MYMjL04C

· 6 years ago · Jan 05, 2020, 03:58 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname 	www.coyhaique.cl 	  	ISP 	ANACONDAWEB S.A.
4Continent 	South America 	  	Flag 	
5CL
6Country 	Chile 	  	Country Code 	CL
7Region 	Unknown 	  	Local time 	04 Jan 2020 23:21 -03
8City 	Unknown 	  	Postal Code 	Unknown
9IP Address 	170.246.172.178 	  	Latitude 	-33.439
10  	  	  	Longitude 	-70.643
11===============================================================================================================================
12######################################################################################################################################
13> www.coyhaique.cl
14Server:		38.132.106.139
15Address:	38.132.106.139#53
16
17Non-authoritative answer:
18www.coyhaique.cl	canonical name = coyhaique.cl.
19Name:	coyhaique.cl
20Address: 170.246.172.178
21> 
22#######################################################################################################################################
23Domain name: coyhaique.cl
24Registrant name: I MUNICIPALIDAD DE COYHAIQUE
25Registrant organisation: 
26Registrar name: NIC Chile
27Registrar URL: https://www.nic.cl
28Creation date: 2003-04-25 14:45:56 CLST
29Expiration date: 2029-05-22 11:45:05 CLST
30Name server: dns1.coyhaique.cl (170.246.172.178)
31Name server: dns2.coyhaique.cl (170.246.172.178)
32#######################################################################################################################################
33[+] Target : www.coyhaique.cl
34
35[+] IP Address : 170.246.172.178
36
37[+] Headers :
38
39[+] Date : Sun, 05 Jan 2020 02:25:50 GMT
40[+] Server : Apache
41[+] Last-Modified : Thu, 02 Jan 2020 18:36:47 GMT
42[+] Accept-Ranges : bytes
43[+] Content-Length : 1459
44[+] Keep-Alive : timeout=5, max=100
45[+] Connection : Keep-Alive
46[+] Content-Type : text/html; charset=iso-8859-1
47
48[+] SSL Certificate Information : 
49
50[+] businessCategory : Private Organization
51[+] serialNumber : 692403002
52[+] jurisdictionCountryName : CL
53[+] countryName : CL
54[+] stateOrProvinceName : Coyhaique
55[+] localityName : Coyhaique
56[+] streetAddress : Francisco Bilbao 357
57[+] organizationalUnitName : Informatica
58[+] organizationName : Municipalidad de Coyhaique
59[+] commonName : www.coyhaique.cl
60[+] countryName : BE
61[+] organizationName : GlobalSign nv-sa
62[+] commonName : GlobalSign Extended Validation CA - SHA256 - G3
63[+] Version : 3
64[+] Serial Number : 73DD1C6986B727208E1A81CE
65[+] Not Before : Apr  6 20:06:03 2018 GMT
66[+] Not After : Apr  6 20:06:03 2020 GMT
67[+] OCSP : ('http://ocsp2.globalsign.com/gsextendvalsha2g3r3',)
68[+] subject Alt Name : (('DNS', 'www.coyhaique.cl'), ('DNS', 'coyhaique.cl'))
69[+] CA Issuers : ('http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt',)
70[+] CRL Distribution Points : ('http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl',)
71
72[+] Whois Lookup : 
73
74[+] NIR : None
75[+] ASN Registry : lacnic
76[+] ASN : 265656
77[+] ASN CIDR : 170.246.172.0/22
78[+] ASN Country Code : CL
79[+] ASN Date : 2017-02-14
80[+] ASN Description : ANACONDAWEB S.A., CL
81[+] cidr : 170.246.172.0/22
82[+] name : None
83[+] handle : MCV8
84[+] range : 170.246.172/22
85[+] description : ANACONDAWEB S.A.
86[+] country : CL
87[+] state : None
88[+] city : None
89[+] address : None
90[+] postal_code : None
91[+] emails : ['mcolomera@ANACONDAWEB.COM']
92[+] created : 20170214
93[+] updated : 20170214
94
95[+] Crawling Target...
96
97[+] Looking for robots.txt........[ Not Found ]
98[+] Looking for sitemap.xml.......[ Not Found ]
99[+] Extracting CSS Links..........[ 0 ]
100[+] Extracting Javascript Links...[ 0 ]
101[+] Extracting Internal Links.....[ 0 ]
102[+] Extracting External Links.....[ 0 ]
103[+] Extracting Images.............[ 0 ]
104
105[+] Total Links Extracted : 0
106
107[+] Completed!
108######################################################################################################################################
109[i] Scanning Site: https://www.coyhaique.cl 
110
111
112
113B A S I C   I N F O 
114====================
115
116
117[+] Site Title: Municipalidad de Coyhaique
118[+] IP address: 170.246.172.178
119[+] Web Server: Apache 
120[+] CMS: Could Not Detect 
121[+] Cloudflare: Not Detected
122[+] Robots File: Could NOT Find robots.txt! 
123
124
125
126
127W H O I S   L O O K U P
128========================
129
130	%%
131%% This is the NIC Chile Whois server (whois.nic.cl).
132%%
133%% Rights restricted by copyright.
134%% See https://www.nic.cl/normativa/politica-publicacion-de-datos-cl.pdf
135%%
136
137Domain name: coyhaique.cl
138Registrant name: I MUNICIPALIDAD DE COYHAIQUE
139Registrant organisation: 
140Registrar name: NIC Chile
141Registrar URL: https://www.nic.cl
142Creation date: 2003-04-25 14:45:56 CLST
143Expiration date: 2029-05-22 11:45:05 CLST
144Name server: dns1.coyhaique.cl (170.246.172.178)
145Name server: dns2.coyhaique.cl (170.246.172.178)
146
147%%
148%% For communication with domain contacts please use website.
149%% See https://www.nic.cl/registry/Whois.do?d=coyhaique.cl
150%%
151
152
153
154
155G E O  I P  L O O K  U P
156=========================
157
158[i] IP Address: 170.246.172.178 
159[i] Country: Chile 
160[i] State:  
161[i] City:  
162[i] Latitude: -33.4378 
163[i] Longitude: -70.6503 
164
165
166
167
168H T T P   H E A D E R S
169=======================
170
171
172[i]  HTTP/1.1 200 OK
173[i]  Date: Sun, 05 Jan 2020 02:26:14 GMT
174[i]  Server: Apache
175[i]  Last-Modified: Thu, 02 Jan 2020 18:36:47 GMT
176[i]  Accept-Ranges: bytes
177[i]  Content-Length: 1459
178[i]  Connection: close
179[i]  Content-Type: text/html; charset=iso-8859-1
180
181
182
183
184D N S   L O O K U P
185===================
186
187coyhaique.cl.		299	IN	A	170.246.172.178
188coyhaique.cl.		299	IN	NS	dns2.coyhaique.cl.
189coyhaique.cl.		299	IN	NS	dns1.coyhaique.cl.
190coyhaique.cl.		299	IN	SOA	dns1.coyhaique.cl. root.host-170-246-172-178.anacondaweb.com. 2019122005 3600 1800 1209600 86400
191coyhaique.cl.		299	IN	MX	0 mail.coyhaique.cl.
192coyhaique.cl.		14399	IN	TXT	"v=spf1 +a +mx +ip4:170.246.172.178 ~all"
193
194
195
196
197S U B N E T   C A L C U L A T I O N
198====================================
199
200Address       = 170.246.172.178
201Network       = 170.246.172.178 / 32
202Netmask       = 255.255.255.255
203Broadcast     = not needed on Point-to-Point links
204Wildcard Mask = 0.0.0.0
205Hosts Bits    = 0
206Max. Hosts    = 1   (2^0 - 0)
207Host Range    = { 170.246.172.178 - 170.246.172.178 }
208
209
210
211N M A P   P O R T   S C A N
212============================
213
214Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-05 02:26 UTC
215Nmap scan report for coyhaique.cl (170.246.172.178)
216Host is up (0.16s latency).
217rDNS record for 170.246.172.178: host-170-246-172-178.anacondaweb.com
218
219PORT     STATE    SERVICE
22021/tcp   open     ftp
22122/tcp   open     ssh
22223/tcp   filtered telnet
22380/tcp   open     http
224110/tcp  open     pop3
225143/tcp  open     imap
226443/tcp  open     https
2273389/tcp filtered ms-wbt-server
228
229Nmap done: 1 IP address (1 host up) scanned in 2.46 seconds
230
231
232
233S U B - D O M A I N   F I N D E R
234==================================
235
236
237[i] Total Subdomains Found : 4
238
239[+] Subdomain: ns1.coyhaique.cl
240[-] IP: 190.14.50.72
241
242[+] Subdomain: ns2.coyhaique.cl
243[-] IP: 190.14.50.72
244
245[+] Subdomain: mail.coyhaique.cl
246[-] IP: 170.246.172.97
247
248[+] Subdomain: webmail.coyhaique.cl
249[-] IP: 170.246.172.97
250######################################################################################################################################
251[+] Starting At 2020-01-04 21:26:57.901084
252[+] Collecting Information On: https://www.coyhaique.cl/muni/index.html
253[#] Status: 200
254--------------------------------------------------
255[#] Web Server Detected: Apache
256[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
257- Date: Sun, 05 Jan 2020 02:26:56 GMT
258- Server: Apache
259- Last-Modified: Mon, 30 Dec 2019 15:15:32 GMT
260- Accept-Ranges: bytes
261- Content-Length: 7821
262- Keep-Alive: timeout=5, max=100
263- Connection: Keep-Alive
264- Content-Type: text/html; charset=iso-8859-1
265--------------------------------------------------
266[#] Finding Location..!
267[#] status: success
268[#] country: Chile
269[#] countryCode: CL
270[#] region: LI
271[#] regionName: O'Higgins Region
272[#] city: Santa Cruz
273[#] zip: 3130000
274[#] lat: -34.6343
275[#] lon: -71.3644
276[#] timezone: America/Santiago
277[#] isp: Anacondaweb S.A.
278[#] org: Anacondaweb S.A
279[#] as: AS265656 ANACONDAWEB S.A.
280[#] query: 170.246.172.178
281--------------------------------------------------
282[x] Didn't Detect WAF Presence on: https://www.coyhaique.cl/muni/index.html
283--------------------------------------------------
284[#] Starting Reverse DNS
285[-] Failed ! Fail
286--------------------------------------------------
287[!] Scanning Open Port
288[#] 21/tcp  open ftp
289[#] 22/tcp  open ssh
290[#] 53/tcp  open domain
291[#] 80/tcp  open http
292[#] 110/tcp  open pop3
293[#] 143/tcp  open imap
294[#] 443/tcp  open https
295[#] 465/tcp  open smtps
296[#] 587/tcp  open submission
297[#] 993/tcp  open imaps
298[#] 995/tcp  open pop3s
299[#] 3306/tcp  open mysql
300--------------------------------------------------
301[+] Getting SSL Info
302{'OCSP': ('http://ocsp2.globalsign.com/gsextendvalsha2g3r3',),
303 'caIssuers': ('http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt',),
304 'crlDistributionPoints': ('http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl',),
305 'issuer': ((('countryName', 'BE'),),
306            (('organizationName', 'GlobalSign nv-sa'),),
307            (('commonName',
308              'GlobalSign Extended Validation CA - SHA256 - G3'),)),
309 'notAfter': 'Apr  6 20:06:03 2020 GMT',
310 'notBefore': 'Apr  6 20:06:03 2018 GMT',
311 'serialNumber': '73DD1C6986B727208E1A81CE',
312 'subject': ((('businessCategory', 'Private Organization'),),
313             (('serialNumber', '692403002'),),
314             (('jurisdictionCountryName', 'CL'),),
315             (('countryName', 'CL'),),
316             (('stateOrProvinceName', 'Coyhaique'),),
317             (('localityName', 'Coyhaique'),),
318             (('streetAddress', 'Francisco Bilbao 357'),),
319             (('organizationalUnitName', 'Informatica'),),
320             (('organizationName', 'Municipalidad de Coyhaique'),),
321             (('commonName', 'www.coyhaique.cl'),)),
322 'subjectAltName': (('DNS', 'www.coyhaique.cl'), ('DNS', 'coyhaique.cl')),
323 'version': 3}
324-----BEGIN CERTIFICATE-----
325MIIHPzCCBiegAwIBAgIMc90caYa3JyCOGoHOMA0GCSqGSIb3DQEBCwUAMGIxCzAJ
326BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTgwNgYDVQQDEy9H
327bG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBTSEEyNTYgLSBHMzAe
328Fw0xODA0MDYyMDA2MDNaFw0yMDA0MDYyMDA2MDNaMIHyMR0wGwYDVQQPDBRQcml2
329YXRlIE9yZ2FuaXphdGlvbjESMBAGA1UEBRMJNjkyNDAzMDAyMRMwEQYLKwYBBAGC
330NzwCAQMTAkNMMQswCQYDVQQGEwJDTDESMBAGA1UECBMJQ295aGFpcXVlMRIwEAYD
331VQQHEwlDb3loYWlxdWUxHTAbBgNVBAkTFEZyYW5jaXNjbyBCaWxiYW8gMzU3MRQw
332EgYDVQQLEwtJbmZvcm1hdGljYTEjMCEGA1UEChMaTXVuaWNpcGFsaWRhZCBkZSBD
333b3loYWlxdWUxGTAXBgNVBAMTEHd3dy5jb3loYWlxdWUuY2wwggEiMA0GCSqGSIb3
334DQEBAQUAA4IBDwAwggEKAoIBAQCksRGupWRrwfspNi24GVN0ttS36/q0M7xUnEjb
335gNYJFVtP7lZWqj5LIUUxVKyuS8mG3KHla0JCamxIBe50K3nXsTJGAgJCWJvwpxo9
336LXqYRWwatx6s1mT6klu3degkQBPYprXAeskTGBE0v9T1TeiDMIw4XIwXrYll22Tm
337OC+DL5AvQnrRC2SG2oqUuDl4bUozIvm53Da44AePmRhVm6j6vEAd50/kKYIko9qQ
338ZjKAtHQKWiJI9yQupVFd53AVRPRga2nW/kuyc9Z8bnPo8yl18Bz8BnpnTti8QBUG
339468cH2dJlzuqGjW5rD+F+5ZekFQja1yxRSNVTtPzzQbD6eJ3AgMBAAGjggNiMIID
340XjAOBgNVHQ8BAf8EBAMCBaAwgZYGCCsGAQUFBwEBBIGJMIGGMEcGCCsGAQUFBzAC
341hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2V4dGVuZHZh
342bHNoYTJnM3IzLmNydDA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AyLmdsb2JhbHNp
343Z24uY29tL2dzZXh0ZW5kdmFsc2hhMmczcjMwVQYDVR0gBE4wTDBBBgkrBgEEAaAy
344AQEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVw
345b3NpdG9yeS8wBwYFZ4EMAQEwCQYDVR0TBAIwADBFBgNVHR8EPjA8MDqgOKA2hjRo
346dHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzZXh0ZW5kdmFsc2hhMmczcjMu
347Y3JsMCkGA1UdEQQiMCCCEHd3dy5jb3loYWlxdWUuY2yCDGNveWhhaXF1ZS5jbDAd
348BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFGbtG2QvppQs
34931ugRcGl/BuhjDFNMB8GA1UdIwQYMBaAFN2z522oLujFTm7PdOZ1PJQVzugdMIIB
350fgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9K
351tWDBtOr/XqCDDwAAAWKckOZEAAAEAwBHMEUCIQCgBCiNkdK9QkUo4Y/yPV9C8DY6
352/s2xFqWLKkqLFYFxwwIgDQJmAOloIdaswt682VcyfRHfmtdImVy/ZG3ki/WbE3AA
353dwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWKckOmgAAAEAwBI
354MEYCIQCduiOTsjYQ+sUAgYEdWzewj96xd3ywXBNlb4xuepoxRQIhAJCWn7W4KSez
355Rl1JejGNTPAih16p0a41YXNsw/8gsuIxAHUAb1N2rDHwMRnYmQCkURX/dxUcEdkC
356wQApBo2yCJo32RMAAAFinJDmbwAABAMARjBEAiBEQp2T3RYhfnSzlNrgQ848h7rT
3572tZGA/4IdJ0KLN1HQQIgZXXaTVrjNOXlROVMyQ/jo0RQzy8sgpx4PA8Uy7jDoLkw
358DQYJKoZIhvcNAQELBQADggEBAChKGEu265lJX37CWxRtBTLCGKxClDcg0/OHpE/u
359en9Ix0lerWMVedLIh7LVJQITf28pxQRQuUdamLr6g2xzZMigAFcjrp6K9ccFaOfh
360DxYxZfANNy5C14BuN6ImI6whHPyrKh/sY6YugoZXHVfLBd1X4sSlE2bBMnAamIRm
36167/wsNBEQiA9CVkgTzYF2cm/Yw1U65HsBuY4URbXSxms8rEXhXLATQ00C1zYEN0q
3621dbCrGrqnPUiFHmV+zV2pQDXdPgR+7rjymuhOeEs7Jh7hwZ6HZlAf00tSN/BrOTv
363sZmdTQnEegSFDa/ioShvbSSx4bsk5XGWhgk1+BXqN3riC2c=
364-----END CERTIFICATE-----
365
366--------------------------------------------------
367[+] Collecting Information Disclosure!
368[#] Detecting sitemap.xml file
369[-] sitemap.xml file not Found!?
370[#] Detecting robots.txt file
371[-] robots.txt file not Found!?
372[#] Detecting GNU Mailman
373[-] GNU Mailman App Not Detected!?
374--------------------------------------------------
375[+] Crawling Url Parameter On: https://www.coyhaique.cl/muni/index.html
376--------------------------------------------------
377[#] Searching Html Form !
378[-] No Html Form Found!?
379--------------------------------------------------
380[-] No DOM Paramter Found!?
381--------------------------------------------------
382[-] No internal Dynamic Parameter Found!?
383--------------------------------------------------
384[!] 3 External Dynamic Parameter Discovered
385[#] https://fonts.googleapis.com/css?family=Kotta+One|Cantarell:400,700
386[#] http://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=MU070
387[#] http://www.portaltransparencia.cl/PortalPdT/web/guest/directorio-de-organismos-regulados?p_p_id=pdtorganismos_WAR_pdtorganismosportlet&orgcode=cf6e67ca3a79c7f2fd42646647787bf8
388--------------------------------------------------
389[!] 14 Internal links Discovered
390[+] https://www.coyhaique.cl/muni/index.html/../portalmunicipalidad/imagesdis/favicon.ico
391[+] https://www.coyhaique.cl/muni/index.html/presentational-only/presentational-only.css
392[+] https://www.coyhaique.cl/muni/index.html/responsive-full-background-image.css
393[+] https://www.coyhaique.cl/muni/index.html/presentational-only/movil.css
394[+] https://www.coyhaique.cl/muni/index.html/imgefectos/css/demo.css
395[+] https://www.coyhaique.cl/muni/index.html/imgefectos/css/set1.css
396[+] http://www.coyhaique.cl/portalmunicipalidad/index.php
397[+] https://www.coyhaique.cl/portalmunicipalidad/index.php
398[+] http://www.coyhaique.cl/tramitefacil/index.php
399[+] https://www.coyhaique.cl/tramitefacil/index.php
400[+] http://www.coyhaique.cl/portalturismo/index.php
401[+] https://www.coyhaique.cl/portalturismo/index.php
402[+] http://www.culturacoyhaique.cl
403[+] http://www.culturacoyhaique.cl
404--------------------------------------------------
405[!] 8 External links Discovered
406[#] https://www.youtube.com/user/coyhaiquecapital
407[#] http://www.flickr.com/photos/coyhaiquedigital
408[#] https://www.facebook.com/municipalidadcoyhaique
409[#] https://twitter.com/municoyhaique
410[#] http://www.leylobby.gob.cl/instituciones/mu070
411[#] http://datos.gob.cl/organization/municipalidad_de_coyhaique
412[#] https://www.globalsign.com/
413[#] https://www.seguridadamerica.com
414--------------------------------------------------
415[#] Mapping Subdomain..
416[!] Found 4 Subdomain
417- ns1.coyhaique.cl
418- ns2.coyhaique.cl
419- mail.coyhaique.cl
420- webmail.coyhaique.cl
421--------------------------------------------------
422[!] Done At 2020-01-04 21:27:31.980162
423######################################################################################################################################
424[INFO] ------TARGET info------
425[*] TARGET: https://www.coyhaique.cl/muni/index.html
426[*] TARGET IP: 170.246.172.178
427[INFO] NO load balancer detected for www.coyhaique.cl...
428[*] DNS servers: coyhaique.cl.
429[*] TARGET server: Apache
430[*] CC: CL
431[*] Country: Chile
432[*] RegionCode: LI
433[*] RegionName: O'Higgins Region
434[*] City: Santa Cruz
435[*] ASN: AS265656
436[*] BGP_PREFIX: 170.246.172.0/22
437[*] ISP: ANACONDAWEB S.A., CL
438[INFO] SSL/HTTPS certificate detected
439[*] Issuer: issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Extended Validation CA - SHA256 - G3
440[*] Subject: subject=businessCategory = Private Organization, serialNumber = 692403002, jurisdictionC = CL, C = CL, ST = Coyhaique, L = Coyhaique, street = Francisco Bilbao 357, OU = Informatica, O = Municipalidad de Coyhaique, CN = www.coyhaique.cl
441[INFO] DNS enumeration:
442[*] ftp.coyhaique.cl 	 170.246.172.178
443[*] mail.coyhaique.cl 	 170.246.172.97
444[*] webmail.coyhaique.cl 	 170.246.172.97
445[INFO] Possible abuse mails are:
446[*] abuse@coyhaique.cl
447[*] abuse@www.coyhaique.cl
448[*] mcolomera@anacondaweb.com
449[INFO] NO PAC (Proxy Auto Configuration) file FOUND
450[INFO] Checking for HTTP status codes recursively from /muni/index.html
451[INFO] Status code 	 Folders 
452[*] 	 200 		 http://www.coyhaique.cl/muni/
453[INFO] Starting FUZZing in http://www.coyhaique.cl/FUzZzZzZzZz...
