12739| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12740| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12741| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12742| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12743| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12744| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12745| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12746| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12747| [9] Apache HTTP Server 2.x Memory Leak Exploit
12748|
12749| OpenVAS (Nessus) - http://www.openvas.org:
12750| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12751| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12752| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12753| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12754| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12755| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12756| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12757| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12758| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12759| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12760| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12761| [900571] Apache APR-Utils Version Detection
12762| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12763| [900496] Apache Tiles Multiple XSS Vulnerability
12764| [900493] Apache Tiles Version Detection
12765| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12766| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12767| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12768| [870175] RedHat Update for apache RHSA-2008:0004-01
12769| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12770| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12771| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12772| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12773| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12774| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12775| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12776| [855821] Solaris Update for Apache 1.3 122912-19
12777| [855812] Solaris Update for Apache 1.3 122911-19
12778| [855737] Solaris Update for Apache 1.3 122911-17
12779| [855731] Solaris Update for Apache 1.3 122912-17
12780| [855695] Solaris Update for Apache 1.3 122911-16
12781| [855645] Solaris Update for Apache 1.3 122912-16
12782| [855587] Solaris Update for kernel update and Apache 108529-29
12783| [855566] Solaris Update for Apache 116973-07
12784| [855531] Solaris Update for Apache 116974-07
12785| [855524] Solaris Update for Apache 2 120544-14
12786| [855494] Solaris Update for Apache 1.3 122911-15
12787| [855478] Solaris Update for Apache Security 114145-11
12788| [855472] Solaris Update for Apache Security 113146-12
12789| [855179] Solaris Update for Apache 1.3 122912-15
12790| [855147] Solaris Update for kernel update and Apache 108528-29
12791| [855077] Solaris Update for Apache 2 120543-14
12792| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12793| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12794| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12795| [841209] Ubuntu Update for apache2 USN-1627-1
12796| [840900] Ubuntu Update for apache2 USN-1368-1
12797| [840798] Ubuntu Update for apache2 USN-1259-1
12798| [840734] Ubuntu Update for apache2 USN-1199-1
12799| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12800| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12801| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12802| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12803| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12804| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12805| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12806| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12807| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12808| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12809| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12810| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12811| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12812| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12813| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12814| [835188] HP-UX Update for Apache HPSBUX02308
12815| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12816| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12817| [835172] HP-UX Update for Apache HPSBUX02365
12818| [835168] HP-UX Update for Apache HPSBUX02313
12819| [835148] HP-UX Update for Apache HPSBUX01064
12820| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12821| [835131] HP-UX Update for Apache HPSBUX00256
12822| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12823| [835104] HP-UX Update for Apache HPSBUX00224
12824| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12825| [835101] HP-UX Update for Apache HPSBUX01232
12826| [835080] HP-UX Update for Apache HPSBUX02273
12827| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12828| [835044] HP-UX Update for Apache HPSBUX01019
12829| [835040] HP-UX Update for Apache PHP HPSBUX00207
12830| [835025] HP-UX Update for Apache HPSBUX00197
12831| [835023] HP-UX Update for Apache HPSBUX01022
12832| [835022] HP-UX Update for Apache HPSBUX02292
12833| [835005] HP-UX Update for Apache HPSBUX02262
12834| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12835| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12836| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12837| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12838| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12839| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12840| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12841| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12842| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12843| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12844| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12845| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12846| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12847| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12848| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12849| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12850| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12851| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12852| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12853| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12854| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12855| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12856| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12857| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12858| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12859| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12860| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12861| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12862| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12863| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12864| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12865| [801942] Apache Archiva Multiple Vulnerabilities
12866| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12867| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12868| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12869| [801284] Apache Derby Information Disclosure Vulnerability
12870| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12871| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12872| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12873| [800680] Apache APR Version Detection
12874| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12875| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12876| [800677] Apache Roller Version Detection
12877| [800279] Apache mod_jk Module Version Detection
12878| [800278] Apache Struts Cross Site Scripting Vulnerability
12879| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12880| [800276] Apache Struts Version Detection
12881| [800271] Apache Struts Directory Traversal Vulnerability
12882| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12883| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12884| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12885| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12886| [103074] Apache Continuum Cross Site Scripting Vulnerability
12887| [103073] Apache Continuum Detection
12888| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12889| [101023] Apache Open For Business Weak Password security check
12890| [101020] Apache Open For Business HTML injection vulnerability
12891| [101019] Apache Open For Business service detection
12892| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12893| [100923] Apache Archiva Detection
12894| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12895| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12896| [100813] Apache Axis2 Detection
12897| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12898| [100795] Apache Derby Detection
12899| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12900| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12901| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12902| [100514] Apache Multiple Security Vulnerabilities
12903| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12904| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12905| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12906| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12907| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12908| [72612] FreeBSD Ports: apache22
12909| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12910| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12911| [71512] FreeBSD Ports: apache
12912| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12913| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12914| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12915| [70737] FreeBSD Ports: apache
12916| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12917| [70600] FreeBSD Ports: apache
12918| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12919| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12920| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12921| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12922| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12923| [67868] FreeBSD Ports: apache
12924| [66816] FreeBSD Ports: apache
12925| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12926| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12927| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12928| [66081] SLES11: Security update for Apache 2
12929| [66074] SLES10: Security update for Apache 2
12930| [66070] SLES9: Security update for Apache 2
12931| [65998] SLES10: Security update for apache2-mod_python
12932| [65893] SLES10: Security update for Apache 2
12933| [65888] SLES10: Security update for Apache 2
12934| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12935| [65510] SLES9: Security update for Apache 2
12936| [65472] SLES9: Security update for Apache
12937| [65467] SLES9: Security update for Apache
12938| [65450] SLES9: Security update for apache2
12939| [65390] SLES9: Security update for Apache2
12940| [65363] SLES9: Security update for Apache2
12941| [65309] SLES9: Security update for Apache and mod_ssl
12942| [65296] SLES9: Security update for webdav apache module
12943| [65283] SLES9: Security update for Apache2
12944| [65249] SLES9: Security update for Apache 2
12945| [65230] SLES9: Security update for Apache 2
12946| [65228] SLES9: Security update for Apache 2
12947| [65212] SLES9: Security update for apache2-mod_python
12948| [65209] SLES9: Security update for apache2-worker
12949| [65207] SLES9: Security update for Apache 2
12950| [65168] SLES9: Security update for apache2-mod_python
12951| [65142] SLES9: Security update for Apache2
12952| [65136] SLES9: Security update for Apache 2
12953| [65132] SLES9: Security update for apache
12954| [65131] SLES9: Security update for Apache 2 oes/CORE
12955| [65113] SLES9: Security update for apache2
12956| [65072] SLES9: Security update for apache and mod_ssl
12957| [65017] SLES9: Security update for Apache 2
12958| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12959| [64783] FreeBSD Ports: apache
12960| [64774] Ubuntu USN-802-2 (apache2)
12961| [64653] Ubuntu USN-813-2 (apache2)
12962| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12963| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12964| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12965| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12966| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12967| [64443] Ubuntu USN-802-1 (apache2)