454[INFO] Status code 	 Folders 
455[ALERT] Look in the source code. It may contain passwords
456[INFO] Links found from https://www.coyhaique.cl/muni/index.html http://170.246.172.178/:
457[*] http://170.246.172.178/cgi-sys/defaultwebpage.cgi
458[*] http://datos.gob.cl/organization/municipalidad_de_coyhaique
459[*] https://twitter.com/municoyhaique
460[*] https://www.coyhaique.cl/portalmunicipalidad/index.php
461[*] https://www.coyhaique.cl/portalturismo/index.php
462[*] https://www.coyhaique.cl/tramitefacil/index.php
463[*] https://www.facebook.com/municipalidadcoyhaique
464[*] https://www.globalsign.com/
465[*] https://www.seguridadamerica.com/
466[*] https://www.youtube.com/user/coyhaiquecapital
467[*] http://www.coyhaique.cl/portalmunicipalidad/index.php
468[*] http://www.coyhaique.cl/portalturismo/index.php
469[*] http://www.coyhaique.cl/tramitefacil/index.php
470[*] http://www.culturacoyhaique.cl/
471[*] http://www.flickr.com/photos/coyhaiquedigital
472[*] http://www.leylobby.gob.cl/instituciones/mu070
473[*] http://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=MU070
474[*] http://www.portaltransparencia.cl/PortalPdT/web/guest/directorio-de-organismos-regulados?p_p_id=pdtorganismos_WAR_pdtorganismosportlet&orgcode=cf6e67ca3a79c7f2fd42646647787bf8
475cut: intervalle de champ incorrecte
476Saisissez « cut --help » pour plus d'informations.
477[INFO] Shodan detected the following opened ports on 170.246.172.178:
478[*] 0
479[*] 1
480[*] 110
481[*] 143
482[*] 2
483[*] 2082
484[*] 2083
485[*] 2086
486[*] 2087
487[*] 21
488[*] 22
489[*] 3
490[*] 3306
491[*] 4
492[*] 443
493[*] 465
494[*] 53
495[*] 587
496[*] 6
497[*] 80
498[*] 9
499[*] 993
500[*] 995
501[INFO] ------VirusTotal SECTION------
502[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
503[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
504[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
505[INFO] ------Alexa Rank SECTION------
506[INFO] Percent of Visitors Rank in Country:
507[INFO] Percent of Search Traffic:
508[INFO] Percent of Unique Visits:
509[INFO] Total Sites Linking In:
510[*] Total  Sites
511[INFO] Useful links related to www.coyhaique.cl - 170.246.172.178:
512[*] https://www.virustotal.com/pt/ip-address/170.246.172.178/information/
513[*] https://www.hybrid-analysis.com/search?host=170.246.172.178
514[*] https://www.shodan.io/host/170.246.172.178
515[*] https://www.senderbase.org/lookup/?search_string=170.246.172.178
516[*] https://www.alienvault.com/open-threat-exchange/ip/170.246.172.178
517[*] http://pastebin.com/search?q=170.246.172.178
518[*] http://urlquery.net/search.php?q=170.246.172.178
519[*] http://www.alexa.com/siteinfo/www.coyhaique.cl
520[*] http://www.google.com/safebrowsing/diagnostic?site=www.coyhaique.cl
521[*] https://censys.io/ipv4/170.246.172.178
522[*] https://www.abuseipdb.com/check/170.246.172.178
523[*] https://urlscan.io/search/#170.246.172.178
524[*] https://github.com/search?q=170.246.172.178&type=Code
525[INFO] Useful links related to AS265656 - 170.246.172.0/22:
526[*] http://www.google.com/safebrowsing/diagnostic?site=AS:265656
527[*] https://www.senderbase.org/lookup/?search_string=170.246.172.0/22
528[*] http://bgp.he.net/AS265656
529[*] https://stat.ripe.net/AS265656
530[INFO] Date: 04/01/20 | Time: 21:28:23
531[INFO] Total time: 1 minute(s) and 24 second(s)
532######################################################################################################################################
533Trying "coyhaique.cl"
534;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4733
535;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2
536
537;; QUESTION SECTION:
538;coyhaique.cl.			IN	ANY
539
540;; ANSWER SECTION:
541coyhaique.cl.		14400	IN	TXT	"v=spf1 +a +mx +ip4:170.246.172.178 ~all"
542coyhaique.cl.		300	IN	MX	0 mail.coyhaique.cl.
543coyhaique.cl.		300	IN	SOA	dns1.coyhaique.cl. root.host-170-246-172-178.anacondaweb.com. 2019122005 3600 1800 1209600 86400
544coyhaique.cl.		300	IN	A	170.246.172.178
545coyhaique.cl.		300	IN	NS	dns1.coyhaique.cl.
546coyhaique.cl.		300	IN	NS	dns2.coyhaique.cl.
547
548;; ADDITIONAL SECTION:
549dns2.coyhaique.cl.	3599	IN	A	170.246.172.178
550dns1.coyhaique.cl.	3599	IN	A	170.246.172.178
551
552Received 266 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1478 ms
553######################################################################################################################################
554
555; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace coyhaique.cl any
556;; global options: +cmd
557.			81806	IN	NS	c.root-servers.net.
558.			81806	IN	NS	i.root-servers.net.
559.			81806	IN	NS	l.root-servers.net.
560.			81806	IN	NS	m.root-servers.net.
561.			81806	IN	NS	b.root-servers.net.
562.			81806	IN	NS	h.root-servers.net.
563.			81806	IN	NS	k.root-servers.net.
564.			81806	IN	NS	a.root-servers.net.
565.			81806	IN	NS	d.root-servers.net.
566.			81806	IN	NS	e.root-servers.net.
567.			81806	IN	NS	f.root-servers.net.
568.			81806	IN	NS	j.root-servers.net.
569.			81806	IN	NS	g.root-servers.net.
570.			81806	IN	RRSIG	NS 8 0 518400 20200117200000 20200104190000 33853 . kMi2mZzQjbKFx893b4YE9E45mUx9+GF+PtH7CC8ggigx3Z6Oo2jf70IL gYE9g+UcUF7XU240hRvzAgA4n1gkCQXlrQ1zhtFnHkk4QbsX7/v+N1dB viDPyJB37Q91OFdGv5jKPeWNkfqVdAu4hD/RiDU3PXM7C+pzx/CdXe4n 310Nqi9kTwhu+5mz70mHWctbSJmvsUjFkFQsJgK3Hh875atllBhWToTc s0r0E7q4wFIjAa8e9dNsvjP6YxLAQrORCJJYibTV1BQAEqMX/k/mN0Q4 yZMQ7yc01qUYyVwXzF2VVEby0eznxTBLTTaLOZXYQ4W6hI/uHIOHyDuV hb8Rpg==
571;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 260 ms
572
573cl.			172800	IN	NS	a.nic.cl.
574cl.			172800	IN	NS	b.nic.cl.
575cl.			172800	IN	NS	c.nic.cl.
576cl.			172800	IN	NS	cl1.dnsnode.net.
577cl.			172800	IN	NS	cl-ns.anycast.pch.net.
578cl.			172800	IN	NS	cl1-tld.d-zone.ca.
579cl.			172800	IN	NS	cl2-tld.d-zone.ca.
580cl.			86400	IN	DS	21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
581cl.			86400	IN	RRSIG	DS 8 1 86400 20200117200000 20200104190000 33853 . lfDOs8NQqSIbjIAK5ZuZJExnTJcXfP1ecAMsTyLo5vLllmm4VLCrG09f 3LRWNyHrhmqoVK2RAkSUaWt61c+tbigCbgYcQIX2rpj7XYh2nu6PWboZ +w1F6CBa//GQKEpQJYhGNWXPn9fg9CDiTbEqwD9ARSIPNYUD83UTMR5M ppc1WQj0oke1mlERYSiw8eii06tphRueyuVeAY4G/BQ7F777fWgwqMer N1tWzGDA9WLfMsU6lqIB0s9S61McxhJQUMGdGqPWUe0G0+NSGi5kK0ql YmtR4W1miEew/4V2M/tgXLGWFS7lrPGvLM8nwAslL0vD1yUwmbvzJtc6 BCaxuw==
582;; Received 822 bytes from 199.7.83.42#53(l.root-servers.net) in 248 ms
583
584coyhaique.cl.		3600	IN	NS	dns2.coyhaique.cl.
585coyhaique.cl.		3600	IN	NS	dns1.coyhaique.cl.
586ENJ56T1DNAEJ9QO23NSKLRTIT3RH6A0Q.cl. 900 IN NSEC3 1 1 2 15C4F375A9FC5E8F74D9A3E0646F8B47 ESFL3ESLN592VMME2MBHGQPPJDA7DR6U NS SOA TXT RRSIG DNSKEY NSEC3PARAM
587ENJ56T1DNAEJ9QO23NSKLRTIT3RH6A0Q.cl. 900 IN RRSIG NSEC3 8 2 900 20200217104605 20200105010027 12363 cl. QVsZeJ40UogWLjfQqxFEKJe5gUr3RzDeqn0spMiUZoBFphFCkZeevadO jvQxXGrRRFGlL4fnIO9/gc5cYg/fXEIWzjvOoWGTKUOyAHltbwjLvxEh kP33VlVqe3eqtVOFt6pEx24f4GLSOf9jll5RZVLKVd2jlrUhLhF4nIBd tpQ=
588GASSCLT0MEV32LT359HIB3QJUNT59VR3.cl. 900 IN NSEC3 1 1 2 15C4F375A9FC5E8F74D9A3E0646F8B47 GNFO26SVLFDUL8MNUQTJSEAVHSC67J5A NS DS RRSIG
589GASSCLT0MEV32LT359HIB3QJUNT59VR3.cl. 900 IN RRSIG NSEC3 8 2 900 20200216152230 20200105010027 12363 cl. SVhchf2y7Bj1pV8nw9nIwImA5drdgNfFau7r6f1MdCvNDRD+naxkkfxZ 4YI5oHIwI5hgBp4NgoOZL3w9L265bZYCrPPgssFuPfKzkhsVkJRRoc2u hf1rb3Hn3qStQQgbvnfRaJrUy0FzKZ/CwwU7urmNV4jhQJij4DktAXCr mHQ=
590;; Received 654 bytes from 2001:500:14:6030:ad::1#53(cl-ns.anycast.pch.net) in 26 ms
591
592coyhaique.cl.		300	IN	A	170.246.172.178
593coyhaique.cl.		300	IN	NS	dns2.coyhaique.cl.
594coyhaique.cl.		300	IN	NS	dns1.coyhaique.cl.
595coyhaique.cl.		300	IN	SOA	dns1.coyhaique.cl. root.host-170-246-172-178.anacondaweb.com. 2019122005 3600 1800 1209600 86400
596coyhaique.cl.		300	IN	MX	0 mail.coyhaique.cl.
597coyhaique.cl.		14400	IN	TXT	"v=spf1 +a +mx +ip4:170.246.172.178 ~all"
598;; Received 293 bytes from 170.246.172.178#53(dns1.coyhaique.cl) in 415 ms
599######################################################################################################################################
600[*] Performing General Enumeration of Domain: coyhaique.cl
601[-] DNSSEC is not configured for coyhaique.cl
602[*] 	 SOA dns1.coyhaique.cl 170.246.172.178
603[*] 	 NS dns1.coyhaique.cl 170.246.172.178
604[*] 	 Bind Version for 170.246.172.178 PowerDNS Authoritative Server 4.1.10 (built Sep  4 2019 10:30:59 by root@rpmbuild-64-centos-7.dev.cpanel.net)
605[*] 	 NS dns2.coyhaique.cl 170.246.172.178
606[*] 	 Bind Version for 170.246.172.178 PowerDNS Authoritative Server 4.1.10 (built Sep  4 2019 10:30:59 by root@rpmbuild-64-centos-7.dev.cpanel.net)
607[*] 	 MX mail.coyhaique.cl 170.246.172.97
608[*] 	 A coyhaique.cl 170.246.172.178
609[*] 	 TXT coyhaique.cl v=spf1 +a +mx +ip4:170.246.172.178 ~all
610[*] Enumerating SRV Records
611[-] No SRV Records Found for coyhaique.cl
612[+] 0 Records Found
613######################################################################################################################################
614[*] Processing domain coyhaique.cl
615[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:698:724f:b8ff:fefd:5b6a', '192.168.0.1']
616[+] Getting nameservers
617170.246.172.178 - dns1.coyhaique.cl
618170.246.172.178 - dns2.coyhaique.cl
619[-] Zone transfer failed
620
621[+] TXT records found
622"v=spf1 +a +mx +ip4:170.246.172.178 ~all"
623
624[+] MX records found, added to target list
6250 mail.coyhaique.cl.
626
627[*] Scanning coyhaique.cl for A records
628170.246.172.178 - coyhaique.cl                       
629170.246.172.178 - cpanel.coyhaique.cl                           
630170.246.172.178 - dns1.coyhaique.cl                    
631170.246.172.178 - dns2.coyhaique.cl            
632170.246.172.178 - ftp.coyhaique.cl                               
633170.246.172.97 - mail.coyhaique.cl                     
634170.246.172.97 - webmail.coyhaique.cl                    
635170.246.172.178 - webdisk.coyhaique.cl
636170.246.172.178 - whm.coyhaique.cl                    
637170.246.172.178 - www.coyhaique.cl    
638######################################################################################################################################
639
640 AVAILABLE PLUGINS
641 -----------------
642
643  RobotPlugin
644  EarlyDataPlugin
645  CertificateInfoPlugin
646  OpenSslCcsInjectionPlugin
647  SessionResumptionPlugin
648  SessionRenegotiationPlugin
649  HeartbleedPlugin
650  CompressionPlugin
651  FallbackScsvPlugin
652  OpenSslCipherSuitesPlugin
653  HttpHeadersPlugin
654
655
656
657 CHECKING HOST(S) AVAILABILITY
658 -----------------------------
659
660   170.246.172.178:443                       => 170.246.172.178 
661
662
663
664
665 SCAN RESULTS FOR 170.246.172.178:443 - 170.246.172.178
666 ------------------------------------------------------
667
668 * Deflate Compression:
669                                          OK - Compression disabled
670
671 * TLSV1 Cipher Suites:
672      Server rejected all cipher suites.
673
674 * TLSV1_1 Cipher Suites:
675      Server rejected all cipher suites.
676
677 * SSLV2 Cipher Suites:
678      Server rejected all cipher suites.
679
680 * OpenSSL CCS Injection:
681                                          OK - Not vulnerable to OpenSSL CCS injection
682
683 * SSLV3 Cipher Suites:
684      Server rejected all cipher suites.
685
686 * Certificate Information:
687     Content
688       SHA1 Fingerprint:                  28112a7fca96f8c39ca0ccc9da5509b448b55948
689       Common Name:                       www.coyhaique.cl
690       Issuer:                            GlobalSign Extended Validation CA - SHA256 - G3
691       Serial Number:                     35858082908466434583125721550
692       Not Before:                        2018-04-06 20:06:03
693       Not After:                         2020-04-06 20:06:03
694       Signature Algorithm:               sha256
695       Public Key Algorithm:              RSA
696       Key Size:                          2048
697       Exponent:                          65537 (0x10001)
698       DNS Subject Alternative Names:     ['www.coyhaique.cl', 'coyhaique.cl']
699
700     Trust
701       Hostname Validation:               FAILED - Certificate does NOT match 170.246.172.178
702       Android CA Store (9.0.0_r9):       OK - Certificate is trusted
703       Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
704       Java CA Store (jdk-12.0.1):        OK - Certificate is trusted
705       Mozilla CA Store (2019-03-14):     OK - Certificate is trusted, Extended Validation
706       Windows CA Store (2019-05-27):     OK - Certificate is trusted
707       Symantec 2018 Deprecation:         WARNING: Certificate distrusted by Google and Mozilla on September 2018
708       Received Chain:                    www.coyhaique.cl --> GlobalSign Extended Validation CA - SHA256 - G3
709       Verified Chain:                    www.coyhaique.cl --> GlobalSign Extended Validation CA - SHA256 - G3 --> GlobalSign
710       Received Chain Contains Anchor:    OK - Anchor certificate not sent
711       Received Chain Order:              OK - Order is valid
712       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain
713
714     Extensions
715       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
716       Certificate Transparency:          OK - 3 SCTs included
717
718     OCSP Stapling
719       OCSP Response Status:              successful
720       Validation w/ Mozilla Store:       OK - Response is trusted
721       Responder Id:                      E2F07AE356B24498C382E97E9F4333AC74B7773D
722       Cert Status:                       good
723       Cert Serial Number:                73DD1C6986B727208E1A81CE
724       This Update:                       Jan  5 01:31:53 2020 GMT
725       Next Update:                       Jan  9 01:31:53 2020 GMT
726
727 * Session Renegotiation:
728       Client-initiated Renegotiation:    OK - Rejected
729       Secure Renegotiation:              OK - Supported
730
731 * TLS 1.2 Session Resumption Support:
732      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
733      With TLS Tickets:                  OK - Supported
734
735 * ROBOT Attack:
736                                          OK - Not vulnerable, RSA cipher suites not supported
737
738 * TLSV1_3 Cipher Suites:
739      Server rejected all cipher suites.
740
741 * Downgrade Attacks:
742       TLS_FALLBACK_SCSV:                 OK - Supported
743
744 * OpenSSL Heartbleed:
745                                          OK - Not vulnerable to Heartbleed
746
747 * TLSV1_2 Cipher Suites:
748       Forward Secrecy                    OK - Supported
749       RC4                                OK - Not Supported
750
751     Preferred:
752        None - Server followed client cipher suite preference.                                                            
753     Accepted:
754        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      HTTP 200 OK                                                 
755        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256                            128 bits      HTTP 200 OK                                                 
756        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                              256 bits      HTTP 200 OK                                                 
757        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                              128 bits      HTTP 200 OK                                                 
758
759
760 SCAN COMPLETED IN 30.52 S
761 -------------------------
762#######################################################################################################################################
763
764Domains still to check: 1
765	Checking if the hostname coyhaique.cl. given is in fact a domain...
766
767Analyzing domain: coyhaique.cl.
768	Checking NameServers using system default resolver...
769		IP: 170.246.172.178 (Chile)
770			HostName: dns1.coyhaique.cl 			Type: NS
771			HostName: host-170-246-172-178.anacondaweb.com		Type: PTR
772		IP: 170.246.172.178 (Chile)
773			HostName: dns1.coyhaique.cl 			Type: NS
774			HostName: host-170-246-172-178.anacondaweb.com		Type: PTR
775			HostName: dns2.coyhaique.cl 			Type: NS
776
777	Checking MailServers using system default resolver...
778		IP: 170.246.172.97 (Chile)
779			HostName: mail.coyhaique.cl 			Type: MX
780			HostName: host-170-246-172-97.anacondaweb.com		Type: PTR
781
782	Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
783		No zone transfer found on nameserver 170.246.172.178
784		No zone transfer found on nameserver 170.246.172.178
785
786	Checking SPF record...
787
788	Checking 192 most common hostnames using system default resolver...
789		IP: 170.246.172.178 (Chile)
790			HostName: dns1.coyhaique.cl 			Type: NS
791			HostName: host-170-246-172-178.anacondaweb.com		Type: PTR
792			HostName: dns2.coyhaique.cl 			Type: NS
793			Type: SPF
794			HostName: www.coyhaique.cl. 			Type: A
795		IP: 170.246.172.178 (Chile)
796			HostName: dns1.coyhaique.cl 			Type: NS
797			HostName: host-170-246-172-178.anacondaweb.com		Type: PTR
798			HostName: dns2.coyhaique.cl 			Type: NS
799			Type: SPF
800			HostName: www.coyhaique.cl. 			Type: A
801			HostName: ftp.coyhaique.cl. 			Type: A
802		IP: 170.246.172.97 (Chile)
803			HostName: mail.coyhaique.cl 			Type: MX
804			HostName: host-170-246-172-97.anacondaweb.com		Type: PTR
805			HostName: mail.coyhaique.cl. 			Type: A
806		IP: 170.246.172.97 (Chile)
807			HostName: mail.coyhaique.cl 			Type: MX
808			HostName: host-170-246-172-97.anacondaweb.com		Type: PTR
809			HostName: mail.coyhaique.cl. 			Type: A
810			HostName: webmail.coyhaique.cl. 			Type: A
811
812	Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
813		Checking netblock 170.246.172.0
814
815	Searching for coyhaique.cl. emails in Google
816		hualaalcalde@coyhaique.cl 
817		turismo@coyhaique.cl.
818
819	Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
820		Host 170.246.172.97 is up (reset ttl 64)
821		Host 170.246.172.178 is up (reset ttl 64)
822
823	Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
824		Scanning ip 170.246.172.97 (webmail.coyhaique.cl.):
825			21/tcp    open   ftp          syn-ack ttl 53 Pure-FTPd
826				| ssl-cert: Subject: commonName=host-170-246-172-97.anacondaweb.com
827				| Subject Alternative Name: DNS:host-170-246-172-97.anacondaweb.com, DNS:www.host-170-246-172-97.anacondaweb.com
828				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
829				| Public Key type: rsa
830				| Public Key bits: 2048
831				| Signature Algorithm: sha256WithRSAEncryption
832				| Not valid before: 2019-11-25T00:00:00
833				| Not valid after:  2020-11-24T23:59:59
834				| MD5:   cae5 cb8f dce3 5d1d e617 6a9a b1d0 f22a
835				|_SHA-1: a633 dd63 1989 31f7 5cfe bdf2 27ff c4aa 4e12 8d22
836				|_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
837			53/tcp    open   domain       syn-ack ttl 53 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
838				| dns-nsid: 
839				|_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
840			80/tcp    open   http         syn-ack ttl 53 Apache httpd
841				| http-methods: 
842				|_  Supported Methods: GET POST OPTIONS HEAD
843				|_http-server-header: Apache
844				|_http-title: Site doesn't have a title (text/html).
845			110/tcp   open   pop3         syn-ack ttl 53 Dovecot pop3d
846				|_pop3-capabilities: UIDL RESP-CODES USER SASL(PLAIN LOGIN) STLS TOP PIPELINING CAPA AUTH-RESP-CODE
847				|_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
848			143/tcp   open   imap         syn-ack ttl 53 Dovecot imapd
849				|_imap-capabilities: STARTTLS SASL-IR Pre-login post-login AUTH=PLAIN have ENABLE more IMAP4rev1 AUTH=LOGINA0001 capabilities IDLE LITERAL+ NAMESPACE listed LOGIN-REFERRALS OK ID
850				|_ssl-date: 2020-01-05T02:36:36+00:00; -3s from scanner time.
851			443/tcp   open   ssl/http     syn-ack ttl 53 Apache httpd
852				| http-methods: 
853				|_  Supported Methods: GET HEAD POST OPTIONS
854				|_http-server-header: Apache
855				|_http-title: Index of /
856				| ssl-cert: Subject: commonName=mail.coyhaique.cl
857				| Subject Alternative Name: DNS:mail.coyhaique.cl, DNS:webmail.coyhaique.cl
858				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
859				| Public Key type: rsa
860				| Public Key bits: 2048
861				| Signature Algorithm: sha256WithRSAEncryption
862				| Not valid before: 2019-10-29T00:00:00
863				| Not valid after:  2020-01-27T23:59:59
864				| MD5:   2920 61b1 6819 722e 0ef7 a611 c96e bcaa
865				|_SHA-1: fa86 df74 5bc9 6a1a 2cf2 7141 f279 b704 d14a 54dc
866				|_ssl-date: TLS randomness does not represent time
867				| tls-alpn: 
868				|_  http/1.1
869			465/tcp   open   ssl/smtp     syn-ack ttl 53 Exim smtpd 4.92
870				|_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
871				| ssl-cert: Subject: commonName=host-170-246-172-97.anacondaweb.com
872				| Subject Alternative Name: DNS:host-170-246-172-97.anacondaweb.com, DNS:www.host-170-246-172-97.anacondaweb.com
873				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
874				| Public Key type: rsa
875				| Public Key bits: 2048
876				| Signature Algorithm: sha256WithRSAEncryption
877				| Not valid before: 2019-11-25T00:00:00
878				| Not valid after:  2020-11-24T23:59:59
879				| MD5:   cae5 cb8f dce3 5d1d e617 6a9a b1d0 f22a
880				|_SHA-1: a633 dd63 1989 31f7 5cfe bdf2 27ff c4aa 4e12 8d22
881				|_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
882			587/tcp   open   smtp         syn-ack ttl 53 Exim smtpd 4.92
883				| smtp-commands: host-170-246-172-97.anacondaweb.com Hello nmap.scanme.org [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP, 
884				|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
885				| ssl-cert: Subject: commonName=host-170-246-172-97.anacondaweb.com
886				| Subject Alternative Name: DNS:host-170-246-172-97.anacondaweb.com, DNS:www.host-170-246-172-97.anacondaweb.com
887				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
888				| Public Key type: rsa
889				| Public Key bits: 2048
890				| Signature Algorithm: sha256WithRSAEncryption
891				| Not valid before: 2019-11-25T00:00:00
892				| Not valid after:  2020-11-24T23:59:59
893				| MD5:   cae5 cb8f dce3 5d1d e617 6a9a b1d0 f22a
894				|_SHA-1: a633 dd63 1989 31f7 5cfe bdf2 27ff c4aa 4e12 8d22
895				|_ssl-date: 2020-01-05T02:36:37+00:00; -2s from scanner time.
896			993/tcp   open   ssl/imaps?   syn-ack ttl 53
897				|_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
898			995/tcp   open   ssl/pop3s?   syn-ack ttl 53
899				|_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
900			3306/tcp  open   mysql        syn-ack ttl 53 MySQL (unauthorized)
901				Device type: general purpose|storage-misc|media device|WAP
902				Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
903			OS Info: Service Info: Host: host-170-246-172-97.anacondaweb.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
904				|_clock-skew: mean: -2s, deviation: 0s, median: -2s
905		Scanning ip 170.246.172.178 (ftp.coyhaique.cl.):
906			21/tcp    open   ftp          syn-ack ttl 53 Pure-FTPd
907				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
908				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
909				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
910				| Public Key type: rsa
911				| Public Key bits: 2048
912				| Signature Algorithm: sha256WithRSAEncryption
913				| Not valid before: 2019-12-11T00:00:00
914				| Not valid after:  2020-12-10T23:59:59
915				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
916				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
917				|_ssl-date: TLS randomness does not represent time
918			22/tcp    open   ssh          syn-ack ttl 53 OpenSSH 7.4 (protocol 2.0)
919				| ssh-hostkey: 
920				|   2048 aa:1d:e3:0d:56:17:88:a2:ea:4c:19:42:db:7a:b1:a3 (RSA)
921				|   256 40:6a:93:21:f9:9f:b9:9e:0c:99:93:9a:9f:ce:ac:80 (ECDSA)
922				|_  256 3c:d4:65:67:ec:1a:07:96:d5:e6:4b:6e:85:dc:60:e7 (ED25519)
923			53/tcp    open   domain       syn-ack ttl 53 PowerDNS Authoritative Server 4.1.10
924				| dns-nsid: 
925				|   NSID: host-170-246-172-178.anacondaweb.com (686f73742d3137302d3234362d3137322d3137382e616e61636f6e64617765622e636f6d)
926				|   id.server: host-170-246-172-178.anacondaweb.com
927				|_  bind.version: PowerDNS Authoritative Server 4.1.10 (built Sep  4 2019 10:30:59 by root@rpmbuild-64-centos-7.dev.cpanel.net)
928			80/tcp    open   http         syn-ack ttl 53 Apache httpd
929				| http-methods: 
930				|_  Supported Methods: POST OPTIONS HEAD GET
931				|_http-server-header: Apache
932				|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
933			110/tcp   open   pop3         syn-ack ttl 53 Dovecot pop3d
934				|_pop3-capabilities: CAPA AUTH-RESP-CODE TOP RESP-CODES SASL(PLAIN LOGIN) STLS PIPELINING USER UIDL
935				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
936				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
937				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
938				| Public Key type: rsa
939				| Public Key bits: 2048
940				| Signature Algorithm: sha256WithRSAEncryption
941				| Not valid before: 2019-12-11T00:00:00
942				| Not valid after:  2020-12-10T23:59:59
943				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
944				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
945			143/tcp   open   imap         syn-ack ttl 53 Dovecot imapd
946				|_imap-capabilities: capabilities Pre-login AUTH=PLAIN NAMESPACE post-login ENABLE IMAP4rev1 LITERAL+ IDLE more have LOGIN-REFERRALS STARTTLS ID listed OK AUTH=LOGINA0001 SASL-IR
947				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
948				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
949				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
950				| Public Key type: rsa
951				| Public Key bits: 2048
952				| Signature Algorithm: sha256WithRSAEncryption
953				| Not valid before: 2019-12-11T00:00:00
954				| Not valid after:  2020-12-10T23:59:59
955				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
956				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
957			443/tcp   open   ssl/http     syn-ack ttl 53 Apache httpd
958				| http-methods: 
959				|_  Supported Methods: POST OPTIONS HEAD GET
960				|_http-server-header: Apache
961				|_http-title: Municipalidad de Coyhaique
962				| ssl-cert: Subject: commonName=www.coyhaique.cl/organizationName=Municipalidad de Coyhaique/stateOrProvinceName=Coyhaique/countryName=CL
963				| Subject Alternative Name: DNS:www.coyhaique.cl, DNS:coyhaique.cl
964				| Issuer: commonName=GlobalSign Extended Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
965				| Public Key type: rsa
966				| Public Key bits: 2048
967				| Signature Algorithm: sha256WithRSAEncryption
968				| Not valid before: 2018-04-06T20:06:03
969				| Not valid after:  2020-04-06T20:06:03
970				| MD5:   376a 777c d958 d12f 5bd6 844b 77bb 7e42
971				|_SHA-1: 2811 2a7f ca96 f8c3 9ca0 ccc9 da55 09b4 48b5 5948
972			465/tcp   open   ssl/smtp     syn-ack ttl 53 Exim smtpd 4.92
973				| smtp-commands: host-170-246-172-178.anacondaweb.com Hello nmap.scanme.org [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP, 
974				|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
975				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
976				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
977				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
978				| Public Key type: rsa
979				| Public Key bits: 2048
980				| Signature Algorithm: sha256WithRSAEncryption
981				| Not valid before: 2019-12-11T00:00:00
982				| Not valid after:  2020-12-10T23:59:59
983				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
984				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
985			587/tcp   open   smtp         syn-ack ttl 53 Exim smtpd 4.92
986				| smtp-commands: host-170-246-172-178.anacondaweb.com Hello nmap.scanme.org [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP, 
987				|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
988				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
989				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
990				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
991				| Public Key type: rsa
992				| Public Key bits: 2048
993				| Signature Algorithm: sha256WithRSAEncryption
994				| Not valid before: 2019-12-11T00:00:00
995				| Not valid after:  2020-12-10T23:59:59
996				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
997				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
998			993/tcp   open   imaps?       syn-ack ttl 53
999				|_imap-capabilities: capabilities Pre-login AUTH=PLAIN NAMESPACE post-login ENABLE IMAP4rev1 LITERAL+ IDLE more LOGIN-REFERRALS have ID listed AUTH=LOGINA0001 OK SASL-IR
1000				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
1001				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
1002				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1003				| Public Key type: rsa
1004				| Public Key bits: 2048
1005				| Signature Algorithm: sha256WithRSAEncryption
1006				| Not valid before: 2019-12-11T00:00:00
1007				| Not valid after:  2020-12-10T23:59:59
1008				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
1009				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
1010			995/tcp   open   pop3s?       syn-ack ttl 53
1011				|_pop3-capabilities: TOP RESP-CODES CAPA SASL(PLAIN LOGIN) AUTH-RESP-CODE PIPELINING USER UIDL
1012				| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
1013				| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
1014				| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1015				| Public Key type: rsa
1016				| Public Key bits: 2048
1017				| Signature Algorithm: sha256WithRSAEncryption
1018				| Not valid before: 2019-12-11T00:00:00
1019				| Not valid after:  2020-12-10T23:59:59
1020				| MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
1021				|_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
1022			3306/tcp  open   mysql        syn-ack ttl 53 MySQL (unauthorized)
1023				Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
1024			OS Info: Service Info: Host: host-170-246-172-178.anacondaweb.com
1025	WebCrawling domain's web servers... up to 50 max links.
1026
1027	+ URL to crawl: http://mail.coyhaique.cl
1028	+ Date: 2020-01-04
1029
1030	+ Crawling URL: http://mail.coyhaique.cl:
1031		+ Links: 
1032			+ Crawling http://mail.coyhaique.cl 
1033			+ Crawling http://mail.coyhaique.cl/?C=N;O=D 
1034			+ Crawling http://mail.coyhaique.cl/?C=M;O=A 
1035			+ Crawling http://mail.coyhaique.cl/?C=S;O=A 
1036			+ Crawling http://mail.coyhaique.cl/?C=D;O=A 
1037			+ Crawling http://mail.coyhaique.cl/cgi-bin/  (403 Forbidden) 
1038			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A 
1039			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A 
1040			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A 
1041			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A 
1042			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1043			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/?C=N;O=A 
1044			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/?C=M;O=D 
1045			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/?C=S;O=A 
1046			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/?C=D;O=A 
1047			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1048			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/?C=N;O=A 
1049			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/?C=M;O=A 
1050			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/?C=S;O=D 
1051			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/?C=D;O=A 
1052			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1053			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/?C=N;O=A 
1054			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/?C=M;O=A 
1055			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/?C=S;O=A 
1056			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/?C=D;O=D 
1057			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1058			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=N;O=D 
1059			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=M;O=A 
1060			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=S;O=A 
1061			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=D;O=A 
1062			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1063			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=N;O=D 
1064			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=M;O=A 
1065			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=S;O=A 
1066			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=D;O=A 
1067			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1068			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=N;O=D 
1069			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=M;O=A 
1070			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=S;O=A 
1071			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=D;O=A 
1072			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1073			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=N;O=D 
1074			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=M;O=A 
1075			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=S;O=A 
1076			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=D;O=A 
1077			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1078			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=N;O=D 
1079			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=M;O=A 
1080			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=S;O=A 
1081			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=D;O=A 
1082		+ Searching for directories...
1083			- Found: http://mail.coyhaique.cl/cgi-bin/
1084			- Found: http://mail.coyhaique.cl/?C=N;O=D/
1085			- Found: http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1086			- Found: http://mail.coyhaique.cl/?C=M;O=A/
1087			- Found: http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1088			- Found: http://mail.coyhaique.cl/?C=S;O=A/
1089			- Found: http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1090			- Found: http://mail.coyhaique.cl/?C=D;O=A/
1091			- Found: http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1092			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1093			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1094			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1095			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1096			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1097			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1098			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1099			- Found: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1100		+ Searching open folders... 
1101			- http://mail.coyhaique.cl/cgi-bin/ (403 Forbidden) 
1102			- http://mail.coyhaique.cl/?C=N;O=D/ 
1103			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/ 
1104			- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1105			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1106			- http://mail.coyhaique.cl/?C=M;O=A/ 
1107			>>> Directory indexing at: http://mail.coyhaique.cl/?C=M;O=A/ 
1108			- http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1109			>>> Directory indexing at: http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1110			- http://mail.coyhaique.cl/?C=S;O=A/ 
1111			>>> Directory indexing at: http://mail.coyhaique.cl/?C=S;O=A/ 
1112			- http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1113			>>> Directory indexing at: http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1114			- http://mail.coyhaique.cl/?C=D;O=A/ 
1115			>>> Directory indexing at: http://mail.coyhaique.cl/?C=D;O=A/ 
1116			- http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1117			>>> Directory indexing at: http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1118			- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/ 
1119			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/ 
1120			- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1121			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1122			- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/ 
1123			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/ 
1124			- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1125			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1126			- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/ 
1127			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/ 
1128			- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1129			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1130			- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/ 
1131			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/ 
1132			- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1133			>>> Directory indexing at: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1134		+ Crawling directories with indexing: 
1135			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/ 
1136			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1137			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/ 
1138			+ Crawling http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1139			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/ 
1140			+ Crawling http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1141			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/ 
1142			+ Crawling http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1143			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/ 
1144			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1145			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/ 
1146			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1147			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/ 
1148			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1149			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/ 
1150			+ Crawling http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1151		+ Crawling directories with indexing finished 
1152	+ Crawl finished successfully.
1153----------------------------------------------------------------------
1154Summary of http://http://mail.coyhaique.cl
1155----------------------------------------------------------------------
1156+ Links crawled:
1157	- http://mail.coyhaique.cl
1158	- http://mail.coyhaique.cl/?C=D;O=A
1159	- http://mail.coyhaique.cl/?C=D;O=A/
1160	- http://mail.coyhaique.cl/?C=D;O=A/?C=D;O=D
1161	- http://mail.coyhaique.cl/?C=D;O=A/?C=M;O=A
1162	- http://mail.coyhaique.cl/?C=D;O=A/?C=N;O=A
1163	- http://mail.coyhaique.cl/?C=D;O=A/?C=S;O=A
1164	- http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1165	- http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1166	- http://mail.coyhaique.cl/?C=M;O=A
1167	- http://mail.coyhaique.cl/?C=M;O=A/
1168	- http://mail.coyhaique.cl/?C=M;O=A/?C=D;O=A
1169	- http://mail.coyhaique.cl/?C=M;O=A/?C=M;O=D
1170	- http://mail.coyhaique.cl/?C=M;O=A/?C=N;O=A
1171	- http://mail.coyhaique.cl/?C=M;O=A/?C=S;O=A
1172	- http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1173	- http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1174	- http://mail.coyhaique.cl/?C=N;O=D
1175	- http://mail.coyhaique.cl/?C=N;O=D/
1176	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A
1177	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1178	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=D;O=A
1179	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=M;O=A
1180	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=N;O=D
1181	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=S;O=A
1182	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1183	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1184	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A
1185	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1186	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=D;O=A
1187	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=M;O=A
1188	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=N;O=D
1189	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=S;O=A
1190	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1191	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1192	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A
1193	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1194	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=D;O=A
1195	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=M;O=A
1196	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=N;O=D
1197	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=S;O=A
1198	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1199	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1200	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A
1201	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1202	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=D;O=A
1203	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=M;O=A
1204	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=N;O=D
1205	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=S;O=A
1206	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1207	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1208	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1209	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1210	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=D;O=A
1211	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=M;O=A
1212	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=N;O=D
1213	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=S;O=A
1214	- http://mail.coyhaique.cl/?C=S;O=A
1215	- http://mail.coyhaique.cl/?C=S;O=A/
1216	- http://mail.coyhaique.cl/?C=S;O=A/?C=D;O=A
1217	- http://mail.coyhaique.cl/?C=S;O=A/?C=M;O=A
1218	- http://mail.coyhaique.cl/?C=S;O=A/?C=N;O=A
1219	- http://mail.coyhaique.cl/?C=S;O=A/?C=S;O=D
1220	- http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1221	- http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1222	- http://mail.coyhaique.cl/cgi-bin/ (403 Forbidden)
1223	Total links crawled: 66
1224
1225+ Links to files found:
1226	Total links to files: 0
1227
1228+ Externals links found:
1229	Total external links: 0
1230
1231+ Email addresses found:
1232	Total email address found: 0
1233
1234+ Directories found:
1235	- http://mail.coyhaique.cl/?C=D;O=A/
1236	- http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1237	- http://mail.coyhaique.cl/?C=M;O=A/
1238	- http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1239	- http://mail.coyhaique.cl/?C=N;O=D/
1240	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1241	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1242	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1243	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1244	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1245	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1246	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1247	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1248	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1249	- http://mail.coyhaique.cl/?C=S;O=A/
1250	- http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1251	- http://mail.coyhaique.cl/cgi-bin/ (403 Forbidden)
1252	Total directories: 17
1253
1254+ Directory indexing found:
1255	- http://mail.coyhaique.cl/?C=D;O=A/
1256	- http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1257	- http://mail.coyhaique.cl/?C=M;O=A/
1258	- http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1259	- http://mail.coyhaique.cl/?C=N;O=D/
1260	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1261	- http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1262	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1263	- http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1264	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1265	- http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1266	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1267	- http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1268	- http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1269	- http://mail.coyhaique.cl/?C=S;O=A/
1270	- http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1271	Total directories with indexing: 16
1272
1273----------------------------------------------------------------------
1274
1275
1276	+ URL to crawl: http://mail.coyhaique.cl.
1277	+ Date: 2020-01-04
1278
1279	+ Crawling URL: http://mail.coyhaique.cl.:
1280		+ Links: 
1281			+ Crawling http://mail.coyhaique.cl. 
1282			+ Crawling http://mail.coyhaique.cl./?C=N;O=D 
1283			+ Crawling http://mail.coyhaique.cl./?C=M;O=A 
1284			+ Crawling http://mail.coyhaique.cl./?C=S;O=A 
1285			+ Crawling http://mail.coyhaique.cl./?C=D;O=A 
1286			+ Crawling http://mail.coyhaique.cl./cgi-bin/  (403 Forbidden) 
1287			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A 
1288			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A 
1289			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A 
1290			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A 
1291			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/ 
1292			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/?C=N;O=A 
1293			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/?C=M;O=D 
1294			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/?C=S;O=A 
1295			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/?C=D;O=A 
1296			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/ 
1297			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/?C=N;O=A 
1298			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/?C=M;O=A 
1299			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/?C=S;O=D 
1300			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/?C=D;O=A 
1301			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/ 
1302			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/?C=N;O=A 
1303			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/?C=M;O=A 
1304			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/?C=S;O=A 
1305			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/?C=D;O=D 
1306			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/ 
1307			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=N;O=D 
1308			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=M;O=A 
1309			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=S;O=A 
1310			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=D;O=A 
1311			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/ 
1312			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=N;O=D 
1313			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=M;O=A 
1314			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=S;O=A 
1315			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=D;O=A 
1316			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/ 
1317			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=N;O=D 
1318			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=M;O=A 
1319			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=S;O=A 
1320			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=D;O=A 
1321			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/ 
1322			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=N;O=D 
1323			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=M;O=A 
1324			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=S;O=A 
1325			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=D;O=A 
1326			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/ 
1327			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=N;O=D 
1328			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=M;O=A 
1329			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=S;O=A 
1330			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=D;O=A 
1331		+ Searching for directories...
1332			- Found: http://mail.coyhaique.cl./cgi-bin/
1333			- Found: http://mail.coyhaique.cl./?C=N;O=D/
1334			- Found: http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
1335			- Found: http://mail.coyhaique.cl./?C=M;O=A/
1336			- Found: http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
1337			- Found: http://mail.coyhaique.cl./?C=S;O=A/
1338			- Found: http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
1339			- Found: http://mail.coyhaique.cl./?C=D;O=A/
1340			- Found: http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
1341			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
1342			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
1343			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
1344			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
1345			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
1346			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
1347			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
1348			- Found: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
1349		+ Searching open folders... 
1350			- http://mail.coyhaique.cl./cgi-bin/ (403 Forbidden) 
1351			- http://mail.coyhaique.cl./?C=N;O=D/ 
1352			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/ 
1353			- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/ 
1354			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/ 
1355			- http://mail.coyhaique.cl./?C=M;O=A/ 
1356			>>> Directory indexing at: http://mail.coyhaique.cl./?C=M;O=A/ 
1357			- http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/ 
1358			>>> Directory indexing at: http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/ 
1359			- http://mail.coyhaique.cl./?C=S;O=A/ 
1360			>>> Directory indexing at: http://mail.coyhaique.cl./?C=S;O=A/ 
1361			- http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/ 
1362			>>> Directory indexing at: http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/ 
1363			- http://mail.coyhaique.cl./?C=D;O=A/ 
1364			>>> Directory indexing at: http://mail.coyhaique.cl./?C=D;O=A/ 
1365			- http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/ 
1366			>>> Directory indexing at: http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/ 
1367			- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/ 
1368			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/ 
1369			- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/ 
1370			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/ 
1371			- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/ 
1372			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/ 
1373			- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/ 
1374			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/ 
1375			- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/ 
1376			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/ 
1377			- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/ 
1378			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/ 
1379			- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/ 
1380			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/ 
1381			- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/ 
1382			>>> Directory indexing at: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/ 
1383		+ Crawling directories with indexing: 
1384			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/ 
1385			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/ 
1386			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/ 
1387			+ Crawling http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/ 
1388			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/ 
1389			+ Crawling http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/ 
1390			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/ 
1391			+ Crawling http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/ 
1392			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/ 
1393			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/ 
1394			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/ 
1395			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/ 
1396			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/ 
1397			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/ 
1398			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/ 
1399			+ Crawling http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/ 
1400		+ Crawling directories with indexing finished 
1401	+ Crawl finished successfully.
1402----------------------------------------------------------------------
1403Summary of http://http://mail.coyhaique.cl.
1404----------------------------------------------------------------------
1405+ Links crawled:
1406	- http://mail.coyhaique.cl.