12968| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12969| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12970| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12971| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12972| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12973| [64201] Ubuntu USN-787-1 (apache2)
12974| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12975| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12976| [63565] FreeBSD Ports: apache
12977| [63562] Ubuntu USN-731-1 (apache2)
12978| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12979| [61185] FreeBSD Ports: apache
12980| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12981| [60387] Slackware Advisory SSA:2008-045-02 apache
12982| [58826] FreeBSD Ports: apache-tomcat
12983| [58825] FreeBSD Ports: apache-tomcat
12984| [58804] FreeBSD Ports: apache
12985| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12986| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12987| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12988| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12989| [57335] Debian Security Advisory DSA 1167-1 (apache)
12990| [57201] Debian Security Advisory DSA 1131-1 (apache)
12991| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12992| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12993| [57145] FreeBSD Ports: apache
12994| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12995| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12996| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12997| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12998| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12999| [56067] FreeBSD Ports: apache
13000| [55803] Slackware Advisory SSA:2005-310-04 apache
13001| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13002| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13003| [55355] FreeBSD Ports: apache
13004| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13005| [55261] Debian Security Advisory DSA 805-1 (apache2)
13006| [55259] Debian Security Advisory DSA 803-1 (apache)
13007| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13008| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13009| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13010| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13011| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13012| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13013| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13014| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13015| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13016| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13017| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13018| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13019| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13020| [54439] FreeBSD Ports: apache
13021| [53931] Slackware Advisory SSA:2004-133-01 apache
13022| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
13023| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
13024| [53878] Slackware Advisory SSA:2003-308-01 apache security update
13025| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13026| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13027| [53848] Debian Security Advisory DSA 131-1 (apache)
13028| [53784] Debian Security Advisory DSA 021-1 (apache)
13029| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13030| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13031| [53735] Debian Security Advisory DSA 187-1 (apache)
13032| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13033| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13034| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13035| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13036| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13037| [53282] Debian Security Advisory DSA 594-1 (apache)
13038| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13039| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13040| [53215] Debian Security Advisory DSA 525-1 (apache)
13041| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13042| [52529] FreeBSD Ports: apache+ssl
13043| [52501] FreeBSD Ports: apache
13044| [52461] FreeBSD Ports: apache
13045| [52390] FreeBSD Ports: apache
13046| [52389] FreeBSD Ports: apache
13047| [52388] FreeBSD Ports: apache
13048| [52383] FreeBSD Ports: apache
13049| [52339] FreeBSD Ports: apache+mod_ssl
13050| [52331] FreeBSD Ports: apache
13051| [52329] FreeBSD Ports: ru-apache+mod_ssl
13052| [52314] FreeBSD Ports: apache
13053| [52310] FreeBSD Ports: apache
13054| [15588] Detect Apache HTTPS
13055| [15555] Apache mod_proxy content-length buffer overflow
13056| [15554] Apache mod_include priviledge escalation
13057| [14771] Apache <= 1.3.33 htpasswd local overflow
13058| [14177] Apache mod_access rule bypass
13059| [13644] Apache mod_rootme Backdoor
13060| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13061| [12280] Apache Connection Blocking Denial of Service
13062| [12239] Apache Error Log Escape Sequence Injection
13063| [12123] Apache Tomcat source.jsp malformed request information disclosure
13064| [12085] Apache Tomcat servlet/JSP container default files
13065| [11438] Apache Tomcat Directory Listing and File disclosure
13066| [11204] Apache Tomcat Default Accounts
13067| [11092] Apache 2.0.39 Win32 directory traversal
13068| [11046] Apache Tomcat TroubleShooter Servlet Installed
13069| [11042] Apache Tomcat DOS Device Name XSS
13070| [11041] Apache Tomcat /servlet Cross Site Scripting
13071| [10938] Apache Remote Command Execution via .bat files
13072| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13073| [10773] MacOS X Finder reveals contents of Apache Web files
13074| [10766] Apache UserDir Sensitive Information Disclosure
13075| [10756] MacOS X Finder reveals contents of Apache Web directories
13076| [10752] Apache Auth Module SQL Insertion Attack
13077| [10704] Apache Directory Listing
13078| [10678] Apache /server-info accessible
13079| [10677] Apache /server-status accessible
13080| [10440] Check for Apache Multiple / vulnerability
13081|
13082| SecurityTracker - https://www.securitytracker.com:
13083| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13084| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13085| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13086| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13087| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13088| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13089| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13090| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13091| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13092| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13093| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13094| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13095| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13096| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13097| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13098| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13099| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13100| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13101| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13102| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13103| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13104| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13105| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13106| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13107| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13108| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13109| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13110| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13111| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13112| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13113| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13114| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13115| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13116| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13117| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13118| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13119| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13120| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13121| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13122| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13123| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13124| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13125| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13126| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13127| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13128| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13129| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13130| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13131| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13132| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13133| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13134| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13135| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13136| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13137| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13138| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13139| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13140| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13141| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13142| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13143| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13144| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13145| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13146| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13147| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13148| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13149| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13150| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13151| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13152| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13153| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13154| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13155| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13156| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13157| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13158| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13159| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13160| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13161| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13162| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13163| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13164| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13165| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13166| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13167| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13168| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13169| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13170| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13171| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13172| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13173| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13174| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13175| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13176| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13177| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13178| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13179| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13180| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13181| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13182| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13183| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13184| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13185| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13186| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13187| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13188| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13189| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13190| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13191| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13192| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13193| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13194| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13195| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13196| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13197| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13198| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13199| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13200| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13201| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13202| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13203| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13204| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13205| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13206| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13207| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13208| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13209| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13210| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13211| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13212| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13213| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13214| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13215| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13216| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13217| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13218| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13219| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13220| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13221| [1008920] Apache mod_digest May Validate Replayed Client Responses