1407	- http://mail.coyhaique.cl./?C=D;O=A
1408	- http://mail.coyhaique.cl./?C=D;O=A/
1409	- http://mail.coyhaique.cl./?C=D;O=A/?C=D;O=D
1410	- http://mail.coyhaique.cl./?C=D;O=A/?C=M;O=A
1411	- http://mail.coyhaique.cl./?C=D;O=A/?C=N;O=A
1412	- http://mail.coyhaique.cl./?C=D;O=A/?C=S;O=A
1413	- http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
1414	- http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
1415	- http://mail.coyhaique.cl./?C=M;O=A
1416	- http://mail.coyhaique.cl./?C=M;O=A/
1417	- http://mail.coyhaique.cl./?C=M;O=A/?C=D;O=A
1418	- http://mail.coyhaique.cl./?C=M;O=A/?C=M;O=D
1419	- http://mail.coyhaique.cl./?C=M;O=A/?C=N;O=A
1420	- http://mail.coyhaique.cl./?C=M;O=A/?C=S;O=A
1421	- http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
1422	- http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
1423	- http://mail.coyhaique.cl./?C=N;O=D
1424	- http://mail.coyhaique.cl./?C=N;O=D/
1425	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A
1426	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
1427	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=D;O=A
1428	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=M;O=A
1429	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=N;O=D
1430	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/?C=S;O=A
1431	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
1432	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
1433	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A
1434	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
1435	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=D;O=A
1436	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=M;O=A
1437	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=N;O=D
1438	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/?C=S;O=A
1439	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
1440	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
1441	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A
1442	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
1443	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=D;O=A
1444	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=M;O=A
1445	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=N;O=D
1446	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/?C=S;O=A
1447	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
1448	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
1449	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A
1450	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
1451	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=D;O=A
1452	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=M;O=A
1453	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=N;O=D
1454	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/?C=S;O=A
1455	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
1456	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
1457	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
1458	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
1459	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=D;O=A
1460	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=M;O=A
1461	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=N;O=D
1462	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/?C=S;O=A
1463	- http://mail.coyhaique.cl./?C=S;O=A
1464	- http://mail.coyhaique.cl./?C=S;O=A/
1465	- http://mail.coyhaique.cl./?C=S;O=A/?C=D;O=A
1466	- http://mail.coyhaique.cl./?C=S;O=A/?C=M;O=A
1467	- http://mail.coyhaique.cl./?C=S;O=A/?C=N;O=A
1468	- http://mail.coyhaique.cl./?C=S;O=A/?C=S;O=D
1469	- http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
1470	- http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
1471	- http://mail.coyhaique.cl./cgi-bin/ (403 Forbidden)
1472	Total links crawled: 66
1473
1474+ Links to files found:
1475	Total links to files: 0
1476
1477+ Externals links found:
1478	Total external links: 0
1479
1480+ Email addresses found:
1481	Total email address found: 0
1482
1483+ Directories found:
1484	- http://mail.coyhaique.cl./?C=D;O=A/
1485	- http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
1486	- http://mail.coyhaique.cl./?C=M;O=A/
1487	- http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
1488	- http://mail.coyhaique.cl./?C=N;O=D/
1489	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
1490	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
1491	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
1492	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
1493	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
1494	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
1495	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
1496	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
1497	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
1498	- http://mail.coyhaique.cl./?C=S;O=A/
1499	- http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
1500	- http://mail.coyhaique.cl./cgi-bin/ (403 Forbidden)
1501	Total directories: 17
1502
1503+ Directory indexing found:
1504	- http://mail.coyhaique.cl./?C=D;O=A/
1505	- http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
1506	- http://mail.coyhaique.cl./?C=M;O=A/
1507	- http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
1508	- http://mail.coyhaique.cl./?C=N;O=D/
1509	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
1510	- http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
1511	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
1512	- http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
1513	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
1514	- http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
1515	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
1516	- http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
1517	- http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
1518	- http://mail.coyhaique.cl./?C=S;O=A/
1519	- http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
1520	Total directories with indexing: 16
1521
1522----------------------------------------------------------------------
1523
1524
1525	+ URL to crawl: http://webmail.coyhaique.cl.
1526	+ Date: 2020-01-04
1527
1528	+ Crawling URL: http://webmail.coyhaique.cl.:
1529		+ Links: 
1530			+ Crawling http://webmail.coyhaique.cl. 
1531		+ Searching for directories...
1532		+ Searching open folders... 
1533
1534
1535	+ URL to crawl: https://mail.coyhaique.cl
1536	+ Date: 2020-01-04
1537
1538	+ Crawling URL: https://mail.coyhaique.cl:
1539		+ Links: 
1540			+ Crawling https://mail.coyhaique.cl 
1541			+ Crawling https://mail.coyhaique.cl/?C=N;O=D 
1542			+ Crawling https://mail.coyhaique.cl/?C=M;O=A 
1543			+ Crawling https://mail.coyhaique.cl/?C=S;O=A 
1544			+ Crawling https://mail.coyhaique.cl/?C=D;O=A 
1545			+ Crawling https://mail.coyhaique.cl/cgi-bin/  (403 Forbidden) 
1546			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A 
1547			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A 
1548			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A 
1549			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A 
1550			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1551			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/?C=N;O=A 
1552			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/?C=M;O=D 
1553			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/?C=S;O=A 
1554			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/?C=D;O=A 
1555			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1556			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/?C=N;O=A 
1557			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/?C=M;O=A 
1558			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/?C=S;O=D 
1559			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/?C=D;O=A 
1560			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1561			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/?C=N;O=A 
1562			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/?C=M;O=A 
1563			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/?C=S;O=A 
1564			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/?C=D;O=D 
1565			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1566			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=N;O=D 
1567			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=M;O=A 
1568			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=S;O=A 
1569			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=D;O=A 
1570			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1571			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=N;O=D 
1572			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=M;O=A 
1573			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=S;O=A 
1574			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=D;O=A 
1575			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1576			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=N;O=D 
1577			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=M;O=A 
1578			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=S;O=A 
1579			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=D;O=A 
1580			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1581			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=N;O=D 
1582			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=M;O=A 
1583			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=S;O=A 
1584			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=D;O=A 
1585			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1586			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=N;O=D 
1587			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=M;O=A 
1588			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=S;O=A 
1589			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=D;O=A 
1590		+ Searching for directories...
1591			- Found: https://mail.coyhaique.cl/cgi-bin/
1592			- Found: https://mail.coyhaique.cl/?C=N;O=D/
1593			- Found: https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1594			- Found: https://mail.coyhaique.cl/?C=M;O=A/
1595			- Found: https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1596			- Found: https://mail.coyhaique.cl/?C=S;O=A/
1597			- Found: https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1598			- Found: https://mail.coyhaique.cl/?C=D;O=A/
1599			- Found: https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1600			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1601			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1602			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1603			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1604			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1605			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1606			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1607			- Found: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1608		+ Searching open folders... 
1609			- https://mail.coyhaique.cl/cgi-bin/ (403 Forbidden) 
1610			- https://mail.coyhaique.cl/?C=N;O=D/ 
1611			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/ 
1612			- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1613			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1614			- https://mail.coyhaique.cl/?C=M;O=A/ 
1615			>>> Directory indexing at: https://mail.coyhaique.cl/?C=M;O=A/ 
1616			- https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1617			>>> Directory indexing at: https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1618			- https://mail.coyhaique.cl/?C=S;O=A/ 
1619			>>> Directory indexing at: https://mail.coyhaique.cl/?C=S;O=A/ 
1620			- https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1621			>>> Directory indexing at: https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1622			- https://mail.coyhaique.cl/?C=D;O=A/ 
1623			>>> Directory indexing at: https://mail.coyhaique.cl/?C=D;O=A/ 
1624			- https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1625			>>> Directory indexing at: https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1626			- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/ 
1627			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/ 
1628			- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1629			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1630			- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/ 
1631			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/ 
1632			- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1633			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1634			- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/ 
1635			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/ 
1636			- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1637			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1638			- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/ 
1639			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/ 
1640			- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1641			>>> Directory indexing at: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1642		+ Crawling directories with indexing: 
1643			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/ 
1644			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/ 
1645			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/ 
1646			+ Crawling https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/ 
1647			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/ 
1648			+ Crawling https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/ 
1649			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/ 
1650			+ Crawling https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/ 
1651			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/ 
1652			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/ 
1653			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/ 
1654			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/ 
1655			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/ 
1656			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/ 
1657			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/ 
1658			+ Crawling https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/ 
1659		+ Crawling directories with indexing finished 
1660	+ Crawl finished successfully.
1661----------------------------------------------------------------------
1662Summary of https://https://mail.coyhaique.cl
1663----------------------------------------------------------------------
1664+ Links crawled:
1665	- https://mail.coyhaique.cl
1666	- https://mail.coyhaique.cl/?C=D;O=A
1667	- https://mail.coyhaique.cl/?C=D;O=A/
1668	- https://mail.coyhaique.cl/?C=D;O=A/?C=D;O=D
1669	- https://mail.coyhaique.cl/?C=D;O=A/?C=M;O=A
1670	- https://mail.coyhaique.cl/?C=D;O=A/?C=N;O=A
1671	- https://mail.coyhaique.cl/?C=D;O=A/?C=S;O=A
1672	- https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1673	- https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1674	- https://mail.coyhaique.cl/?C=M;O=A
1675	- https://mail.coyhaique.cl/?C=M;O=A/
1676	- https://mail.coyhaique.cl/?C=M;O=A/?C=D;O=A
1677	- https://mail.coyhaique.cl/?C=M;O=A/?C=M;O=D
1678	- https://mail.coyhaique.cl/?C=M;O=A/?C=N;O=A
1679	- https://mail.coyhaique.cl/?C=M;O=A/?C=S;O=A
1680	- https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1681	- https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1682	- https://mail.coyhaique.cl/?C=N;O=D
1683	- https://mail.coyhaique.cl/?C=N;O=D/
1684	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A
1685	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1686	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=D;O=A
1687	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=M;O=A
1688	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=N;O=D
1689	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/?C=S;O=A
1690	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1691	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1692	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A
1693	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1694	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=D;O=A
1695	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=M;O=A
1696	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=N;O=D
1697	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/?C=S;O=A
1698	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1699	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1700	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A
1701	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1702	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=D;O=A
1703	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=M;O=A
1704	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=N;O=D
1705	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/?C=S;O=A
1706	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1707	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1708	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A
1709	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1710	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=D;O=A
1711	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=M;O=A
1712	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=N;O=D
1713	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/?C=S;O=A
1714	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1715	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1716	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1717	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1718	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=D;O=A
1719	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=M;O=A
1720	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=N;O=D
1721	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/?C=S;O=A
1722	- https://mail.coyhaique.cl/?C=S;O=A
1723	- https://mail.coyhaique.cl/?C=S;O=A/
1724	- https://mail.coyhaique.cl/?C=S;O=A/?C=D;O=A
1725	- https://mail.coyhaique.cl/?C=S;O=A/?C=M;O=A
1726	- https://mail.coyhaique.cl/?C=S;O=A/?C=N;O=A
1727	- https://mail.coyhaique.cl/?C=S;O=A/?C=S;O=D
1728	- https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1729	- https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1730	- https://mail.coyhaique.cl/cgi-bin/ (403 Forbidden)
1731	Total links crawled: 66
1732
1733+ Links to files found:
1734	Total links to files: 0
1735
1736+ Externals links found:
1737	Total external links: 0
1738
1739+ Email addresses found:
1740	Total email address found: 0
1741
1742+ Directories found:
1743	- https://mail.coyhaique.cl/?C=D;O=A/
1744	- https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1745	- https://mail.coyhaique.cl/?C=M;O=A/
1746	- https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1747	- https://mail.coyhaique.cl/?C=N;O=D/
1748	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1749	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1750	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1751	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1752	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1753	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1754	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1755	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1756	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1757	- https://mail.coyhaique.cl/?C=S;O=A/
1758	- https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1759	- https://mail.coyhaique.cl/cgi-bin/ (403 Forbidden)
1760	Total directories: 17
1761
1762+ Directory indexing found:
1763	- https://mail.coyhaique.cl/?C=D;O=A/
1764	- https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1765	- https://mail.coyhaique.cl/?C=M;O=A/
1766	- https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1767	- https://mail.coyhaique.cl/?C=N;O=D/
1768	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1769	- https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1770	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1771	- https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1772	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1773	- https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1774	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1775	- https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1776	- https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1777	- https://mail.coyhaique.cl/?C=S;O=A/
1778	- https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1779	Total directories with indexing: 16
1780
1781----------------------------------------------------------------------
1782
1783
1784	+ URL to crawl: https://mail.coyhaique.cl.
1785	+ Date: 2020-01-04
1786
1787	+ Crawling URL: https://mail.coyhaique.cl.:
1788		+ Links: 
1789			+ Crawling https://mail.coyhaique.cl. 
1790		+ Searching for directories...
1791		+ Searching open folders... 
1792
1793
1794	+ URL to crawl: https://webmail.coyhaique.cl.
1795	+ Date: 2020-01-04
1796
1797	+ Crawling URL: https://webmail.coyhaique.cl.:
1798		+ Links: 
1799			+ Crawling https://webmail.coyhaique.cl. 
1800		+ Searching for directories...
1801		+ Searching open folders... 
1802
1803
1804	+ URL to crawl: http://dns2.coyhaique.cl
1805	+ Date: 2020-01-04
1806
1807	+ Crawling URL: http://dns2.coyhaique.cl:
1808		+ Links: 
1809			+ Crawling http://dns2.coyhaique.cl  (timed out) 
1810		+ Searching for directories...
1811		+ Searching open folders... 
1812
1813
1814	+ URL to crawl: http://www.coyhaique.cl.
1815	+ Date: 2020-01-04
1816
1817	+ Crawling URL: http://www.coyhaique.cl.:
1818		+ Links: 
1819			+ Crawling http://www.coyhaique.cl.  (timed out) 
1820		+ Searching for directories...
1821		+ Searching open folders... 
1822
1823
1824	+ URL to crawl: http://dns1.coyhaique.cl
1825	+ Date: 2020-01-04
1826
1827	+ Crawling URL: http://dns1.coyhaique.cl:
1828		+ Links: 
1829			+ Crawling http://dns1.coyhaique.cl  (timed out) 
1830		+ Searching for directories...
1831		+ Searching open folders... 
1832
1833
1834	+ URL to crawl: http://ftp.coyhaique.cl.
1835	+ Date: 2020-01-04
1836
1837	+ Crawling URL: http://ftp.coyhaique.cl.:
1838		+ Links: 
1839			+ Crawling http://ftp.coyhaique.cl.  (timed out) 
1840		+ Searching for directories...
1841		+ Searching open folders... 
1842
1843
1844	+ URL to crawl: https://dns2.coyhaique.cl
1845	+ Date: 2020-01-04
1846
1847	+ Crawling URL: https://dns2.coyhaique.cl:
1848		+ Links: 
1849			+ Crawling https://dns2.coyhaique.cl  (timed out) 
1850		+ Searching for directories...
1851		+ Searching open folders... 
1852
1853
1854	+ URL to crawl: https://www.coyhaique.cl.
1855	+ Date: 2020-01-04
1856
1857	+ Crawling URL: https://www.coyhaique.cl.:
1858		+ Links: 
1859			+ Crawling https://www.coyhaique.cl.  (timed out) 
1860		+ Searching for directories...
1861		+ Searching open folders... 
1862
1863
1864	+ URL to crawl: https://dns1.coyhaique.cl
1865	+ Date: 2020-01-04
1866
1867	+ Crawling URL: https://dns1.coyhaique.cl:
1868		+ Links: 
1869			+ Crawling https://dns1.coyhaique.cl  (timed out) 
1870		+ Searching for directories...
1871		+ Searching open folders... 
1872
1873
1874	+ URL to crawl: https://ftp.coyhaique.cl.
1875	+ Date: 2020-01-04
1876
1877	+ Crawling URL: https://ftp.coyhaique.cl.:
1878		+ Links: 
1879			+ Crawling https://ftp.coyhaique.cl.  (timed out) 
1880		+ Searching for directories...
1881		+ Searching open folders... 
1882
1883--Finished--
1884Summary information for domain coyhaique.cl.
1885-----------------------------------------
1886	Domain Specific Information:
1887		Email: hualaalcalde@coyhaique.cl 
1888		Email: turismo@coyhaique.cl.
1889
1890	Domain Ips Information:
1891		IP: 170.246.172.97
1892			HostName: mail.coyhaique.cl 			Type: MX
1893			HostName: host-170-246-172-97.anacondaweb.com		Type: PTR
1894			HostName: mail.coyhaique.cl. 			Type: A
1895			HostName: webmail.coyhaique.cl. 			Type: A
1896			Country: Chile
1897			Is Active: True (reset ttl 64)
1898			Port: 21/tcp    open   ftp          syn-ack ttl 53 Pure-FTPd
1899				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-97.anacondaweb.com
1900				Script Info: | Subject Alternative Name: DNS:host-170-246-172-97.anacondaweb.com, DNS:www.host-170-246-172-97.anacondaweb.com
1901				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1902				Script Info: | Public Key type: rsa
1903				Script Info: | Public Key bits: 2048
1904				Script Info: | Signature Algorithm: sha256WithRSAEncryption
1905				Script Info: | Not valid before: 2019-11-25T00:00:00
1906				Script Info: | Not valid after:  2020-11-24T23:59:59
1907				Script Info: | MD5:   cae5 cb8f dce3 5d1d e617 6a9a b1d0 f22a
1908				Script Info: |_SHA-1: a633 dd63 1989 31f7 5cfe bdf2 27ff c4aa 4e12 8d22
1909				Script Info: |_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
1910			Port: 53/tcp    open   domain       syn-ack ttl 53 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1911				Script Info: | dns-nsid: 
1912				Script Info: |_  bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
1913			Port: 80/tcp    open   http         syn-ack ttl 53 Apache httpd
1914				Script Info: | http-methods: 
1915				Script Info: |_  Supported Methods: GET POST OPTIONS HEAD
1916				Script Info: |_http-server-header: Apache
1917				Script Info: |_http-title: Site doesn't have a title (text/html).
1918			Port: 110/tcp   open   pop3         syn-ack ttl 53 Dovecot pop3d
1919				Script Info: |_pop3-capabilities: UIDL RESP-CODES USER SASL(PLAIN LOGIN) STLS TOP PIPELINING CAPA AUTH-RESP-CODE
1920				Script Info: |_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
1921			Port: 143/tcp   open   imap         syn-ack ttl 53 Dovecot imapd
1922				Script Info: |_imap-capabilities: STARTTLS SASL-IR Pre-login post-login AUTH=PLAIN have ENABLE more IMAP4rev1 AUTH=LOGINA0001 capabilities IDLE LITERAL+ NAMESPACE listed LOGIN-REFERRALS OK ID
1923				Script Info: |_ssl-date: 2020-01-05T02:36:36+00:00; -3s from scanner time.
1924			Port: 443/tcp   open   ssl/http     syn-ack ttl 53 Apache httpd
1925				Script Info: | http-methods: 
1926				Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
1927				Script Info: |_http-server-header: Apache
1928				Script Info: |_http-title: Index of /
1929				Script Info: | ssl-cert: Subject: commonName=mail.coyhaique.cl
1930				Script Info: | Subject Alternative Name: DNS:mail.coyhaique.cl, DNS:webmail.coyhaique.cl
1931				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1932				Script Info: | Public Key type: rsa
1933				Script Info: | Public Key bits: 2048
1934				Script Info: | Signature Algorithm: sha256WithRSAEncryption
1935				Script Info: | Not valid before: 2019-10-29T00:00:00
1936				Script Info: | Not valid after:  2020-01-27T23:59:59
1937				Script Info: | MD5:   2920 61b1 6819 722e 0ef7 a611 c96e bcaa
1938				Script Info: |_SHA-1: fa86 df74 5bc9 6a1a 2cf2 7141 f279 b704 d14a 54dc
1939				Script Info: |_ssl-date: TLS randomness does not represent time
1940				Script Info: | tls-alpn: 
1941				Script Info: |_  http/1.1
1942			Port: 465/tcp   open   ssl/smtp     syn-ack ttl 53 Exim smtpd 4.92
1943				Script Info: |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1944				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-97.anacondaweb.com
1945				Script Info: | Subject Alternative Name: DNS:host-170-246-172-97.anacondaweb.com, DNS:www.host-170-246-172-97.anacondaweb.com
1946				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1947				Script Info: | Public Key type: rsa
1948				Script Info: | Public Key bits: 2048
1949				Script Info: | Signature Algorithm: sha256WithRSAEncryption
1950				Script Info: | Not valid before: 2019-11-25T00:00:00
1951				Script Info: | Not valid after:  2020-11-24T23:59:59
1952				Script Info: | MD5:   cae5 cb8f dce3 5d1d e617 6a9a b1d0 f22a
1953				Script Info: |_SHA-1: a633 dd63 1989 31f7 5cfe bdf2 27ff c4aa 4e12 8d22
1954				Script Info: |_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
1955			Port: 587/tcp   open   smtp         syn-ack ttl 53 Exim smtpd 4.92
1956				Script Info: | smtp-commands: host-170-246-172-97.anacondaweb.com Hello nmap.scanme.org [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP, 
1957				Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
1958				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-97.anacondaweb.com
1959				Script Info: | Subject Alternative Name: DNS:host-170-246-172-97.anacondaweb.com, DNS:www.host-170-246-172-97.anacondaweb.com
1960				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1961				Script Info: | Public Key type: rsa