13222| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13223| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13224| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13225| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13226| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13227| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13228| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13229| [1008029] Apache mod_alias Contains a Buffer Overflow
13230| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13231| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13232| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13233| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13234| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13235| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13236| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13237| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13238| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13239| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13240| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13241| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13242| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13243| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13244| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13245| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13246| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13247| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13248| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13249| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13250| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13251| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13252| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13253| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13254| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13255| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13256| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13257| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13258| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13259| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13260| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13261| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13262| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13263| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13264| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13265| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13266| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13267| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13268| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13269| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13270| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13271| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13272| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13273| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13274| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13275| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13276| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13277| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13278| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13279| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13280| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13281| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13282| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13283| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13284| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13285| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13286|
13287| OSVDB - http://www.osvdb.org:
13288| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13289| [96077] Apache CloudStack Global Settings Multiple Field XSS
13290| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13291| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13292| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13293| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13294| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13295| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13296| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13297| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13298| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13299| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13300| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13301| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13302| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13303| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13304| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13305| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13306| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13307| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13308| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13309| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13310| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13311| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13312| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13313| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13314| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13315| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13316| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13317| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13318| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13319| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13320| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13321| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13322| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13323| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13324| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13325| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13326| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13327| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13328| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13329| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13330| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13331| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13332| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13333| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13334| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13335| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13336| [94279] Apache Qpid CA Certificate Validation Bypass
13337| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13338| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13339| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13340| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13341| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13342| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13343| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13344| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13345| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13346| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13347| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13348| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13349| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13350| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13351| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13352| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13353| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13354| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13355| [93541] Apache Solr json.wrf Callback XSS
13356| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13357| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13358| [93520] Apache CloudStack Default SSL Key Weakness
13359| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13360| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13361| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13362| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13363| [93515] Apache HBase table.jsp name Parameter XSS
13364| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13365| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13366| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13367| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13368| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13369| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13370| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13371| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13372| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13373| [93252] Apache Tomcat FORM Authenticator Session Fixation
13374| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13375| [93171] Apache Sling HtmlResponse Error Message XSS
13376| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13377| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13378| [93168] Apache Click ErrorReport.java id Parameter XSS
13379| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13380| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13381| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13382| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13383| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13384| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13385| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13386| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13387| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13388| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13389| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13390| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13391| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13392| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13393| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13394| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13395| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13396| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13397| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13398| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13399| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13400| [93144] Apache Solr Admin Command Execution CSRF
13401| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13402| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13403| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13404| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13405| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13406| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13407| [92748] Apache CloudStack VM Console Access Restriction Bypass
13408| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13409| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13410| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13411| [92706] Apache ActiveMQ Debug Log Rendering XSS