1962				Script Info: | Public Key bits: 2048
1963				Script Info: | Signature Algorithm: sha256WithRSAEncryption
1964				Script Info: | Not valid before: 2019-11-25T00:00:00
1965				Script Info: | Not valid after:  2020-11-24T23:59:59
1966				Script Info: | MD5:   cae5 cb8f dce3 5d1d e617 6a9a b1d0 f22a
1967				Script Info: |_SHA-1: a633 dd63 1989 31f7 5cfe bdf2 27ff c4aa 4e12 8d22
1968				Script Info: |_ssl-date: 2020-01-05T02:36:37+00:00; -2s from scanner time.
1969			Port: 993/tcp   open   ssl/imaps?   syn-ack ttl 53
1970				Script Info: |_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
1971			Port: 995/tcp   open   ssl/pop3s?   syn-ack ttl 53
1972				Script Info: |_ssl-date: 2020-01-05T02:36:36+00:00; -2s from scanner time.
1973			Port: 3306/tcp  open   mysql        syn-ack ttl 53 MySQL (unauthorized)
1974				Script Info: Device type: general purpose|storage-misc|media device|WAP
1975				Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
1976			Os Info:  Host: host-170-246-172-97.anacondaweb.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1977				Script Info: |_clock-skew: mean: -2s, deviation: 0s, median: -2s
1978			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/
1979			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
1980			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/
1981			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
1982			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/
1983			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
1984			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/
1985			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
1986			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
1987			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
1988			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
1989			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
1990			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
1991			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
1992			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
1993			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
1994			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/
1995			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
1996			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/
1997			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
1998			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/
1999			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
2000			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/
2001			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
2002			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
2003			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
2004			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
2005			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
2006			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
2007			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
2008			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
2009			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
2010			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/
2011			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
2012			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/
2013			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
2014			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/
2015			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
2016			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/
2017			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
2018			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
2019			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
2020			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
2021			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
2022			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
2023			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
2024			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
2025			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
2026			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/
2027			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
2028			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/
2029			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
2030			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/
2031			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
2032			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/
2033			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
2034			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
2035			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
2036			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
2037			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
2038			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
2039			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
2040			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
2041			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
2042			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/
2043			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
2044			Open Folders: https://mail.coyhaique.cl/?C=M;O=A/
2045			Open Folders: https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
2046			Open Folders: https://mail.coyhaique.cl/?C=S;O=A/
2047			Open Folders: https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
2048			Open Folders: https://mail.coyhaique.cl/?C=D;O=A/
2049			Open Folders: https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
2050			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
2051			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
2052			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
2053			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
2054			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
2055			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
2056			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
2057			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
2058		IP: 170.246.172.178
2059			HostName: dns1.coyhaique.cl 			Type: NS
2060			HostName: host-170-246-172-178.anacondaweb.com		Type: PTR
2061			HostName: dns2.coyhaique.cl 			Type: NS
2062			Type: SPF
2063			HostName: www.coyhaique.cl. 			Type: A
2064			HostName: ftp.coyhaique.cl. 			Type: A
2065			Country: Chile
2066			Is Active: True (reset ttl 64)
2067			Port: 21/tcp    open   ftp          syn-ack ttl 53 Pure-FTPd
2068				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2069				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2070				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2071				Script Info: | Public Key type: rsa
2072				Script Info: | Public Key bits: 2048
2073				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2074				Script Info: | Not valid before: 2019-12-11T00:00:00
2075				Script Info: | Not valid after:  2020-12-10T23:59:59
2076				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2077				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2078				Script Info: |_ssl-date: TLS randomness does not represent time
2079			Port: 22/tcp    open   ssh          syn-ack ttl 53 OpenSSH 7.4 (protocol 2.0)
2080				Script Info: | ssh-hostkey: 
2081				Script Info: |   2048 aa:1d:e3:0d:56:17:88:a2:ea:4c:19:42:db:7a:b1:a3 (RSA)
2082				Script Info: |   256 40:6a:93:21:f9:9f:b9:9e:0c:99:93:9a:9f:ce:ac:80 (ECDSA)
2083				Script Info: |_  256 3c:d4:65:67:ec:1a:07:96:d5:e6:4b:6e:85:dc:60:e7 (ED25519)
2084			Port: 53/tcp    open   domain       syn-ack ttl 53 PowerDNS Authoritative Server 4.1.10
2085				Script Info: | dns-nsid: 
2086				Script Info: |   NSID: host-170-246-172-178.anacondaweb.com (686f73742d3137302d3234362d3137322d3137382e616e61636f6e64617765622e636f6d)
2087				Script Info: |   id.server: host-170-246-172-178.anacondaweb.com
2088				Script Info: |_  bind.version: PowerDNS Authoritative Server 4.1.10 (built Sep  4 2019 10:30:59 by root@rpmbuild-64-centos-7.dev.cpanel.net)
2089			Port: 80/tcp    open   http         syn-ack ttl 53 Apache httpd
2090				Script Info: | http-methods: 
2091				Script Info: |_  Supported Methods: POST OPTIONS HEAD GET
2092				Script Info: |_http-server-header: Apache
2093				Script Info: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
2094			Port: 110/tcp   open   pop3         syn-ack ttl 53 Dovecot pop3d
2095				Script Info: |_pop3-capabilities: CAPA AUTH-RESP-CODE TOP RESP-CODES SASL(PLAIN LOGIN) STLS PIPELINING USER UIDL
2096				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2097				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2098				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2099				Script Info: | Public Key type: rsa
2100				Script Info: | Public Key bits: 2048
2101				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2102				Script Info: | Not valid before: 2019-12-11T00:00:00
2103				Script Info: | Not valid after:  2020-12-10T23:59:59
2104				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2105				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2106			Port: 143/tcp   open   imap         syn-ack ttl 53 Dovecot imapd
2107				Script Info: |_imap-capabilities: capabilities Pre-login AUTH=PLAIN NAMESPACE post-login ENABLE IMAP4rev1 LITERAL+ IDLE more have LOGIN-REFERRALS STARTTLS ID listed OK AUTH=LOGINA0001 SASL-IR
2108				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2109				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2110				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2111				Script Info: | Public Key type: rsa
2112				Script Info: | Public Key bits: 2048
2113				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2114				Script Info: | Not valid before: 2019-12-11T00:00:00
2115				Script Info: | Not valid after:  2020-12-10T23:59:59
2116				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2117				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2118			Port: 443/tcp   open   ssl/http     syn-ack ttl 53 Apache httpd
2119				Script Info: | http-methods: 
2120				Script Info: |_  Supported Methods: POST OPTIONS HEAD GET
2121				Script Info: |_http-server-header: Apache
2122				Script Info: |_http-title: Municipalidad de Coyhaique
2123				Script Info: | ssl-cert: Subject: commonName=www.coyhaique.cl/organizationName=Municipalidad de Coyhaique/stateOrProvinceName=Coyhaique/countryName=CL
2124				Script Info: | Subject Alternative Name: DNS:www.coyhaique.cl, DNS:coyhaique.cl
2125				Script Info: | Issuer: commonName=GlobalSign Extended Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
2126				Script Info: | Public Key type: rsa
2127				Script Info: | Public Key bits: 2048
2128				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2129				Script Info: | Not valid before: 2018-04-06T20:06:03
2130				Script Info: | Not valid after:  2020-04-06T20:06:03
2131				Script Info: | MD5:   376a 777c d958 d12f 5bd6 844b 77bb 7e42
2132				Script Info: |_SHA-1: 2811 2a7f ca96 f8c3 9ca0 ccc9 da55 09b4 48b5 5948
2133			Port: 465/tcp   open   ssl/smtp     syn-ack ttl 53 Exim smtpd 4.92
2134				Script Info: | smtp-commands: host-170-246-172-178.anacondaweb.com Hello nmap.scanme.org [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP, 
2135				Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
2136				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2137				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2138				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2139				Script Info: | Public Key type: rsa
2140				Script Info: | Public Key bits: 2048
2141				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2142				Script Info: | Not valid before: 2019-12-11T00:00:00
2143				Script Info: | Not valid after:  2020-12-10T23:59:59
2144				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2145				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2146			Port: 587/tcp   open   smtp         syn-ack ttl 53 Exim smtpd 4.92
2147				Script Info: | smtp-commands: host-170-246-172-178.anacondaweb.com Hello nmap.scanme.org [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP, 
2148				Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
2149				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2150				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2151				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2152				Script Info: | Public Key type: rsa
2153				Script Info: | Public Key bits: 2048
2154				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2155				Script Info: | Not valid before: 2019-12-11T00:00:00
2156				Script Info: | Not valid after:  2020-12-10T23:59:59
2157				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2158				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2159			Port: 993/tcp   open   imaps?       syn-ack ttl 53
2160				Script Info: |_imap-capabilities: capabilities Pre-login AUTH=PLAIN NAMESPACE post-login ENABLE IMAP4rev1 LITERAL+ IDLE more LOGIN-REFERRALS have ID listed AUTH=LOGINA0001 OK SASL-IR
2161				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2162				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2163				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2164				Script Info: | Public Key type: rsa
2165				Script Info: | Public Key bits: 2048
2166				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2167				Script Info: | Not valid before: 2019-12-11T00:00:00
2168				Script Info: | Not valid after:  2020-12-10T23:59:59
2169				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2170				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2171			Port: 995/tcp   open   pop3s?       syn-ack ttl 53
2172				Script Info: |_pop3-capabilities: TOP RESP-CODES CAPA SASL(PLAIN LOGIN) AUTH-RESP-CODE PIPELINING USER UIDL
2173				Script Info: | ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2174				Script Info: | Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2175				Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2176				Script Info: | Public Key type: rsa
2177				Script Info: | Public Key bits: 2048
2178				Script Info: | Signature Algorithm: sha256WithRSAEncryption
2179				Script Info: | Not valid before: 2019-12-11T00:00:00
2180				Script Info: | Not valid after:  2020-12-10T23:59:59
2181				Script Info: | MD5:   e0e8 96b8 df10 7c37 fe5a 88ca 82ca 0056
2182				Script Info: |_SHA-1: d5f1 164d c940 6e7b e4d0 e13c d6b3 bf91 32a1 7546
2183			Port: 3306/tcp  open   mysql        syn-ack ttl 53 MySQL (unauthorized)
2184				Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
2185			Os Info:  Host: host-170-246-172-178.anacondaweb.com
2186			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/
2187			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
2188			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/
2189			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
2190			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/
2191			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
2192			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/
2193			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
2194			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
2195			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
2196			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
2197			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
2198			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
2199			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
2200			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
2201			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
2202			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/
2203			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
2204			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/
2205			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
2206			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/
2207			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
2208			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/
2209			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
2210			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
2211			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
2212			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
2213			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
2214			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
2215			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
2216			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
2217			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
2218			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/
2219			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
2220			Open Folders: https://mail.coyhaique.cl/?C=M;O=A/
2221			Open Folders: https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
2222			Open Folders: https://mail.coyhaique.cl/?C=S;O=A/
2223			Open Folders: https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
2224			Open Folders: https://mail.coyhaique.cl/?C=D;O=A/
2225			Open Folders: https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
2226			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
2227			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
2228			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
2229			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
2230			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
2231			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
2232			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
2233			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
2234			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/
2235			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
2236			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/
2237			Open Folders: http://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
2238			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/
2239			Open Folders: http://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
2240			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/
2241			Open Folders: http://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
2242			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
2243			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
2244			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
2245			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
2246			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
2247			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
2248			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
2249			Open Folders: http://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
2250			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/
2251			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/cgi-bin/
2252			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/
2253			Open Folders: http://mail.coyhaique.cl./?C=M;O=A/cgi-bin/
2254			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/
2255			Open Folders: http://mail.coyhaique.cl./?C=S;O=A/cgi-bin/
2256			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/
2257			Open Folders: http://mail.coyhaique.cl./?C=D;O=A/cgi-bin/
2258			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/
2259			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=N;O=A/cgi-bin/
2260			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/
2261			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=M;O=A/cgi-bin/
2262			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/
2263			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=S;O=A/cgi-bin/
2264			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/
2265			Open Folders: http://mail.coyhaique.cl./?C=N;O=D/?C=D;O=A/cgi-bin/
2266			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/
2267			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/cgi-bin/
2268			Open Folders: https://mail.coyhaique.cl/?C=M;O=A/
2269			Open Folders: https://mail.coyhaique.cl/?C=M;O=A/cgi-bin/
2270			Open Folders: https://mail.coyhaique.cl/?C=S;O=A/
2271			Open Folders: https://mail.coyhaique.cl/?C=S;O=A/cgi-bin/
2272			Open Folders: https://mail.coyhaique.cl/?C=D;O=A/
2273			Open Folders: https://mail.coyhaique.cl/?C=D;O=A/cgi-bin/
2274			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/
2275			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=N;O=A/cgi-bin/
2276			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/
2277			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=M;O=A/cgi-bin/
2278			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/
2279			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=S;O=A/cgi-bin/
2280			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/
2281			Open Folders: https://mail.coyhaique.cl/?C=N;O=D/?C=D;O=A/cgi-bin/
2282
2283--------------End Summary --------------
2284----------------------------------------
2285######################################################################################################################################
2286traceroute to www.coyhaique.cl (170.246.172.178), 30 hops max, 60 byte packets
2287 1  10.249.204.1 (10.249.204.1)  65.136 ms  138.289 ms  159.557 ms
2288 2  104.245.145.177 (104.245.145.177)  159.554 ms  159.540 ms  159.526 ms
2289 3  te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)  159.547 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)  159.488 ms  159.481 ms
2290 4  te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)  159.441 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)  159.459 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)  159.444 ms
2291 5  te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)  159.394 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)  159.402 ms  207.968 ms
2292 6  be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)  207.967 ms  125.392 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)  66.101 ms
2293 7  38.88.194.130 (38.88.194.130)  186.545 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)  186.528 ms be2889.ccr41.jfk02.atlas.cogentco.com (154.54.47.50)  186.504 ms
2294 8  be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)  186.467 ms  186.443 ms  186.419 ms
2295 9  clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)  309.619 ms  309.554 ms  309.570 ms
229610  * * 10.10.51.6 (10.10.51.6)  309.511 ms
229711  clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)  309.471 ms * *
2298#######################################################################################################################################
2299-----   coyhaique.cl   -----
2300
2301
2302Host's addresses:
2303__________________
2304
2305coyhaique.cl.                            300      IN    A        170.246.172.178
2306
2307
2308Name Servers:
2309______________
2310
2311dns2.coyhaique.cl.                       3032     IN    A        170.246.172.178
2312dns1.coyhaique.cl.                       3032     IN    A        170.246.172.178
2313
2314
2315Mail (MX) Servers:
2316___________________
2317
2318mail.coyhaique.cl.                       188      IN    A        170.246.172.97
2319
2320
2321
2322
2323Google Results:
2324________________
2325
2326  perhaps Google is blocking our queries.
2327 Check manually.
2328
2329
2330Brute forcing with /usr/share/dnsenum/dns.txt:
2331_______________________________________________
2332
2333dns1.coyhaique.cl.                       3003     IN    A        170.246.172.178
2334dns2.coyhaique.cl.                       3003     IN    A        170.246.172.178
2335ftp.coyhaique.cl.                        13799    IN    A        170.246.172.178
2336mail.coyhaique.cl.                       136      IN    A        170.246.172.97
2337webmail.coyhaique.cl.                    13764    IN    A        170.246.172.97
2338www.coyhaique.cl.                        13231    IN    CNAME    coyhaique.cl.
2339coyhaique.cl.                            209      IN    A        170.246.172.178
2340
2341
2342Launching Whois Queries:
2343_________________________
2344
2345 whois ip result:   170.246.172.0      ->      170.246.172.0/22
2346
2347
2348coyhaique.cl____________
2349
2350 170.246.172.0/22
2351#######################################################################################################################################
2352Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 21:29 EST
2353Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2354Host is up (0.23s latency).
2355Not shown: 431 filtered ports, 33 closed ports
2356Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2357PORT     STATE SERVICE  VERSION
235821/tcp   open  ftp      Pure-FTPd
2359| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2360| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2361| Not valid before: 2019-12-11T00:00:00
2362|_Not valid after:  2020-12-10T23:59:59
2363|_ssl-date: TLS randomness does not represent time
236422/tcp   open  ssh      OpenSSH 7.4 (protocol 2.0)
2365| ssh-hostkey: 
2366|   2048 aa:1d:e3:0d:56:17:88:a2:ea:4c:19:42:db:7a:b1:a3 (RSA)
2367|   256 40:6a:93:21:f9:9f:b9:9e:0c:99:93:9a:9f:ce:ac:80 (ECDSA)
2368|_  256 3c:d4:65:67:ec:1a:07:96:d5:e6:4b:6e:85:dc:60:e7 (ED25519)
236953/tcp   open  domain   PowerDNS Authoritative Server 4.1.10
2370| dns-nsid: 
2371|   NSID: host-170-246-172-178.anacondaweb.com (686f73742d3137302d3234362d3137322d3137382e616e61636f6e64617765622e636f6d)
2372|   id.server: host-170-246-172-178.anacondaweb.com
2373|_  bind.version: PowerDNS Authoritative Server 4.1.10 (built Sep  4 2019 10:30:59 by root@rpmbuild-64-centos-7.dev.cpanel.net)
237480/tcp   open  http     Apache httpd
2375|_http-server-header: Apache
2376|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
2377110/tcp  open  pop3     Dovecot pop3d
2378|_pop3-capabilities: AUTH-RESP-CODE RESP-CODES TOP USER UIDL CAPA SASL(PLAIN LOGIN) STLS PIPELINING
2379| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2380| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2381| Not valid before: 2019-12-11T00:00:00
2382|_Not valid after:  2020-12-10T23:59:59
2383143/tcp  open  imap     Dovecot imapd
2384|_imap-capabilities: Pre-login ID LOGIN-REFERRALS OK AUTH=PLAIN AUTH=LOGINA0001 ENABLE more capabilities LITERAL+ post-login IDLE STARTTLS NAMESPACE listed have SASL-IR IMAP4rev1
2385| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2386| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2387| Not valid before: 2019-12-11T00:00:00
2388|_Not valid after:  2020-12-10T23:59:59
2389443/tcp  open  ssl/http Apache httpd
2390|_http-server-header: Apache
2391|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
2392| ssl-cert: Subject: commonName=www.coyhaique.cl/organizationName=Municipalidad de Coyhaique/stateOrProvinceName=Coyhaique/countryName=CL
2393| Subject Alternative Name: DNS:www.coyhaique.cl, DNS:coyhaique.cl
2394| Not valid before: 2018-04-06T20:06:03
2395|_Not valid after:  2020-04-06T20:06:03
2396465/tcp  open  ssl/smtp Exim smtpd 4.92
2397| smtp-commands: host-170-246-172-178.anacondaweb.com Hello host-170-246-172-178.anacondaweb.com [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP, 
2398|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
2399| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2400| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2401| Not valid before: 2019-12-11T00:00:00
2402|_Not valid after:  2020-12-10T23:59:59
2403587/tcp  open  smtp     Exim smtpd 4.92
2404| smtp-commands: host-170-246-172-178.anacondaweb.com Hello host-170-246-172-178.anacondaweb.com [104.245.145.183], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP, 
2405|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 
2406| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2407| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2408| Not valid before: 2019-12-11T00:00:00
2409|_Not valid after:  2020-12-10T23:59:59
2410993/tcp  open  imaps?
2411|_imap-capabilities: Pre-login ID LOGIN-REFERRALS OK AUTH=PLAIN AUTH=LOGINA0001 ENABLE more LITERAL+ listed IDLE IMAP4rev1 NAMESPACE post-login have SASL-IR capabilities
2412| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2413| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2414| Not valid before: 2019-12-11T00:00:00
2415|_Not valid after:  2020-12-10T23:59:59
2416995/tcp  open  pop3s?
2417|_pop3-capabilities: USER UIDL CAPA TOP SASL(PLAIN LOGIN) AUTH-RESP-CODE RESP-CODES PIPELINING
2418| ssl-cert: Subject: commonName=host-170-246-172-178.anacondaweb.com
2419| Subject Alternative Name: DNS:host-170-246-172-178.anacondaweb.com, DNS:www.host-170-246-172-178.anacondaweb.com
2420| Not valid before: 2019-12-11T00:00:00
2421|_Not valid after:  2020-12-10T23:59:59
24223306/tcp open  mysql    MySQL (unauthorized)
2423Device type: general purpose
2424Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
2425OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4
2426Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 3.10 - 3.12 (87%), Linux 4.4 (87%), Linux 3.10 - 4.11 (86%), Linux 4.9 (85%), Linux 3.2 - 4.9 (85%), Linux 2.6.18 (85%), Linux 3.7 (85%)
2427No exact OS matches for host (test conditions non-ideal).
2428Network Distance: 15 hops
2429
2430TRACEROUTE (using port 587/tcp)
2431HOP RTT       ADDRESS
24321   125.44 ms 10.249.204.1
24332   192.18 ms 104.245.145.177
24343   192.21 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
24354   192.22 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
24365   192.22 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
24376   192.23 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
24387   192.24 ms 38.88.194.130
24398   192.25 ms be3362.ccr31.jfk04.atlas.cogentco.com (154.54.3.10)
24409   ... 10
244111  211.24 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
244212  ... 14
244315  395.25 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2444######################################################################################################################################
2445Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 21:30 EST
2446Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2447Host is up (0.23s latency).
2448Not shown: 14 filtered ports, 1 closed port
2449Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2450PORT     STATE         SERVICE      VERSION
245153/tcp   open          domain       PowerDNS Authoritative Server 4.1.10
245253/udp   open          domain       PowerDNS Authoritative Server 4.1.10
2453| dns-nsid: 
2454|   NSID: host-170-246-172-178.anacondaweb.com (686f73742d3137302d3234362d3137322d3137382e616e61636f6e64617765622e636f6d)
2455|   id.server: host-170-246-172-178.anacondaweb.com
2456|_  bind.version: PowerDNS Authoritative Server 4.1.10 (built Sep  4 2019 10:30:59 by root@rpmbuild-64-centos-7.dev.cpanel.net)
245767/udp   open|filtered dhcps
245868/udp   open|filtered dhcpc
245969/udp   open|filtered tftp
246088/udp   open|filtered kerberos-sec
2461123/udp  open|filtered ntp
2462139/udp  open|filtered netbios-ssn
2463161/udp  open|filtered snmp
2464162/udp  open|filtered snmptrap
2465389/udp  open|filtered ldap
2466520/udp  open|filtered route
24672049/udp open|filtered nfs
2468Device type: general purpose
2469Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (92%)
2470OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3
2471Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 4.4 (87%), Linux 3.10 - 4.11 (86%), Linux 4.9 (86%), Linux 3.10 - 3.12 (86%), Linux 3.2 - 4.9 (85%), Linux 2.6.18 (85%), Linux 3.7 (85%)
2472No exact OS matches for host (test conditions non-ideal).
2473Network Distance: 13 hops
2474
2475TRACEROUTE (using port 53/tcp)
2476HOP RTT       ADDRESS
24771   170.14 ms 10.249.204.1
24782   254.44 ms 104.245.145.177
24793   254.44 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
24804   254.42 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
24815   254.46 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
24826   254.48 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
24837   254.47 ms be2889.ccr41.jfk02.atlas.cogentco.com (154.54.47.50)
24848   254.48 ms be3362.ccr31.jfk04.atlas.cogentco.com (154.54.3.10)
24859   242.68 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
248610  254.54 ms 10.10.51.6
248711  ... 12
248813  385.82 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2489######################################################################################################################################
2490Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 21:35 EST
2491NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
2492NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
2493NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
2494Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2495Host is up (0.22s latency).
2496
2497PORT   STATE SERVICE VERSION
249821/tcp open  ftp     Pure-FTPd
2499| ftp-brute: 
2500|   Accounts: No valid accounts found
2501|_  Statistics: Performed 3135 guesses in 194 seconds, average tps: 17.0
2502Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2503Device type: general purpose|storage-misc|firewall
2504Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (92%), Synology DiskStation Manager 5.X (86%), WatchGuard Fireware 11.X (86%), FreeBSD 6.X (85%)
2505OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/o:freebsd:freebsd:6.2
2506Aggressive OS guesses: Linux 3.10 - 3.12 (92%), Linux 4.4 (92%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (90%), Linux 4.0 (88%), Linux 3.10 (87%), Linux 3.10 - 3.16 (87%), Linux 2.6.18 (86%), Linux 3.10 - 4.11 (86%), Linux 3.11 - 4.1 (86%)
2507No exact OS matches for host (test conditions non-ideal).
2508Network Distance: 14 hops
2509
2510TRACEROUTE (using port 21/tcp)
2511HOP RTT       ADDRESS
25121   158.96 ms 10.249.204.1
25132   218.40 ms 104.245.145.17
25143   218.47 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
25154   218.46 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
25165   218.46 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
25176   218.51 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
25187   218.53 ms be2889.ccr41.jfk02.atlas.cogentco.com (154.54.47.50)
25198   376.35 ms 10.10.51.6
25209   312.76 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
252110  218.61 ms 10.10.51.6
252211  ... 13
252314  269.45 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2524######################################################################################################################################
2525# general
2526(gen) banner: SSH-2.0-OpenSSH_7.4
2527(gen) software: OpenSSH 7.4
2528(gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
2529(gen) compression: enabled (zlib@openssh.com)
2530
2531# key exchange algorithms
2532(kex) curve25519-sha256                     -- [warn] unknown algorithm
2533(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
2534(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
2535                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2536(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
2537                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2538(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
2539                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2540(kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
2541                                            `- [info] available since OpenSSH 4.4
2542(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
2543(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
2544(kex) diffie-hellman-group-exchange-sha1    -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2545                                            `- [warn] using weak hashing algorithm
2546                                            `- [info] available since OpenSSH 2.3.0
2547(kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
2548(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
2549                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2550(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2551                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
2552                                            `- [warn] using small 1024-bit modulus
2553                                            `- [warn] using weak hashing algorithm
2554                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2555
2556# host-key algorithms
2557(key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2558(key) rsa-sha2-512                          -- [info] available since OpenSSH 7.2
2559(key) rsa-sha2-256                          -- [info] available since OpenSSH 7.2
2560(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
2561                                            `- [warn] using weak random number generator could reveal the key
2562                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2563(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5
2564
2565# encryption algorithms (ciphers)
2566(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
2567                                            `- [info] default cipher since OpenSSH 6.9.