13412| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13413| [92270] Apache Tomcat Unspecified CSRF
13414| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13415| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13416| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13417| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13418| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13419| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13420| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13421| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13422| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13423| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13424| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13425| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13426| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13427| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13428| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13429| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13430| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13431| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13432| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13433| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13434| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13435| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13436| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13437| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13438| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13439| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13440| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13441| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13442| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13443| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13444| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13445| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13446| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13447| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13448| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13449| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13450| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13451| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13452| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13453| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13454| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13455| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13456| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13457| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13458| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13459| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13460| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13461| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13462| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13463| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13464| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13465| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13466| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13467| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13468| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13469| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13470| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13471| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13472| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
13473| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
13474| [86901] Apache Tomcat Error Message Path Disclosure
13475| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
13476| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
13477| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
13478| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
13479| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
13480| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
13481| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
13482| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
13483| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
13484| [85430] Apache mod_pagespeed Module Unspecified XSS
13485| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
13486| [85249] Apache Wicket Unspecified XSS
13487| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
13488| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
13489| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
13490| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
13491| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
13492| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
13493| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
13494| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
13495| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
13496| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
13497| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
13498| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
13499| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
13500| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
13501| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
13502| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
13503| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
13504| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
13505| [83339] Apache Roller Blogger Roll Unspecified XSS
13506| [83270] Apache Roller Unspecified Admin Action CSRF
13507| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
13508| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
13509| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
13510| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
13511| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
13512| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
13513| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
13514| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
13515| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
13516| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
13517| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
13518| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
13519| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
13520| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
13521| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
13522| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
13523| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
13524| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
13525| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
13526| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
13527| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
13528| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
13529| [80300] Apache Wicket wicket:pageMapName Parameter XSS
13530| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
13531| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
13532| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
13533| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
13534| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
13535| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
13536| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
13537| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
13538| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
13539| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
13540| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
13541| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
13542| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
13543| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13544| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13545| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13546| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13547| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13548| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13549| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13550| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13551| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13552| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13553| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13554| [77593] Apache Struts Conversion Error OGNL Expression Injection
13555| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13556| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13557| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13558| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13559| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13560| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13561| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13562| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13563| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13564| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13565| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13566| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13567| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13568| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13569| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13570| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13571| [74725] Apache Wicket Multi Window Support Unspecified XSS
13572| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13573| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13574| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13575| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13576| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13577| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13578| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13579| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13580| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13581| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13582| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13583| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13584| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13585| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13586| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13587| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13588| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13589| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13590| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13591| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13592| [73154] Apache Archiva Multiple Unspecified CSRF
13593| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13594| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13595| [72238] Apache Struts Action / Method Names <
13596| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13597| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13598| [71557] Apache Tomcat HTML Manager Multiple XSS
13599| [71075] Apache Archiva User Management Page XSS
13600| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13601| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13602| [70924] Apache Continuum Multiple Admin Function CSRF
13603| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13604| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13605| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13606| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13607| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13608| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13609| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13610| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13611| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13612| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13613| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13614| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13615| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13616| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13617| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13618| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13619| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13620| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13621| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13622| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13623| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13624| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13625| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13626| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13627| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13628| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13629| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13630| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13631| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13632| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13633| [65054] Apache ActiveMQ Jetty Error Handler XSS
13634| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13635| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13636| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13637| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13638| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13639| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13640| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13641| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13642| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13643| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13644| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13645| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13646| [63895] Apache HTTP Server mod_headers Unspecified Issue
13647| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13648| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13649| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13650| [63140] Apache Thrift Service Malformed Data Remote DoS
13651| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13652| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13653| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13654| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13655| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13656| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13657| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13658| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13659| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13660| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13661| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13662| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13663| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13664| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13665| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13666| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13667| [60678] Apache Roller Comment Email Notification Manipulation DoS
13668| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13669| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13670| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13671| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13672| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13673| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13674| [60232] PHP on Apache php.exe Direct Request Remote DoS
13675| [60176] Apache Tomcat Windows Installer Admin Default Password
13676| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13677| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13678| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13679| [59944] Apache Hadoop jobhistory.jsp XSS
13680| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13681| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13682| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13683| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13684| [59019] Apache mod_python Cookie Salting Weakness
13685| [59018] Apache Harmony Error Message Handling Overflow
13686| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13687| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13688| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13689| [59010] Apache Solr get-file.jsp XSS
13690| [59009] Apache Solr action.jsp XSS
13691| [59008] Apache Solr analysis.jsp XSS
13692| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13693| [59006] Apache Beehive select / checkbox Tag XSS
13694| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13695| [59004] Apache Beehive Error Message XSS
13696| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13697| [59002] Apache Jetspeed default-page.psml URI XSS
13698| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13699| [59000] Apache CXF Unsigned Message Policy Bypass
13700| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13701| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13702| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13703| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13704| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13705| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13706| [58993] Apache Hadoop browseBlock.jsp XSS
13707| [58991] Apache Hadoop browseDirectory.jsp XSS
13708| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13709| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13710| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13711| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13712| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13713| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13714| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13715| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13716| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13717| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13718| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13719| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13720| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13721| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13722| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13723| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13724| [58974] Apache Sling /apps Script User Session Management Access Weakness
13725| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13726| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13727| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13728| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13729| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13730| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13731| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13732| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13733| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13734| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13735| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13736| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13737| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13738| [58805] Apache Derby Unauthenticated Database / Admin Access
13739| [58804] Apache Wicket Header Contribution Unspecified Issue
13740| [58803] Apache Wicket Session Fixation
13741| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13742| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13743| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13744| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13745| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13746| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13747| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13748| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13749| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13750| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13751| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13752| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13753| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13754| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13755| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13756| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13757| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13758| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13759| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13760| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13761| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13762| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13763| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13764| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13765| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13766| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13767| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13768| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13769| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13770| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13771| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13772| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13773| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13774| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13775| [58755] Apache Harmony DRLVM Non-public Class Member Access
13776| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13777| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13778| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13779| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13780| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13781| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13782| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13783| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13784| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13785| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13786| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13787| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13788| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13789| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13790| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13791| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13792| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13793| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13794| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13795| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13796| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13797| [58724] Apache Roller Logout Functionality Failure Session Persistence
13798| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13799| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13800| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13801| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13802| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13803| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13804| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13805| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13806| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13807| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13808| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13809| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13810| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13811| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13812| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13813| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13814| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13815| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13816| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13817| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13818| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13819| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13820| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13821| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13822| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13823| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13824| [58687] Apache Axis Invalid wsdl Request XSS
13825| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13826| [58685] Apache Velocity Template Designer Privileged Code Execution
13827| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13828| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13829| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13830| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13831| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13832| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13833| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13834| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13835| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13836| [58667] Apache Roller Database Cleartext Passwords Disclosure
13837| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13838| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13839| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13840| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13841| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13842| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13843| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13844| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13845| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13846| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13847| [56984] Apache Xerces2 Java Malformed XML Input DoS