2568(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2569(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
2570(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2571(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
2572(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2
2573(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2574                                            `- [warn] using weak cipher mode
2575                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2576(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2577                                            `- [warn] using weak cipher mode
2578                                            `- [info] available since OpenSSH 2.3.0
2579(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2580                                            `- [warn] using weak cipher mode
2581                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
2582(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2583                                            `- [fail] disabled since Dropbear SSH 0.53
2584                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2585                                            `- [warn] using weak cipher mode
2586                                            `- [warn] using small 64-bit block size
2587                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2588(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2589                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2590                                            `- [warn] using weak cipher mode
2591                                            `- [warn] using small 64-bit block size
2592                                            `- [info] available since OpenSSH 2.1.0
2593(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2594                                            `- [warn] using weak cipher
2595                                            `- [warn] using weak cipher mode
2596                                            `- [warn] using small 64-bit block size
2597                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2598
2599# message authentication code algorithms
2600(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
2601                                            `- [info] available since OpenSSH 6.2
2602(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
2603(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
2604(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
2605(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
2606                                            `- [info] available since OpenSSH 6.2
2607(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
2608                                            `- [warn] using small 64-bit tag size
2609                                            `- [info] available since OpenSSH 4.7
2610(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
2611                                            `- [info] available since OpenSSH 6.2
2612(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
2613                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2614(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
2615                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2616(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
2617                                            `- [warn] using weak hashing algorithm
2618                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2619
2620# algorithm recommendations (for OpenSSH 7.4)
2621(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove 
2622(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove 
2623(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove 
2624(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove 
2625(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove 
2626(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove 
2627(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove 
2628(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove 
2629(rec) -blowfish-cbc                         -- enc algorithm to remove 
2630(rec) -3des-cbc                             -- enc algorithm to remove 
2631(rec) -aes256-cbc                           -- enc algorithm to remove 
2632(rec) -cast128-cbc                          -- enc algorithm to remove 
2633(rec) -aes192-cbc                           -- enc algorithm to remove 
2634(rec) -aes128-cbc                           -- enc algorithm to remove 
2635(rec) -hmac-sha2-512                        -- mac algorithm to remove 
2636(rec) -umac-128@openssh.com                 -- mac algorithm to remove 
2637(rec) -hmac-sha2-256                        -- mac algorithm to remove 
2638(rec) -umac-64@openssh.com                  -- mac algorithm to remove 
2639(rec) -hmac-sha1                            -- mac algorithm to remove 
2640(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove 
2641(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove 
2642#######################################################################################################################################
2643Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 21:39 EST
2644NSE: [ssh-run] Failed to specify credentials and command to run.
2645NSE: [ssh-brute] Trying username/password pair: root:root
2646NSE: [ssh-brute] Trying username/password pair: admin:admin
2647NSE: [ssh-brute] Trying username/password pair: administrator:administrator
2648NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
2649NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
2650NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
2651NSE: [ssh-brute] Trying username/password pair: guest:guest
2652NSE: [ssh-brute] Trying username/password pair: user:user
2653NSE: [ssh-brute] Trying username/password pair: web:web
2654NSE: [ssh-brute] Trying username/password pair: test:test
2655NSE: [ssh-brute] Trying username/password pair: root:
2656NSE: [ssh-brute] Trying username/password pair: admin:
2657NSE: [ssh-brute] Trying username/password pair: administrator:
2658NSE: [ssh-brute] Trying username/password pair: webadmin:
2659NSE: [ssh-brute] Trying username/password pair: sysadmin:
2660NSE: [ssh-brute] Trying username/password pair: netadmin:
2661NSE: [ssh-brute] Trying username/password pair: guest:
2662NSE: [ssh-brute] Trying username/password pair: user:
2663NSE: [ssh-brute] Trying username/password pair: web:
2664NSE: [ssh-brute] Trying username/password pair: test:
2665NSE: [ssh-brute] Trying username/password pair: root:123456
2666NSE: [ssh-brute] Trying username/password pair: admin:123456
2667NSE: [ssh-brute] Trying username/password pair: administrator:123456
2668NSE: [ssh-brute] Trying username/password pair: webadmin:123456
2669NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
2670NSE: [ssh-brute] Trying username/password pair: netadmin:123456
2671NSE: [ssh-brute] Trying username/password pair: guest:123456
2672NSE: [ssh-brute] Trying username/password pair: user:123456
2673NSE: [ssh-brute] Trying username/password pair: web:123456
2674NSE: [ssh-brute] Trying username/password pair: test:123456
2675NSE: [ssh-brute] Trying username/password pair: root:12345
2676NSE: [ssh-brute] Trying username/password pair: admin:12345
2677NSE: [ssh-brute] Trying username/password pair: administrator:12345
2678NSE: [ssh-brute] Trying username/password pair: webadmin:12345
2679NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
2680NSE: [ssh-brute] Trying username/password pair: netadmin:12345
2681NSE: [ssh-brute] Trying username/password pair: guest:12345
2682NSE: [ssh-brute] Trying username/password pair: user:12345
2683NSE: [ssh-brute] Trying username/password pair: web:12345
2684NSE: [ssh-brute] Trying username/password pair: test:12345
2685Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2686Host is up (0.23s latency).
2687
2688PORT   STATE SERVICE VERSION
268922/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
2690| ssh-auth-methods: 
2691|   Supported authentication methods: 
2692|     publickey
2693|     gssapi-keyex
2694|     gssapi-with-mic
2695|_    password
2696| ssh-hostkey: 
2697|   2048 aa:1d:e3:0d:56:17:88:a2:ea:4c:19:42:db:7a:b1:a3 (RSA)
2698|   256 40:6a:93:21:f9:9f:b9:9e:0c:99:93:9a:9f:ce:ac:80 (ECDSA)
2699|_  256 3c:d4:65:67:ec:1a:07:96:d5:e6:4b:6e:85:dc:60:e7 (ED25519)
2700|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
2701|_ssh-run: Failed to specify credentials and command to run.
2702Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2703Device type: general purpose|storage-misc|firewall
2704Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (92%), Synology DiskStation Manager 5.X (86%), WatchGuard Fireware 11.X (86%), FreeBSD 6.X (85%)
2705OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/o:freebsd:freebsd:6.2
2706Aggressive OS guesses: Linux 3.10 - 3.12 (92%), Linux 4.4 (92%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (90%), Linux 3.10 (87%), Linux 3.10 - 3.16 (87%), Linux 4.0 (87%), Linux 2.6.18 (86%), Linux 3.10 - 4.11 (86%), Linux 3.11 - 4.1 (86%)
2707No exact OS matches for host (test conditions non-ideal).
2708Network Distance: 13 hops
2709
2710TRACEROUTE (using port 22/tcp)
2711HOP RTT       ADDRESS
27121   161.86 ms 10.249.204.1
27132   82.63 ms  104.245.145.177
27143   82.63 ms  te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
27154   82.68 ms  be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
27165   82.64 ms  te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
27176   101.02 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
27187   101.02 ms be2889.ccr41.jfk02.atlas.cogentco.com (154.54.47.50)
27198   101.05 ms be3362.ccr31.jfk04.atlas.cogentco.com (154.54.3.10)
27209   101.02 ms 38.88.194.130
272110  ... 12
272213  288.02 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2723#######################################################################################################################################
2724USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2725RHOSTS => 170.246.172.178
2726RHOST => 170.246.172.178
2727[*] 170.246.172.178:22 - SSH - Using malformed packet technique
2728[*] 170.246.172.178:22 - SSH - Starting scan
2729[-] 170.246.172.178:22 - SSH - User 'admin' on could not connect
2730[-] 170.246.172.178:22 - SSH - User 'administrator' on could not connect
2731[-] 170.246.172.178:22 - SSH - User 'anonymous' on could not connect
2732[-] 170.246.172.178:22 - SSH - User 'backup' on could not connect
2733[-] 170.246.172.178:22 - SSH - User 'bee' on could not connect
2734[-] 170.246.172.178:22 - SSH - User 'ftp' on could not connect
2735[-] 170.246.172.178:22 - SSH - User 'guest' on could not connect
2736[-] 170.246.172.178:22 - SSH - User 'GUEST' on could not connect
2737[-] 170.246.172.178:22 - SSH - User 'info' on could not connect
2738[-] 170.246.172.178:22 - SSH - User 'mail' on could not connect
2739[-] 170.246.172.178:22 - SSH - User 'mailadmin' on could not connect
2740[-] 170.246.172.178:22 - SSH - User 'msfadmin' on could not connect
2741[-] 170.246.172.178:22 - SSH - User 'mysql' on could not connect
2742[-] 170.246.172.178:22 - SSH - User 'nobody' on could not connect
2743[-] 170.246.172.178:22 - SSH - User 'oracle' on could not connect
2744[-] 170.246.172.178:22 - SSH - User 'owaspbwa' on could not connect
2745[-] 170.246.172.178:22 - SSH - User 'postfix' on could not connect
2746[-] 170.246.172.178:22 - SSH - User 'postgres' on could not connect
2747[-] 170.246.172.178:22 - SSH - User 'private' on could not connect
2748[-] 170.246.172.178:22 - SSH - User 'proftpd' on could not connect
2749[-] 170.246.172.178:22 - SSH - User 'public' on could not connect
2750[-] 170.246.172.178:22 - SSH - User 'root' on could not connect
2751[-] 170.246.172.178:22 - SSH - User 'superadmin' on could not connect
2752[-] 170.246.172.178:22 - SSH - User 'support' on could not connect
2753[-] 170.246.172.178:22 - SSH - User 'sys' on could not connect
2754[-] 170.246.172.178:22 - SSH - User 'system' on could not connect
2755[-] 170.246.172.178:22 - SSH - User 'systemadmin' on could not connect
2756[-] 170.246.172.178:22 - SSH - User 'systemadministrator' on could not connect
2757[-] 170.246.172.178:22 - SSH - User 'test' on could not connect
2758[-] 170.246.172.178:22 - SSH - User 'tomcat' on could not connect
2759[-] 170.246.172.178:22 - SSH - User 'user' on could not connect
2760[-] 170.246.172.178:22 - SSH - User 'webmaster' on could not connect
2761[-] 170.246.172.178:22 - SSH - User 'www-data' on could not connect
2762[-] 170.246.172.178:22 - SSH - User 'Fortimanager_Access' on could not connect
2763[*] Scanned 1 of 1 hosts (100% complete)
2764[*] Auxiliary module execution completed
2765######################################################################################################################################
2766Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:10 EST
2767Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2768Host is up (0.27s latency).
2769
2770PORT   STATE    SERVICE VERSION
277153/tcp filtered domain
2772Too many fingerprints match this host to give specific OS details
2773Network Distance: 15 hops
2774
2775Host script results:
2776| dns-brute: 
2777|   DNS Brute-force hostnames: 
2778|     stats.anacondaweb.com - 200.6.117.50
2779|     ns.anacondaweb.com - 200.6.117.50
2780|     intranet.anacondaweb.com - 190.14.48.72
2781|     dns1.anacondaweb.com - 200.6.117.28
2782|     dns2.anacondaweb.com - 170.246.172.254
2783|     vpn.anacondaweb.com - 200.6.120.201
2784|     ns2.anacondaweb.com - 184.168.105.11
2785|     ns3.anacondaweb.com - 200.6.117.51
2786|     wiki.anacondaweb.com - 190.14.48.181
2787|     exchange.anacondaweb.com - 170.246.173.4
2788|     www.anacondaweb.com - 200.6.117.167
2789|     mail.anacondaweb.com - 200.6.117.51
2790|     www2.anacondaweb.com - 200.6.117.167
2791|     ftp.anacondaweb.com - 200.6.117.50
2792|     blog.anacondaweb.com - 190.14.48.181
2793|_    monitor.anacondaweb.com - 200.6.120.200
2794
2795TRACEROUTE (using proto 1/icmp)
2796HOP RTT       ADDRESS
27971   138.42 ms 10.249.204.1
27982   196.52 ms 104.245.145.177
27993   196.59 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
28004   196.62 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
28015   196.59 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
28026   196.65 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
28037   196.68 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
28048   196.73 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
28059   196.72 ms 38.88.194.130
280610  306.63 ms 10.10.51.6
280711  ... 14
280815  269.85 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2809#######################################################################################################################################
2810Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:10 EST
2811Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2812Host is up (0.29s latency).
2813
2814PORT   STATE         SERVICE VERSION
281567/tcp filtered      dhcps
281667/udp open|filtered dhcps
2817|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2818Too many fingerprints match this host to give specific OS details
2819Network Distance: 15 hops
2820
2821TRACEROUTE (using proto 1/icmp)
2822HOP RTT       ADDRESS
28231   126.57 ms 10.249.204.1
28242   195.99 ms 104.245.145.177
28253   196.02 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
28264   196.05 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
28275   195.98 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
28286   196.08 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
28297   196.15 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
28308   196.14 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
28319   196.13 ms 38.88.194.130
283210  265.77 ms 10.10.51.6
283311  213.90 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
283412  ... 14
283515  292.30 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2836######################################################################################################################################
2837Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:12 EST
2838Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2839Host is up (0.24s latency).
2840
2841PORT   STATE         SERVICE VERSION
284268/tcp filtered      dhcpc
284368/udp open|filtered dhcpc
2844Too many fingerprints match this host to give specific OS details
2845Network Distance: 15 hops
2846
2847TRACEROUTE (using proto 1/icmp)
2848HOP RTT       ADDRESS
28491   60.79 ms  10.249.204.1
28502   91.21 ms  104.245.145.177
28513   91.19 ms  te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
28524   91.18 ms  te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
28535   91.16 ms  te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
28546   91.23 ms  be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
28557   91.27 ms  be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
28568   91.32 ms  be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
28579   91.32 ms  38.88.194.130
285810  186.44 ms 10.10.51.6
285911  183.19 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
286012  ... 14
286115  243.10 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2862######################################################################################################################################
2863Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:14 EST
2864Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2865Host is up (0.26s latency).
2866
2867PORT   STATE         SERVICE VERSION
286869/tcp filtered      tftp
286969/udp open|filtered tftp
2870Too many fingerprints match this host to give specific OS details
2871Network Distance: 15 hops
2872
2873TRACEROUTE (using proto 1/icmp)
2874HOP RTT       ADDRESS
28751   83.75 ms  10.249.204.1
28762   124.75 ms 104.245.145.177
28773   124.79 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
28784   124.83 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
28795   124.83 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
28806   124.87 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
28817   124.93 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
28828   124.92 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
28839   124.92 ms 38.88.194.130
288410  194.18 ms 10.10.51.6
288511  220.01 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
288612  ... 14
288715  263.89 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2888#######################################################################################################################################
2889Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:19 EST
2890Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2891Host is up (0.27s latency).
2892
2893PORT    STATE    SERVICE VERSION
2894110/tcp filtered pop3
2895Too many fingerprints match this host to give specific OS details
2896Network Distance: 15 hops
2897
2898TRACEROUTE (using proto 1/icmp)
2899HOP RTT       ADDRESS
29001   120.50 ms 10.249.204.1
29012   177.53 ms 104.245.145.177
29023   177.57 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
29034   177.59 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
29045   177.58 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
29056   177.62 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
29067   177.63 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
29078   177.66 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
29089   177.67 ms 38.88.194.130
290910  280.16 ms 10.10.51.6
291011  211.20 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
291112  ... 14
291215  272.39 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2913#######################################################################################################################################
2914Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:19 EST
2915Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2916Host is up (0.24s latency).
2917
2918PORT    STATE         SERVICE VERSION
2919123/tcp filtered      ntp
2920123/udp open|filtered ntp
2921Too many fingerprints match this host to give specific OS details
2922Network Distance: 15 hops
2923
2924TRACEROUTE (using proto 1/icmp)
2925HOP RTT       ADDRESS
29261   90.20 ms  10.249.204.1
29272   135.54 ms 104.245.145.177
29283   135.60 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
29294   135.62 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
29305   135.60 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
29316   135.65 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
29327   135.70 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
29338   135.70 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
29349   135.69 ms 38.88.194.130
293510  198.60 ms 10.10.51.6
293611  190.91 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
293712  ... 14
293815  244.91 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2939#######################################################################################################################################
2940Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:27 EST
2941Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2942Host is up (0.24s latency).
2943
2944PORT     STATE    SERVICE VERSION
29453306/tcp filtered mysql
2946Too many fingerprints match this host to give specific OS details
2947Network Distance: 15 hops
2948
2949TRACEROUTE (using proto 1/icmp)
2950HOP RTT       ADDRESS
29511   127.84 ms 10.249.204.1
29522   169.54 ms 104.245.145.177
29533   169.59 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
29544   169.61 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
29555   169.59 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
29566   169.63 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
29577   169.69 ms be2890.ccr42.jfk02.atlas.cogentco.com (154.54.82.246)
29588   169.66 ms be3363.ccr31.jfk04.atlas.cogentco.com (154.54.3.126)
29599   169.69 ms 38.88.194.130
296010  249.36 ms 10.10.51.6
296111  189.94 ms clsclnocpshpx1.gw.ifxnw.cl (216.241.0.8)
296212  ... 14
296315  243.84 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2964#######################################################################################################################################
2965Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:27 EST
2966Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2967Host is up (0.11s latency).
2968Not shown: 65532 filtered ports
2969PORT    STATE  SERVICE      VERSION
297025/tcp  closed smtp
2971139/tcp closed netbios-ssn
2972445/tcp closed microsoft-ds
2973Too many fingerprints match this host to give specific OS details
2974Network Distance: 2 hops
2975
2976TRACEROUTE (using port 139/tcp)
2977HOP RTT       ADDRESS
29781   138.04 ms 10.249.204.1
29792   138.06 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
2980######################################################################################################################################
2981Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 22:29 EST
2982Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
2983Host is up (0.080s latency).
2984
2985PORT     STATE         SERVICE      VERSION
298653/tcp   filtered      domain
298767/tcp   filtered      dhcps
298868/tcp   filtered      dhcpc
298969/tcp   filtered      tftp
299088/tcp   filtered      kerberos-sec
2991123/tcp  filtered      ntp
2992137/tcp  filtered      netbios-ns
2993138/tcp  filtered      netbios-dgm
2994139/tcp  closed        netbios-ssn
2995161/tcp  filtered      snmp
2996162/tcp  filtered      snmptrap
2997389/tcp  filtered      ldap
2998520/tcp  filtered      efs
29992049/tcp filtered      nfs
300053/udp   open|filtered domain
300167/udp   open|filtered dhcps
300268/udp   open|filtered dhcpc
300369/udp   open|filtered tftp
300488/udp   open|filtered kerberos-sec
3005123/udp  open|filtered ntp
3006137/udp  filtered      netbios-ns
3007138/udp  filtered      netbios-dgm
3008139/udp  open|filtered netbios-ssn
3009161/udp  open|filtered snmp
3010162/udp  open|filtered snmptrap
3011389/udp  open|filtered ldap
3012520/udp  open|filtered route
30132049/udp open|filtered nfs
3014Too many fingerprints match this host to give specific OS details
3015Network Distance: 2 hops
3016
3017TRACEROUTE (using port 139/tcp)
3018HOP RTT      ADDRESS
30191   80.33 ms 10.249.204.1
30202   80.33 ms host-170-246-172-178.anacondaweb.com (170.246.172.178)
3021######################################################################################################################################
3022Hosts
3023=====
3024
3025address          mac  name                                  os_name  os_flavor  os_sp  purpose  info  comments
3026-------          ---  ----                                  -------  ---------  -----  -------  ----  --------
302787.247.240.207        crayford.servers.prgn.misp.co.uk      Android             5.X    device         
302893.174.93.84                                                Linux               3.X    server         
3029163.247.52.17         www.mtt.cl                            Linux               2.6.X  server         
3030170.246.172.178       host-170-246-172-178.anacondaweb.com  Linux               2.6.X  server         
3031185.68.93.22          verbatim1981.example.com              Unknown                    device         
3032186.67.91.110         ipj10-110.poderjudicial.cl            Linux               2.6.X  server         
3033194.18.73.2           www.sakerhetspolisen.se               Linux               2.6.X  server         
3034200.35.157.77         srv77.talcaguia.cl                    Unknown                    device         
3035201.131.38.40                                               Linux               2.6.X  server         
3036
3037Services
3038========
3039
3040host             port  proto  name            state     info
3041----             ----  -----  ----            -----     ----
304287.247.240.207   21    tcp    ftp             open      ProFTPD
304387.247.240.207   22    tcp    ssh             open      OpenSSH 7.4 protocol 2.0
304487.247.240.207   67    udp    dhcps           unknown   
304587.247.240.207   68    udp    dhcpc           unknown   
304687.247.240.207   69    udp    tftp            unknown   
304787.247.240.207   80    tcp    http            open      Apache httpd
304887.247.240.207   88    udp    kerberos-sec    unknown   
304987.247.240.207   110   tcp    pop3            open      Dovecot pop3d
305087.247.240.207   123   udp    ntp             unknown   
305187.247.240.207   139   udp    netbios-ssn     unknown   
305287.247.240.207   143   tcp    imap            open      Dovecot imapd
305387.247.240.207   161   udp    snmp            unknown   
305487.247.240.207   162   udp    snmptrap        unknown   
305587.247.240.207   389   udp    ldap            unknown   
305687.247.240.207   443   tcp    ssl/http        open      Apache httpd
305787.247.240.207   465   tcp    ssl/smtp        open      Exim smtpd 4.92
305887.247.240.207   520   udp    route           unknown   
305987.247.240.207   587   tcp    smtp            open      Exim smtpd 4.92
306087.247.240.207   993   tcp    ssl/imaps       open      
306187.247.240.207   995   tcp    ssl/pop3s       open      
306287.247.240.207   2049  udp    nfs             unknown   
306393.174.93.84     21    tcp    ftp             open      vsftpd 3.0.2
306493.174.93.84     25    tcp    smtp            closed    
306593.174.93.84     53    tcp    domain          filtered  
306693.174.93.84     53    udp    domain          filtered  
306793.174.93.84     67    tcp    dhcps           filtered  
306893.174.93.84     67    udp    dhcps           filtered  
306993.174.93.84     68    tcp    dhcpc           filtered  
307093.174.93.84     68    udp    dhcpc           unknown   
307193.174.93.84     69    tcp    tftp            filtered  
307293.174.93.84     69    udp    tftp            unknown   
307393.174.93.84     80    tcp    http            open      Apache httpd 2.4.6 (CentOS) PHP/5.4.16
307493.174.93.84     88    tcp    kerberos-sec    filtered  
307593.174.93.84     88    udp    kerberos-sec    unknown   
307693.174.93.84     123   tcp    ntp             filtered  
307793.174.93.84     123   udp    ntp             filtered  
307893.174.93.84     137   tcp    netbios-ns      filtered  
307993.174.93.84     137   udp    netbios-ns      filtered  
308093.174.93.84     138   tcp    netbios-dgm     filtered  
308193.174.93.84     138   udp    netbios-dgm     filtered  
308293.174.93.84     139   tcp    netbios-ssn     closed    
308393.174.93.84     139   udp    netbios-ssn     unknown   
308493.174.93.84     161   tcp    snmp            filtered  
308593.174.93.84     161   udp    snmp            unknown   
308693.174.93.84     162   tcp    snmptrap        filtered  
308793.174.93.84     162   udp    snmptrap        unknown   
308893.174.93.84     389   tcp    ldap            filtered  
308993.174.93.84     389   udp    ldap            filtered  
309093.174.93.84     445   tcp    microsoft-ds    closed    
309193.174.93.84     520   tcp    efs             filtered  
309293.174.93.84     520   udp    route           unknown   
309393.174.93.84     2049  tcp    nfs             filtered  
309493.174.93.84     2049  udp    nfs             unknown   
3095163.247.52.17    25    tcp    smtp            closed    
3096163.247.52.17    53    tcp    domain          filtered  
3097163.247.52.17    53    udp    domain          unknown   
3098163.247.52.17    67    tcp    dhcps           filtered  
3099163.247.52.17    67    udp    dhcps           unknown   
3100163.247.52.17    68    tcp    dhcpc           filtered  
3101163.247.52.17    68    udp    dhcpc           unknown   
3102163.247.52.17    69    tcp    tftp            filtered  
3103163.247.52.17    69    udp    tftp            unknown   
3104163.247.52.17    80    tcp    http            open      Apache httpd
3105163.247.52.17    88    tcp    kerberos-sec    filtered  
3106163.247.52.17    88    udp    kerberos-sec    unknown   
3107163.247.52.17    113   tcp    ident           closed    
3108163.247.52.17    123   tcp    ntp             filtered  
3109163.247.52.17    123   udp    ntp             unknown   
3110163.247.52.17    137   tcp    netbios-ns      filtered  
3111163.247.52.17    137   udp    netbios-ns      filtered  
3112163.247.52.17    138   tcp    netbios-dgm     filtered  
3113163.247.52.17    138   udp    netbios-dgm     filtered  
3114163.247.52.17    139   tcp    netbios-ssn     closed    
3115163.247.52.17    139   udp    netbios-ssn     unknown   
3116163.247.52.17    161   tcp    snmp            filtered  
3117163.247.52.17    161   udp    snmp            unknown   
3118163.247.52.17    162   tcp    snmptrap        filtered  
3119163.247.52.17    162   udp    snmptrap        unknown   
3120163.247.52.17    389   tcp    ldap            filtered  
3121163.247.52.17    389   udp    ldap            unknown   
3122163.247.52.17    443   tcp    ssl/https       open      
3123163.247.52.17    445   tcp    microsoft-ds    closed    
3124163.247.52.17    520   tcp    efs             filtered  
3125163.247.52.17    520   udp    route           unknown   
3126163.247.52.17    2049  tcp    nfs             filtered  
3127163.247.52.17    2049  udp    nfs             unknown   
3128170.246.172.178  21    tcp    ftp             open      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:38. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
3129170.246.172.178  25    tcp    smtp            closed    
3130170.246.172.178  53    tcp    domain          open      PowerDNS Authoritative Server 4.1.10
3131170.246.172.178  53    udp    domain          open      PowerDNS Authoritative Server 4.1.10
3132170.246.172.178  67    tcp    dhcps           filtered  
3133170.246.172.178  67    udp    dhcps           unknown   
3134170.246.172.178  68    tcp    dhcpc           filtered  
3135170.246.172.178  68    udp    dhcpc           unknown   
3136170.246.172.178  69    tcp    tftp            filtered  
3137170.246.172.178  69    udp    tftp            unknown   
3138170.246.172.178  88    tcp    kerberos-sec    filtered  
3139170.246.172.178  88    udp    kerberos-sec    unknown   
3140170.246.172.178  123   tcp    ntp             filtered  
3141170.246.172.178  123   udp    ntp             unknown   
3142170.246.172.178  137   tcp    netbios-ns      filtered  
3143170.246.172.178  137   udp    netbios-ns      filtered  
3144170.246.172.178  138   tcp    netbios-dgm     filtered  
3145170.246.172.178  138   udp    netbios-dgm     filtered  
3146170.246.172.178  139   tcp    netbios-ssn     closed    
3147170.246.172.178  139   udp    netbios-ssn     unknown   
3148170.246.172.178  161   tcp    snmp            filtered  
3149170.246.172.178  161   udp    snmp            unknown   
3150170.246.172.178  162   tcp    snmptrap        filtered  
3151170.246.172.178  162   udp    snmptrap        unknown   
3152170.246.172.178  389   tcp    ldap            filtered  
3153170.246.172.178  389   udp    ldap            unknown   
3154170.246.172.178  445   tcp    microsoft-ds    closed    
3155170.246.172.178  520   tcp    efs             filtered  
3156170.246.172.178  520   udp    route           unknown   
3157170.246.172.178  2049  tcp    nfs             filtered  
3158170.246.172.178  2049  udp    nfs             unknown   
3159185.68.93.22     22    tcp    ssh             open      SSH-2.0-OpenSSH_5.3
3160185.68.93.22     53    tcp    domain          closed    
3161185.68.93.22     53    udp    domain          unknown   
3162185.68.93.22     67    tcp    dhcps           closed    
3163185.68.93.22     67    udp    dhcps           closed    
3164185.68.93.22     68    tcp    dhcpc           closed    
3165185.68.93.22     68    udp    dhcpc           closed    
3166185.68.93.22     69    tcp    tftp            closed    
3167185.68.93.22     69    udp    tftp            unknown   
3168185.68.93.22     88    tcp    kerberos-sec    closed    
3169185.68.93.22     88    udp    kerberos-sec    unknown   
3170185.68.93.22     123   tcp    ntp             closed    
3171185.68.93.22     123   udp    ntp             closed    
3172185.68.93.22     137   tcp    netbios-ns      closed    
3173185.68.93.22     137   udp    netbios-ns      filtered  
3174185.68.93.22     138   tcp    netbios-dgm     closed    
3175185.68.93.22     138   udp    netbios-dgm     filtered  
3176185.68.93.22     139   tcp    netbios-ssn     closed    
3177185.68.93.22     139   udp    netbios-ssn     closed    
3178185.68.93.22     161   tcp    snmp            closed    
3179185.68.93.22     161   udp    snmp            unknown   
3180185.68.93.22     162   tcp    snmptrap        closed    
3181185.68.93.22     162   udp    snmptrap        closed    
3182185.68.93.22     389   tcp    ldap            closed    
3183185.68.93.22     389   udp    ldap            unknown   
3184185.68.93.22     520   tcp    efs             closed    
3185185.68.93.22     520   udp    route           unknown   
3186185.68.93.22     2049  tcp    nfs             closed    
3187185.68.93.22     2049  udp    nfs             closed    
3188186.67.91.110    25    tcp    smtp            closed    
3189186.67.91.110    53    tcp    domain          filtered  
3190186.67.91.110    53    udp    domain          unknown   
3191186.67.91.110    67    tcp    dhcps           filtered  
3192186.67.91.110    67    udp    dhcps           unknown   
3193186.67.91.110    68    tcp    dhcpc           filtered  
3194186.67.91.110    68    udp    dhcpc           unknown   
3195186.67.91.110    69    tcp    tftp            filtered  
3196186.67.91.110    69    udp    tftp            unknown   
3197186.67.91.110    80    tcp    http-proxy      open      F5 BIG-IP load balancer http proxy
3198186.67.91.110    88    tcp    kerberos-sec    filtered  
3199186.67.91.110    88    udp    kerberos-sec    unknown   
3200186.67.91.110    123   tcp    ntp             filtered  
3201186.67.91.110    123   udp    ntp             unknown   
3202186.67.91.110    137   tcp    netbios-ns      filtered  
3203186.67.91.110    137   udp    netbios-ns      filtered  
3204186.67.91.110    138   tcp    netbios-dgm     filtered  
3205186.67.91.110    138   udp    netbios-dgm     filtered  
3206186.67.91.110    139   tcp    netbios-ssn     closed    
3207186.67.91.110    139   udp    netbios-ssn     unknown   
3208186.67.91.110    161   tcp    snmp            filtered  
3209186.67.91.110    161   udp    snmp            unknown   
3210186.67.91.110    162   tcp    snmptrap        filtered  
3211186.67.91.110    162   udp    snmptrap        unknown   
3212186.67.91.110    389   tcp    ldap            filtered  
3213186.67.91.110    389   udp    ldap            unknown   
3214186.67.91.110    443   tcp    ssl/https       open      
3215186.67.91.110    445   tcp    microsoft-ds    closed    
3216186.67.91.110    520   tcp    efs             filtered  
3217186.67.91.110    520   udp    route           unknown   
3218186.67.91.110    2049  tcp    nfs             filtered  
3219186.67.91.110    2049  udp    nfs             unknown   
3220194.18.73.2      25    tcp    smtp            closed    
3221194.18.73.2      53    tcp    domain          filtered  
3222194.18.73.2      53    udp    domain          unknown   
3223194.18.73.2      67    tcp    dhcps           filtered  
3224194.18.73.2      67    udp    dhcps           unknown   
3225194.18.73.2      68    tcp    dhcpc           filtered  
3226194.18.73.2      68    udp    dhcpc           unknown   
3227194.18.73.2      69    tcp    tftp            filtered  
3228194.18.73.2      69    udp    tftp            unknown   
3229194.18.73.2      80    tcp    http-proxy      open      HAProxy http proxy 1.3.1 or later
3230194.18.73.2      88    tcp    kerberos-sec    filtered  
3231194.18.73.2      88    udp    kerberos-sec    unknown   
3232194.18.73.2      113   tcp    ident           closed    
3233194.18.73.2      123   tcp    ntp             filtered  
3234194.18.73.2      123   udp    ntp             unknown   
3235194.18.73.2      137   tcp    netbios-ns      filtered  
3236194.18.73.2      137   udp    netbios-ns      filtered  
3237194.18.73.2      138   tcp    netbios-dgm     filtered  
3238194.18.73.2      138   udp    netbios-dgm     filtered  
3239194.18.73.2      139   tcp    netbios-ssn     closed    
3240194.18.73.2      139   udp    netbios-ssn     unknown   
3241194.18.73.2      161   tcp    snmp            filtered  
3242194.18.73.2      161   udp    snmp            unknown   
3243194.18.73.2      162   tcp    snmptrap        filtered  
3244194.18.73.2      162   udp    snmptrap        unknown   
3245194.18.73.2      389   tcp    ldap            filtered  
3246194.18.73.2      389   udp    ldap            unknown   
3247194.18.73.2      443   tcp    ssl/http-proxy  open      HAProxy http proxy 1.3.1 or later
3248194.18.73.2      445   tcp    microsoft-ds    closed    
3249194.18.73.2      520   tcp    efs             filtered  
3250194.18.73.2      520   udp    route           closed    
3251194.18.73.2      2049  tcp    nfs             filtered  
3252194.18.73.2      2049  udp    nfs             unknown   
3253200.35.157.77    53    tcp    domain          filtered  
3254200.35.157.77    53    udp    domain          unknown   
3255200.35.157.77    67    tcp    dhcps           filtered  
3256200.35.157.77    67    udp    dhcps           unknown   
3257200.35.157.77    68    tcp    dhcpc           filtered  
3258200.35.157.77    68    udp    dhcpc           unknown   
3259200.35.157.77    69    tcp    tftp            filtered  
3260200.35.157.77    69    udp    tftp            unknown   
3261200.35.157.77    88    tcp    kerberos-sec    filtered  
3262200.35.157.77    88    udp    kerberos-sec    unknown   
3263200.35.157.77    123   tcp    ntp             filtered  
3264200.35.157.77    123   udp    ntp             unknown   
3265200.35.157.77    137   tcp    netbios-ns      filtered  
3266200.35.157.77    137   udp    netbios-ns      filtered  
3267200.35.157.77    138   tcp    netbios-dgm     filtered  
3268200.35.157.77    138   udp    netbios-dgm     filtered  
3269200.35.157.77    139   tcp    netbios-ssn     closed    
3270200.35.157.77    139   udp    netbios-ssn     unknown   
3271200.35.157.77    161   tcp    snmp            filtered  
3272200.35.157.77    161   udp    snmp            unknown   
3273200.35.157.77    162   tcp    snmptrap        filtered  
3274200.35.157.77    162   udp    snmptrap        unknown   
3275200.35.157.77    389   tcp    ldap            filtered  
3276200.35.157.77    389   udp    ldap            unknown   
3277200.35.157.77    520   tcp    efs             filtered  
3278200.35.157.77    520   udp    route           unknown   
3279200.35.157.77    2049  tcp    nfs             filtered  
3280200.35.157.77    2049  udp    nfs             unknown   
3281201.131.38.40    25    tcp    smtp            closed    
3282201.131.38.40    53    tcp    domain          filtered  
3283201.131.38.40    53    udp    domain          unknown   
3284201.131.38.40    67    tcp    dhcps           filtered  
3285201.131.38.40    67    udp    dhcps           unknown   
3286201.131.38.40    68    tcp    dhcpc           filtered  
3287201.131.38.40    68    udp    dhcpc           unknown   
3288201.131.38.40    69    tcp    tftp            filtered  
3289201.131.38.40    69    udp    tftp            unknown   
3290201.131.38.40    80    tcp    http            open      Apache httpd
3291201.131.38.40    88    tcp    kerberos-sec    filtered  
3292201.131.38.40    88    udp    kerberos-sec    unknown   
3293201.131.38.40    123   tcp    ntp             filtered  
3294201.131.38.40    123   udp    ntp             unknown   
3295201.131.38.40    137   tcp    netbios-ns      filtered  
3296201.131.38.40    137   udp    netbios-ns      filtered  
3297201.131.38.40    138   tcp    netbios-dgm     filtered  
3298201.131.38.40    138   udp    netbios-dgm     filtered  
3299201.131.38.40    139   tcp    netbios-ssn     closed    
3300201.131.38.40    139   udp    netbios-ssn     unknown   
3301201.131.38.40    161   tcp    snmp            filtered  
3302201.131.38.40    161   udp    snmp            unknown   
3303201.131.38.40    162   tcp    snmptrap        filtered  
3304201.131.38.40    162   udp    snmptrap        unknown   
3305201.131.38.40    389   tcp    ldap            filtered  
3306201.131.38.40    389   udp    ldap            unknown   
3307201.131.38.40    443   tcp    ssl/http        open      Apache httpd
3308201.131.38.40    445   tcp    microsoft-ds    closed    
3309201.131.38.40    520   tcp    efs             filtered  
3310201.131.38.40    520   udp    route           unknown   
3311201.131.38.40    2049  tcp    nfs             filtered  
3312201.131.38.40    2049  udp    nfs             unknown   
3313#######################################################################################################################################
3314Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 21:39 EST
3315Nmap scan report for host-170-246-172-178.anacondaweb.com (170.246.172.178)
3316Host is up (0.29s latency).
3317Not shown: 926 filtered ports, 62 closed ports
3318PORT     STATE SERVICE  VERSION
331921/tcp   open  ftp      Pure-FTPd
3320| vulscan: VulDB - https://vuldb.com:
3321| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
3322| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
3323| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
3324| 
3325| MITRE CVE - https://cve.mitre.org:
3326| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
3327| 
3328| SecurityFocus - https://www.securityfocus.com/bid/:
3329| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
3330| 
3331| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3332| No findings
3333| 
3334| Exploit-DB - https://www.exploit-db.com:
3335| No findings
3336| 
3337| OpenVAS (Nessus) - http://www.openvas.org:
3338| No findings
3339| 
3340| SecurityTracker - https://www.securitytracker.com:
3341| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
3342| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
3343| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
3344| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
3345| 
3346| OSVDB - http://www.osvdb.org:
3347| No findings
3348|_
334922/tcp   open  ssh      OpenSSH 7.4 (protocol 2.0)
3350| vulscan: VulDB - https://vuldb.com:
3351| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
3352| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
3353| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
3354| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
3355| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
3356| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
3357| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
3358| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
3359| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
3360| [94611] OpenSSH up to 7.3 Access Control privilege escalation
3361| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
3362| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
3363| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
3364| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
3365| [90405] OpenSSH up to 7.2p2 sshd information disclosure
3366| [90404] OpenSSH up to 7.2p2 sshd information disclosure
3367| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
3368| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
3369| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
3370| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
3371| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
3372| 
3373| MITRE CVE - https://cve.mitre.org:
3374| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
3375| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
3376| 
3377| SecurityFocus - https://www.securityfocus.com/bid/:
3378| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
3379| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
3380| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
3381| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
3382| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
3383| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
3384| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
3385| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
3386| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
3387| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
3388| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
3389| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
3390| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
3391| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
3392| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
3393| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
3394| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
3395| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
3396| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
3397| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
3398| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
3399| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
3400| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
3401| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
3402| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
3403| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
3404| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
3405| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
3406| [75990] OpenSSH Login Handling Security Bypass Weakness
3407| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
3408| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
3409| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
3410| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
3411| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
3412| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
3413| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
3414| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
3415| [61286] OpenSSH Remote Denial of Service Vulnerability
3416| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
3417| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
3418| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
3419| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
3420| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
3421| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3422| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
3423| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
3424| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3425| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
3426| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
3427| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
3428| [30794] Red Hat OpenSSH Backdoor Vulnerability
3429| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
3430| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
3431| [28531] OpenSSH ForceCommand Command Execution Weakness
3432| [28444] OpenSSH X Connections Session Hijacking Vulnerability
3433| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
3434| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
3435| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
3436| [20956] OpenSSH Privilege Separation Key Signature Weakness
3437| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
3438| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
3439| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
3440| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
3441| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
3442| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
3443| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
3444| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
3445| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
3446| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
3447| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
3448| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
3449| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
3450| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
3451| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
3452| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
3453| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
3454| [6168] OpenSSH Visible Password Vulnerability
3455| [5374] OpenSSH Trojan Horse Vulnerability
3456| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
3457| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3458| [4241] OpenSSH Channel Code Off-By-One Vulnerability
3459| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
3460| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
3461| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
3462| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
3463| [2917] OpenSSH PAM Session Evasion Vulnerability
3464| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
3465| [2356] OpenSSH Private Key Authentication Check Vulnerability
3466| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
3467| [1334] OpenSSH UseLogin Vulnerability
3468| 
3469| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3470| [83258] GSI-OpenSSH auth-pam.c security bypass
3471| [82781] OpenSSH time limit denial of service
3472| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
3473| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
3474| [72756] Debian openssh-server commands information disclosure
3475| [68339] OpenSSH pam_thread buffer overflow
3476| [67264] OpenSSH ssh-keysign unauthorized access
3477| [65910] OpenSSH remote_glob function denial of service
3478| [65163] OpenSSH certificate information disclosure
3479| [64387] OpenSSH J-PAKE security bypass
3480| [63337] Cisco Unified Videoconferencing OpenSSH weak security
3481| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
3482| [45202] OpenSSH signal handler denial of service
3483| [44747] RHEL OpenSSH backdoor
3484| [44280] OpenSSH PermitRootLogin information disclosure
3485| [44279] OpenSSH sshd weak security
3486| [44037] OpenSSH sshd SELinux role unauthorized access
3487| [43940] OpenSSH X11 forwarding information disclosure
3488| [41549] OpenSSH ForceCommand directive security bypass
3489| [41438] OpenSSH sshd session hijacking
3490| [40897] OpenSSH known_hosts weak security
3491| [40587] OpenSSH username weak security
3492| [37371] OpenSSH username data manipulation
3493| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
3494| [37112] RHSA update for OpenSSH signal handler race condition not installed
3495| [37107] RHSA update for OpenSSH identical block denial of service not installed
3496| [36637] OpenSSH X11 cookie privilege escalation
3497| [35167] OpenSSH packet.c newkeys[mode] denial of service
3498| [34490] OpenSSH OPIE information disclosure
3499| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
3500| [32975] Apple Mac OS X OpenSSH denial of service
3501| [32387] RHSA-2006:0738 updates for openssh not installed
3502| [32359] RHSA-2006:0697 updates for openssh not installed
3503| [32230] RHSA-2006:0298 updates for openssh not installed
3504| [32132] RHSA-2006:0044 updates for openssh not installed
3505| [30120] OpenSSH privilege separation monitor authentication verification weakness
3506| [29255] OpenSSH GSSAPI user enumeration
3507| [29254] OpenSSH signal handler race condition
3508| [29158] OpenSSH identical block denial of service
3509| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
3510| [25116] OpenSSH OpenPAM denial of service
3511| [24305] OpenSSH SCP shell expansion command execution
3512| [22665] RHSA-2005:106 updates for openssh not installed
3513| [22117] OpenSSH GSSAPI allows elevated privileges
3514| [22115] OpenSSH GatewayPorts security bypass
3515| [20930] OpenSSH sshd.c LoginGraceTime denial of service
3516| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
3517| [17213] OpenSSH allows port bouncing attacks
3518| [16323] OpenSSH scp file overwrite
3519| [13797] OpenSSH PAM information leak
3520| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
3521| [13264] OpenSSH PAM code could allow an attacker to gain access
3522| [13215] OpenSSH buffer management errors could allow an attacker to execute code
3523| [13214] OpenSSH memory vulnerabilities
3524| [13191] OpenSSH large packet buffer overflow
3525| [12196] OpenSSH could allow an attacker to bypass login restrictions
3526| [11970] OpenSSH could allow an attacker to obtain valid administrative account
3527| [11902] OpenSSH PAM support enabled information leak
3528| [9803] OpenSSH &quot
3529| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
3530| [9307] OpenSSH is running on the system
3531| [9169] OpenSSH &quot
3532| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
3533| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
3534| [8383] OpenSSH off-by-one error in channel code
3535| [7647] OpenSSH UseLogin option arbitrary code execution
3536| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
3537| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
3538| [7179] OpenSSH source IP access control bypass
3539| [6757] OpenSSH &quot
3540| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
3541| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
3542| [5517] OpenSSH allows unauthorized access to resources
3543| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
3544| 
3545| Exploit-DB - https://www.exploit-db.com:
3546| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
3547| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
3548| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3549| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
3550| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
3551| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
3552| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
3553| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
3554| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
3555| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
3556| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
3557| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
3558| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
3559| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
3560| 
3561| OpenVAS (Nessus) - http://www.openvas.org:
3562| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
3563| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
3564| [881183] CentOS Update for openssh CESA-2012:0884 centos6 
3565| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
3566| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
3567| [870763] RedHat Update for openssh RHSA-2012:0884-04
3568| [870129] RedHat Update for openssh RHSA-2008:0855-01
3569| [861813] Fedora Update for openssh FEDORA-2010-5429
3570| [861319] Fedora Update for openssh FEDORA-2007-395
3571| [861170] Fedora Update for openssh FEDORA-2007-394
3572| [861012] Fedora Update for openssh FEDORA-2007-715
3573| [840345] Ubuntu Update for openssh vulnerability USN-597-1
3574| [840300] Ubuntu Update for openssh update USN-612-5
3575| [840271] Ubuntu Update for openssh vulnerability USN-612-2
3576| [840268] Ubuntu Update for openssh update USN-612-7
3577| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
3578| [840214] Ubuntu Update for openssh vulnerability USN-566-1
3579| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
3580| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
3581| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
3582| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
3583| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
3584| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
3585| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
3586| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
3587| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
3588| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3589| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3590| [100584] OpenSSH X Connections Session Hijacking Vulnerability
3591| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
3592| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
3593| [65987] SLES10: Security update for OpenSSH
3594| [65819] SLES10: Security update for OpenSSH
3595| [65514] SLES9: Security update for OpenSSH
3596| [65513] SLES9: Security update for OpenSSH
3597| [65334] SLES9: Security update for OpenSSH
3598| [65248] SLES9: Security update for OpenSSH
3599| [65218] SLES9: Security update for OpenSSH
3600| [65169] SLES9: Security update for openssh,openssh-askpass
3601| [65126] SLES9: Security update for OpenSSH
3602| [65019] SLES9: Security update for OpenSSH
3603| [65015] SLES9: Security update for OpenSSH
3604| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
3605| [61639] Debian Security Advisory DSA 1638-1 (openssh)
3606| [61030] Debian Security Advisory DSA 1576-2 (openssh)
3607| [61029] Debian Security Advisory DSA 1576-1 (openssh)
3608| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
3609| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
3610| [60667] Slackware Advisory SSA:2008-095-01 openssh 
3611| [59014] Slackware Advisory SSA:2007-255-01 openssh 
3612| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
3613| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
3614| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
3615| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
3616| [57492] Slackware Advisory SSA:2006-272-02 openssh 
3617| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
3618| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
3619| [57470] FreeBSD Ports: openssh
3620| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
3621| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
3622| [56294] Slackware Advisory SSA:2006-045-06 openssh 
3623| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages 
3624| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory 
3625| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again 
3626| [53788] Debian Security Advisory DSA 025-1 (openssh)
3627| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
3628| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
3629| [11343] OpenSSH Client Unauthorized Remote Forwarding
3630| [10954] OpenSSH AFS/Kerberos ticket/token passing
3631| [10883] OpenSSH Channel Code Off by 1
3632| [10823] OpenSSH UseLogin Environment Variables
3633| 
3634| SecurityTracker - https://www.securitytracker.com:
3635| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
3636| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
3637| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
3638| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
3639| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
3640| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
3641| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
3642| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
3643| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
3644| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
3645| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
3646| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
3647| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
3648| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
3649| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
3650| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
3651| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
3652| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
3653| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
3654| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
3655| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
3656| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
3657| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
3658| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
3659| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
3660| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
3661| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
3662| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
3663| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
3664| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
3665| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
3666| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
3667| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
3668| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
3669| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
3670| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
3671| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