13848| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13849| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13850| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13851| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13852| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13853| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13854| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13855| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13856| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13857| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13858| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13859| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13860| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13861| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13862| [55056] Apache Tomcat Cross-application TLD File Manipulation
13863| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13864| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13865| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13866| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13867| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13868| [54589] Apache Jserv Nonexistent JSP Request XSS
13869| [54122] Apache Struts s:a / s:url Tag href Element XSS
13870| [54093] Apache ActiveMQ Web Console JMS Message XSS
13871| [53932] Apache Geronimo Multiple Admin Function CSRF
13872| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13873| [53930] Apache Geronimo /console/portal/ URI XSS
13874| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13875| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13876| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13877| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13878| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13879| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13880| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13881| [53380] Apache Struts Unspecified XSS
13882| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13883| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13884| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13885| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13886| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13887| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13888| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13889| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13890| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13891| [51151] Apache Roller Search Function q Parameter XSS
13892| [50482] PHP with Apache php_value Order Unspecified Issue
13893| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13894| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13895| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13896| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13897| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13898| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13899| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13900| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13901| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13902| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13903| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13904| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13905| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13906| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13907| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13908| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13909| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13910| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13911| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13912| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13913| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13914| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13915| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13916| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13917| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13918| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13919| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13920| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13921| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13922| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13923| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13924| [43452] Apache Tomcat HTTP Request Smuggling
13925| [43309] Apache Geronimo LoginModule Login Method Bypass
13926| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13927| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13928| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13929| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13930| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13931| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13932| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13933| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13934| [42091] Apache Maven Site Plugin Installation Permission Weakness
13935| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13936| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13937| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13938| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13939| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13940| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13941| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13942| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13943| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13944| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13945| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13946| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13947| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13948| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13949| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13950| [40262] Apache HTTP Server mod_status refresh XSS
13951| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13952| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13953| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13954| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13955| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13956| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13957| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13958| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13959| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13960| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13961| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13962| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13963| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13964| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13965| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13966| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13967| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13968| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13969| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13970| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13971| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13972| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13973| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13974| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13975| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13976| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13977| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13978| [36079] Apache Tomcat Manager Uploaded Filename XSS
13979| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13980| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13981| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13982| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13983| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13984| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13985| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13986| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13987| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13988| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13989| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13990| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13991| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13992| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13993| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13994| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13995| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13996| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13997| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13998| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13999| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14000| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14001| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14002| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14003| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14004| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14005| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14006| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14007| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14008| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14009| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14010| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14011| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14012| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14013| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14014| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14015| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14016| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14017| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14018| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14019| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14020| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14021| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14022| [24365] Apache Struts Multiple Function Error Message XSS
14023| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14024| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14025| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14026| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14027| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14028| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14029| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14030| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14031| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14032| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14033| [22459] Apache Geronimo Error Page XSS
14034| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14035| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14036| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14037| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14038| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14039| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14040| [21021] Apache Struts Error Message XSS
14041| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14042| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14043| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14044| [20439] Apache Tomcat Directory Listing Saturation DoS
14045| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14046| [20285] Apache HTTP Server Log File Control Character Injection
14047| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14048| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14049| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14050| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14051| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14052| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14053| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14054| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14055| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14056| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14057| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14058| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14059| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14060| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14061| [18233] Apache HTTP Server htdigest user Variable Overfow
14062| [17738] Apache HTTP Server HTTP Request Smuggling
14063| [16586] Apache HTTP Server Win32 GET Overflow DoS
14064| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14065| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14066| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14067| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14068| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14069| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14070| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14071| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14072| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14073| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14074| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14075| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14076| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14077| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14078| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14079| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14080| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14081| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14082| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14083| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14084| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14085| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14086| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14087| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14088| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14089| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14090| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14091| [13304] Apache Tomcat realPath.jsp Path Disclosure
14092| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14093| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14094| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14095| [12848] Apache HTTP Server htdigest realm Variable Overflow
14096| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14097| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14098| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14099| [12557] Apache HTTP Server prefork MPM accept Error DoS
14100| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14101| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14102| [12231] Apache Tomcat web.xml Arbitrary File Access
14103| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14104| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14105| [12178] Apache Jakarta Lucene results.jsp XSS
14106| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14107| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14108| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14109| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14110| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14111| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14112| [10471] Apache Xerces-C++ XML Parser DoS
14113| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14114| [10068] Apache HTTP Server htpasswd Local Overflow
14115| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14116| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14117| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14118| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14119| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14120| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14121| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14122| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14123| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14124| [9714] Apache Authentication Module Threaded MPM DoS
14125| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14126| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14127| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14128| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14129| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14130| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14131| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14132| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14133| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14134| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14135| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14136| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14137| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14138| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14139| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14140| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14141| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14142| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14143| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14144| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14145| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14146| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14147| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14148| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14149| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14150| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14151| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14152| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14153| [9208] Apache Tomcat .jsp Encoded Newline XSS
14154| [9204] Apache Tomcat ROOT Application XSS
14155| [9203] Apache Tomcat examples Application XSS
14156| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14157| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14158| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14159| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14160| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14161| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14162| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14163| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14164| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14165| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14166| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14167| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14168| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14169| [7611] Apache HTTP Server mod_alias Local Overflow
14170| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14171| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14172| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14173| [6882] Apache mod_python Malformed Query String Variant DoS
14174| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14175| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14176| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14177| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14178| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14179| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14180| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14181| [5278] Apache Tomcat web.xml Restriction Bypass
14182| [5051] Apache Tomcat Null Character DoS
14183| [4973] Apache Tomcat servlet Mapping XSS
14184| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14185| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14186| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14187| [4568] mod_survey For Apache ENV Tags SQL Injection
14188| [4553] Apache HTTP Server ApacheBench Overflow DoS
14189| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14190| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14191| [4383] Apache HTTP Server Socket Race Condition DoS
14192| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14193| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14194| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14195| [4231] Apache Cocoon Error Page Server Path Disclosure
14196| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14197| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14198| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14199| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14200| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14201| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14202| [3322] mod_php for Apache HTTP Server Process Hijack
14203| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14204| [2885] Apache mod_python Malformed Query String DoS
14205| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14206| [2733] Apache HTTP Server mod_rewrite Local Overflow
14207| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14208| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14209| [2149] Apache::Gallery Privilege Escalation
14210| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14211| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14212| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14213| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14214| [872] Apache Tomcat Multiple Default Accounts
14215| [862] Apache HTTP Server SSI Error Page XSS
14216| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14217| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14218| [845] Apache Tomcat MSDOS Device XSS
14219| [844] Apache Tomcat Java Servlet Error Page XSS
14220| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14221| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14222| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14223| [775] Apache mod_python Module Importing Privilege Function Execution
14224| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14225| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14226| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14227| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14228| [637] Apache HTTP Server UserDir Directive Username Enumeration
14229| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14230| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14231| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14232| [561] Apache Web Servers mod_status /server-status Information Disclosure
14233| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14234| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14235| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14236| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14237| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14238| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14239| [376] Apache Tomcat contextAdmin Arbitrary File Access
14240| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14241| [222] Apache HTTP Server test-cgi Arbitrary File Access
14242| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14243| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14244|_
14245139/tcp closed netbios-ssn conn-refused
14246443/tcp open ssl/https? syn-ack
14247445/tcp closed microsoft-ds conn-refused
14248Device type: general purpose|media device|WAP
14249Running (JUST GUESSING): Linux 2.6.X (91%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
14250OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/o:linux:linux_kernel:2.6.32 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.2.6
14251OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
14252Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 2.6.22 - 2.6.36 (88%), Linux 2.6.32 (88%), Linux 2.6.34 (88%), Linux 2.6.32 - 2.6.35 (86%), Infomir MAG-250 set-top box (85%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (85%), Ubiquiti Pico Station WAP (AirOS 5.2.6) (85%)
14253No exact OS matches for host (test conditions non-ideal).
14254TCP/IP fingerprint:
14255SCAN(V=7.70%E=4%D=8/1%OT=80%CT=25%CU=%PV=N%G=N%TM=5D437D7E%P=x86_64-pc-linux-gnu)
14256SEQ(SP=CA%GCD=2%ISR=D1%TI=Z%CI=Z%TS=A)
14257OPS(O1=M44FST11NW5%O2=M44FST11NW5%O3=M44FNNT11NW5%O4=M44FST11NW5%O5=M44FST11NW5%O6=M44FST11)
14258WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
14259ECN(R=Y%DF=Y%TG=40%W=16D0%O=M44FNNSNW5%CC=Y%Q=)
14260T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
14261T2(R=N)
14262T3(R=N)
14263T4(R=N)
14264T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
14265T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
14266T7(R=N)
14267U1(R=N)
14268IE(R=N)
14269
14270Uptime guess: 31.464 days (since Mon Jul 1 08:53:27 2019)
14271TCP Sequence Prediction: Difficulty=201 (Good luck!)
14272IP ID Sequence Generation: All zeros
14273
14274TRACEROUTE (using proto 1/icmp)
14275HOP RTT ADDRESS
142761 174.69 ms 10.247.200.1
142772 175.88 ms 213.184.122.97
142783 174.85 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
142794 175.15 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
142805 238.55 ms bzq-219-189-154.cablep.bezeqint.net (62.219.189.154)
142816 235.15 ms 40ge1-3.core1.lon2.he.net (195.66.224.21)
142827 301.17 ms 100ge13-2.core1.nyc4.he.net (72.52.92.166)
142838 362.82 ms 100ge8-1.core1.sjc2.he.net (184.105.81.218)
142849 464.70 ms softbank-bb-corp.switch1.sjc2.he.net (65.19.151.26)
1428510 ...
1428611 451.21 ms 61.206.169.254
1428712 453.87 ms 202.93.95.182
1428813 453.90 ms 202.93.95.153
1428914 457.86 ms 203.141.47.66
1429015 453.74 ms 158.205.134.6
1429116 455.29 ms 158.205.192.237
1429217 455.38 ms 158.205.188.130
1429318 453.67 ms 158.205.188.138
1429419 450.89 ms 158.205.110.238
1429520 ... 30
14296
14297NSE: Script Post-scanning.
14298NSE: Starting runlevel 1 (of 2) scan.
14299Initiating NSE at 20:02
14300Completed NSE at 20:02, 0.00s elapsed
14301NSE: Starting runlevel 2 (of 2) scan.
14302Initiating NSE at 20:02
14303Completed NSE at 20:02, 0.00s elapsed
14304Read data files from: /usr/bin/../share/nmap
14305OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
14306#######################################################################################################################################
14307Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-01 20:02 EDT
14308NSE: Loaded 45 scripts for scanning.
14309NSE: Script Pre-scanning.
14310Initiating NSE at 20:02
14311Completed NSE at 20:02, 0.00s elapsed
14312Initiating NSE at 20:02
14313Completed NSE at 20:02, 0.00s elapsed
14314Initiating Parallel DNS resolution of 1 host. at 20:02
14315Completed Parallel DNS resolution of 1 host. at 20:02, 0.02s elapsed
14316Initiating UDP Scan at 20:02
14317Scanning 210.168.52.41 [14 ports]
14318Completed UDP Scan at 20:02, 2.53s elapsed (14 total ports)
14319Initiating Service scan at 20:02
14320Scanning 12 services on 210.168.52.41
14321Service scan Timing: About 8.33% done; ETC: 20:21 (0:17:47 remaining)
14322Completed Service scan at 20:03, 102.59s elapsed (12 services on 1 host)
14323Initiating OS detection (try #1) against 210.168.52.41
14324Retrying OS detection (try #2) against 210.168.52.41
14325Initiating Traceroute at 20:03
14326Completed Traceroute at 20:04, 7.19s elapsed
14327Initiating Parallel DNS resolution of 1 host. at 20:04
14328Completed Parallel DNS resolution of 1 host. at 20:04, 0.00s elapsed
14329NSE: Script scanning 210.168.52.41.
14330Initiating NSE at 20:04
14331Completed NSE at 20:04, 7.20s elapsed
14332Initiating NSE at 20:04
14333Completed NSE at 20:04, 1.25s elapsed
14334Nmap scan report for 210.168.52.41
14335Host is up (0.17s latency).
14336
14337PORT STATE SERVICE VERSION
1433853/udp open|filtered domain
1433967/udp open|filtered dhcps
1434068/udp open|filtered dhcpc
1434169/udp open|filtered tftp
1434288/udp open|filtered kerberos-sec
14343123/udp open|filtered ntp
14344137/udp filtered netbios-ns
14345138/udp filtered netbios-dgm
14346139/udp open|filtered netbios-ssn
14347161/udp open|filtered snmp
14348162/udp open|filtered snmptrap
14349389/udp open|filtered ldap
14350520/udp open|filtered route
143512049/udp open|filtered nfs
14352Too many fingerprints match this host to give specific OS details
14353
14354TRACEROUTE (using port 138/udp)
14355HOP RTT ADDRESS
143561 165.41 ms 10.247.200.1
143572 ... 3
143584 166.18 ms 10.247.200.1
143595 165.89 ms 10.247.200.1
143606 165.88 ms 10.247.200.1
143617 165.87 ms 10.247.200.1
143628 165.86 ms 10.247.200.1
143639 165.85 ms 10.247.200.1
1436410 165.82 ms 10.247.200.1
1436511 ... 18
1436619 165.70 ms 10.247.200.1
1436720 167.21 ms 10.247.200.1
1436821 ... 28
1436929 166.36 ms 10.247.200.1
1437030 164.93 ms 10.247.200.1
14371
14372NSE: Script Post-scanning.
14373Initiating NSE at 20:04
14374Completed NSE at 20:04, 0.00s elapsed
14375Initiating NSE at 20:04
14376Completed NSE at 20:04, 0.00s elapsed
14377Read data files from: /usr/bin/../share/nmap
14378OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
14379Nmap done: 1 IP address (1 host up) scanned in 127.12 seconds
14380 Raw packets sent: 147 (9.964KB) | Rcvd: 170 (54.726KB)
14381#######################################################################################################################################
14382 Anonymous JTSEC #OpWhales Full Recon #22