3672| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
3673| 
3674| OSVDB - http://www.osvdb.org:
3675| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
3676| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
3677| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
3678| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
3679| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
3680| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
3681| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
3682| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
3683| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
3684| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
3685| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
3686| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
3687| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
3688| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
3689| [56921] OpenSSH Unspecified Remote Compromise
3690| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
3691| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
3692| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
3693| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
3694| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
3695| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
3696| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
3697| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
3698| [43745] OpenSSH X11 Forwarding Local Session Hijacking
3699| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
3700| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
3701| [37315] pam_usb OpenSSH Authentication Unspecified Issue
3702| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
3703| [34601] OPIE w/ OpenSSH Account Enumeration
3704| [34600] OpenSSH S/KEY Authentication Account Enumeration
3705| [32721] OpenSSH Username Password Complexity Account Enumeration
3706| [30232] OpenSSH Privilege Separation Monitor Weakness
3707| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
3708| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
3709| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
3710| [29152] OpenSSH Identical Block Packet DoS
3711| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
3712| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
3713| [22692] OpenSSH scp Command Line Filename Processing Command Injection
3714| [20216] OpenSSH with KerberosV Remote Authentication Bypass
3715| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
3716| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
3717| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
3718| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
3719| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
3720| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
3721| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
3722| [6601] OpenSSH *realloc() Unspecified Memory Errors
3723| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
3724| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
3725| [6072] OpenSSH PAM Conversation Function Stack Modification
3726| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
3727| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
3728| [5408] OpenSSH echo simulation Information Disclosure
3729| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
3730| [4536] OpenSSH Portable AIX linker Privilege Escalation
3731| [3938] OpenSSL and OpenSSH /dev/random Check Failure
3732| [3456] OpenSSH buffer_append_space() Heap Corruption
3733| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
3734| [2140] OpenSSH w/ PAM Username Validity Timing Attack
3735| [2112] OpenSSH Reverse DNS Lookup Bypass
3736| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
3737| [1853] OpenSSH Symbolic Link 'cookies' File Removal
3738| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
3739| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
3740| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
3741| [688] OpenSSH UseLogin Environment Variable Local Command Execution
3742| [642] OpenSSH Multiple Key Type ACL Bypass
3743| [504] OpenSSH SSHv2 Public Key Authentication Bypass
3744| [341] OpenSSH UseLogin Local Privilege Escalation
3745|_
374653/tcp   open  domain   PowerDNS Authoritative Server 4.1.10
3747| vulscan: VulDB - https://vuldb.com:
3748| [127296] PowerDNS Authoritative Server/Recursor up to 4.1.4 Cache Packet denial of service
3749| [133822] Kofax Front Office Server 4.1.1.11.0.5212 Administration Console upload Parameter XML External Entity
3750| [133821] Kofax Front Office Server 4.1.1.11.0.5212 Administration Console cross site scripting
3751| [133820] Kofax Front Office Server 4.1.1.11.0.5212 Administration Console Cleartext information disclosure
3752| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
3753| [50454] Symantec SecurityExpressions Audit and Compliance Server up to 4.1.1 Error Message cross site scripting
3754| [50453] Symantec SecurityExpressions Audit and Compliance Server up to 4.1.1 Error Message cross site scripting
3755| [40426] Seattle Lab Software SLNet RF Telnet Server up to 4.1.1.3758 slnet.exe denial of service
3756| 
3757| MITRE CVE - https://cve.mitre.org:
3758| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3759| [CVE-2013-3970] Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
3760| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
3761| [CVE-2012-4729] Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.
3762| [CVE-2011-5239] CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3763| [CVE-2011-4535] Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
3764| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3765| [CVE-2010-2156] ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
3766| [CVE-2009-3030] Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."
3767| [CVE-2009-3029] Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.
3768| [CVE-2008-3286] SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference
3769| [CVE-2008-0441] IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log
3770| [CVE-2008-0152] SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference.  NOTE: the crash is not user-assisted when the server is running in debug mode.
3771| [CVE-2007-2865] Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
3772| [CVE-2006-2587] Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter.
3773| [CVE-2006-2369] RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
3774| [CVE-2003-1414] Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename paramter.
3775| [CVE-2003-1413] parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
3776| [CVE-2003-0055] Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
3777| [CVE-2003-0054] Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
3778| [CVE-2003-0053] Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
3779| [CVE-2003-0052] parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
3780| [CVE-2003-0051] parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
3781| [CVE-2003-0050] parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
3782| [CVE-2002-0600] Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
3783| 
3784| SecurityFocus - https://www.securityfocus.com/bid/:
3785| [101982] PowerDNS Authoritative Server Module Multiple Security Vulnerabilities
3786| [89554] Webserver 4 Everyone CVE-2002-1504 Directory Traversal Vulnerability
3787| [82743] Internet Transaction Server 4620.2.0.323011 CVE-2003-1036 Remote Security Vulnerability
3788| [82686] Internet Transaction Server 4620.2.0.323011 CVE-2003-1037 Remote Security Vulnerability
3789| [82454] WordPress Prior to 4.4.2 Server Side Request Forgery Security Bypass Vulnerability
3790| [77836] Internet Transaction Server 4620.2.0.323011 CVE-2003-1038 Information Disclosure Vulnerability
3791| [53472] eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
3792| [51355] PowerDNS Authoritative Server Remote Denial of Service Vulnerability
3793| [50355] Wing FTP Server Versions Prior to 4.0.1 Information Disclosure Vulnerability
3794| [36739] Overland Storage Snap Server 410 'less' Command Local Privilege Escalation Vulnerability
3795| [36244] Sun Java System ASP Server 4.0.3 Multiple Unspecified Remote Vulnerabilities
3796| [34031] Sun Solaris NFS Version 4 Server Kernel Module Local Denial Of Service Vulnerability
3797| [30152] Empire Server Prior to 4.3.15 Multiple Unspecified Vulnerabilities
3798| [28148] Neptune Web Server 404 Error Page Cross Site Scripting Vulnerability
3799| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
3800| [21560] OpenLDAP Server Kerveros 4 Bind Request Buffer Overflow Vulnerability
3801| [15495] SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
3802| [12937] FastStone 4in1 Browser Web Server Remote Directory Traversal Vulnerability
3803| [9196] Mambo Open Source 4.0.14 Server SQL Injection Vulnerability
3804| [8647] Multiple Mambo Open Source 4.0.14  Server Vulnerabilities
3805| [7541] Microsoft SQL Server JET Database Engine 4.0 Buffer Overrun Vulnerability
3806| [7479] MDG Web Server 4D HTTP Command Buffer Overflow Vulnerability
3807| [6034] Radiobird Software WebServer 4 All Host Field Header Buffer Overflow Vulnerability
3808| [5968] RadioBird Software WebServer 4 All Directory Traversal Vulnerability
3809| [5967] RadioBird Software WebServer 4 All Buffer Overflow Vulnerability
3810| [5803] MDG Web Server 4D Insecure Credential Storage Vulnerability
3811| [3874] MDG Computer Services Web Server 4D/eCommerce DoS Vulnerability
3812| [1924] Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
3813| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
3814| [1778] Evolvable Shambala Server 4.5 DoS Vulnerability
3815| [1771] Evolvable Shambala Server 4.5 Plaintext Password Vulnerability
3816| [1582] OS/2 4.5 FTP Server Login DoS Vulnerability
3817| [1314] Allaire ColdFusion Server 4.5.1 Administrator Login Password DoS Vulnerability
3818| [1287] Sambar Server 4.3 Buffer Overflow Vulnerability
3819| [1001] InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
3820| [995] InterAccess TelnetD Server 4.0 Buffer Overflow Vulnerability
3821| [601] Lotus Notes Domino Server 4.6 NLDAP DoS Vulnerability
3822| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
3823| [59348] PowerDNS Recursive Server CVE-2012-1193 Multiple Security Bypass Vulnerabilities
3824| 
3825| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3826| [13657] Apache HTTP Server 401 error page not CGI script
3827| [4293] iPlanet Web Server 4.1 GET denial of service
3828| 
3829| Exploit-DB - https://www.exploit-db.com:
3830| [22968] Valve Software Half-Life Server <= 1.1.1.0 , 3.1.1.1c1 and 4.1.1.1a Multiplayer Request Buffer Overflow
3831| [29439] iPlanet Web Server 4.1 Search Module Cross-Site Scripting Vulnerability
3832| [28666] Call of Duty Server 4.1.x Callvote Map Command Remote Buffer Overflow Vulnerability
3833| [26401] TRENDnet TE100-P1U Print Server Firmware 4.11 Authentication Bypass Vulnerability
3834| [26376] Xerver 4.17 Server URI Null Character XSS
3835| [23410] IBM Directory Server 4.1 Web Administration Interface Cross-Site Scripting Vulnerability
3836| [22629] Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module Integer Overflow Vulnerability
3837| [22472] Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability
3838| [22312] Apple QuickTime/Darwin Streaming Server 4.1.x parse_xml.cgi File Disclosure Vulnerability
3839| [22230] Netscape Enterprise Server 4.1 HTTP Method Name Buffer Overflow Vulnerability
3840| [21603] iPlanet Web Server 4.1 Search Component File Disclosure Vulnerability
3841| [20570] Sambar Server 4.1 beta Admin Access Vulnerability
3842| [20325] Netscape Directory Server 4.12 Directory Server Directory Traversal Vulnerability
3843| [19112] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(2)
3844| [19111] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(1)
3845| [1739] Darwin Streaming Server <= 4.1.2 (parse_xml.cgi) Code Execution Exploit
3846| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
3847| [116] NIPrint LPD-LPR Print Server <= 4.10 Remote Exploit
3848| 
3849| OpenVAS (Nessus) - http://www.openvas.org:
3850| [103488] eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
3851| [103383] PowerDNS Authoritative Server Remote Denial of Service Vulnerability
3852| [11441] Mambo Site Server 4.0.10 XSS
3853| [11151] Webserver 4D Cleartext Passwords
3854| 
3855| SecurityTracker - https://www.securitytracker.com:
3856| [1026729] PowerDNS Authoritative Server Packet Loop Lets Remote Users Deny Service
3857| [1006687] Web Server 4D Buffer Overflow in Processing Long URLs Allows Remote Users to Execute Arbitrary Code
3858| [1005470] WebServer 4 Everyone Bounds Checking Error Lets Remote Users Crash the Server With a Long Host Field
3859| [1005417] Web Server 4 Everyone Can Be Crashed By Remote Users Sending Long HTTP GET Requests
3860| [1005286] Web Server 4D May Disclose Passwords to Local Users
3861| [1005194] Web Server 4 Everyone Input Validation Flaw Discloses Files to Remote Users
3862| [1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing
3863| [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
3864| [1003220] Web Server 4D/eCommerce Discloses Files Located Anywhere on the Server to Remote Users
3865| [1003219] Web Server 4D/eCommerce Can Be Crashed By Remote Users Sending a Few Long URL GET Requests
3866| 
3867| OSVDB - http://www.osvdb.org:
3868| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
3869| [68626] OpenConnect AnyConnect SSL VPN Server 404 HTTP Status Code Remote DoS
3870| [59540] RadioBird WebServer 4 Everyone Long Host Header HTTP GET Request Remote DoS
3871| [59528] Simple Web Server (SWS) 404 Error Message File Descriptor Closure Weakness Remote DoS
3872| [59158] TwonkyMedia Server 404 Error Page XSS
3873| [55331] MDG Web Server 4D GET Request Remote Overflow DoS
3874| [47587] PowerDNS Authoritative Server Malformed Query Cache Poisoning Weakness
3875| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
3876| [42796] Neptune Web Server 404 Error Page XSS
3877| [24469] Cherokee Web Server Error 400 XSS
3878| [15118] FastStone 4in1 Browser Web Server Traversal Arbitrary File Access
3879| [14511] WebServer 4 Everyone HTTP GET Request Remote Overflow
3880| [14252] Web Server 4D/eCommerce Traversal Arbitrary File Access
3881| [10888] QNX 405 Voyager Web Server .photon Directory Information Disclosure
3882| [8946] RadioBird WebServer 4 Everyone Encoded Double Dot Traversal Arbitrary File Access
3883| [8934] WebServer 4 Everyone Double Dot Traversal Arbitrary File Access
3884| [5371] MDG Computer Services Web Server 4D (WS4D) Cleartext Password Storage
3885| [5370] MDG Computer Services Web Server 4D (WS4D)/eCommerce HTTP Request Overflow DoS
3886| [4880] MIT Kerberos 4 Key Server Session Key Masquerade
3887| [2732] Fastream NETFile FTP/WebServer 404 Error Page XSS
3888| [72539] ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS
3889| [43906] PowerDNS Unspecified MiTM Master/Server DoS
3890|_
389180/tcp   open  http     Apache httpd
3892| vulscan: VulDB - https://vuldb.com:
3893| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3894| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3895| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3896| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3897| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3898| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3899| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3900| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3901| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3902| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3903| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3904| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3905| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3906| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3907| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3908| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3909| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3910| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3911| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3912| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3913| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3914| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3915| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3916| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3917| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3918| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3919| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3920| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3921| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3922| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3923| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3924| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3925| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3926| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3927| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3928| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3929| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3930| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3931| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3932| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3933| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3934| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3935| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3936| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3937| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3938| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3939| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3940| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3941| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3942| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3943| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3944| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3945| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3946| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3947| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3948| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3949| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3950| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3951| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3952| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3953| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3954| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3955| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3956| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3957| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3958| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3959| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3960| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3961| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3962| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3963| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3964| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3965| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3966| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3967| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3968| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3969| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3970| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3971| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3972| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3973| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3974| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3975| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3976| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3977| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3978| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3979| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3980| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3981| [136370] Apache Fineract up to 1.2.x sql injection
3982| [136369] Apache Fineract up to 1.2.x sql injection
3983| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3984| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3985| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3986| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3987| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3988| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3989| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3990| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3991| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3992| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3993| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3994| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3995| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3996| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3997| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3998| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3999| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
4000| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
4001| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
4002| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
4003| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
4004| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
4005| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
4006| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
4007| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
4008| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
4009| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
4010| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4011| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4012| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
4013| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
4014| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
4015| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
4016| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4017| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
4018| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
4019| [131859] Apache Hadoop up to 2.9.1 privilege escalation
4020| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4021| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
4022| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
4023| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
4024| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
4025| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
4026| [130629] Apache Guacamole Cookie Flag weak encryption
4027| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
4028| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
4029| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
4030| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4031| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4032| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4033| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
4034| [130123] Apache Airflow up to 1.8.2 information disclosure
4035| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
4036| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4037| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4038| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
4039| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4040| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4041| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4042| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
4043| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4044| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
4045| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
4046| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
4047| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4048| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
4049| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
4050| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
4051| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
4052| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
4053| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4054| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
4055| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4056| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
4057| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
4058| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4059| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
4060| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4061| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
4062| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
4063| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
4064| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
4065| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
4066| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
4067| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4068| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
4069| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4070| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
4071| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
4072| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
4073| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
4074| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
4075| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
4076| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
4077| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
4078| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
4079| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
4080| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
4081| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4082| [127007] Apache Spark Request Code Execution
4083| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
4084| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
4085| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
4086| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
4087| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4088| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
4089| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
4090| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4091| [126346] Apache Tomcat Path privilege escalation
4092| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4093| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4094| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4095| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4096| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4097| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4098| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4099| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4100| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4101| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4102| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4103| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4104| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4105| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4106| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4107| [125383] Oracle up to  10.2.0 Apache Trinidad unknown vulnerability
4108| [125379] Oracle up to  10.1.x Apache Struts 1 cross site scripting
4109| [125377] Oracle up to  10.2.0 Apache Commons Collections unknown vulnerability
4110| [125376] Oracle Communications Application Session Controller up to  3.7.0 Apache Commons Collections unknown vulnerability
4111| [125375] Oracle Communications User Data Repository up to  12.1.x Apache Xerces memory corruption
4112| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4113| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4114| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4115| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4116| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4117| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4118| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4119| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4120| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4121| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4122| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4123| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4124| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4125| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4126| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4127| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4128| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4129| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4130| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
4131| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4132| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4133| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4134| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4135| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4136| [123197] Apache Sentry up to 2.0.0 privilege escalation
4137| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
4138| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
4139| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
4140| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4141| [122800] Apache Spark 1.3.0 REST API weak authentication
4142| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
4143| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
4144| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
4145| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
4146| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4147| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4148| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4149| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4150| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4151| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4152| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4153| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4154| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4155| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4156| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4157| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4158| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4159| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4160| [121354] Apache CouchDB HTTP API Code Execution
4161| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4162| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4163| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4164| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4165| [120168] Apache CXF weak authentication
4166| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4167| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4168| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4169| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4170| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4171| [119306] Apache MXNet Network Interface privilege escalation
4172| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4173| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4174| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4175| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4176| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4177| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4178| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4179| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4180| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4181| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4182| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4183| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4184| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4185| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4186| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4187| [117115] Apache Tika up to 1.17 tika-server command injection
4188| [116929] Apache Fineract getReportType Parameter privilege escalation
4189| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4190| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4191| [116926] Apache Fineract REST Parameter privilege escalation
4192| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4193| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4194| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4195| [115883] Apache Hive up to 2.3.2 privilege escalation
4196| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4197| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4198| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4199| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4200| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4201| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4202| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4203| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4204| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4205| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4206| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4207| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4208| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4209| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4210| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4211| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4212| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4213| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4214| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4215| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4216| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4217| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4218| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4219| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4220| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4221| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4222| [113895] Apache Geode up to 1.3.x Code Execution
4223| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4224| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4225| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4226| [113747] Apache Tomcat Servlets privilege escalation
4227| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4228| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4229| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4230| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4231| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4232| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4233| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4234| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4235| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4236| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4237| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4238| [112885] Apache Allura up to 1.8.0 File information disclosure
4239| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4240| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4241| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4242| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4243| [112625] Apache POI up to 3.16 Loop denial of service
4244| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4245| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4246| [112339] Apache NiFi 1.5.0 Header privilege escalation
4247| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4248| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4249| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4250| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4251| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4252| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4253| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4254| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4255| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4256| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4257| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4258| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4259| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4260| [112114] Oracle 9.1 Apache Log4j privilege escalation
4261| [112113] Oracle 9.1 Apache Log4j privilege escalation
4262| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4263| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4264| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4265| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4266| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4267| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4268| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4269| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4270| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4271| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4272| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4273| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4274| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4275| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4276| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4277| [110701] Apache Fineract Query Parameter sql injection
4278| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4279| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4280| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4281| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4282| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4283| [110106] Apache CXF Fediz Spring cross site request forgery
4284| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4285| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4286| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4287| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4288| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4289| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4290| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4291| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4292| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4293| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4294| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4295| [108938] Apple macOS up to 10.13.1 apache denial of service
4296| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4297| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4298| [108935] Apple macOS up to 10.13.1 apache denial of service
4299| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4300| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4301| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4302| [108931] Apple macOS up to 10.13.1 apache denial of service
4303| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4304| [108929] Apple macOS up to 10.13.1 apache denial of service
4305| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4306| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4307| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4308| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4309| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4310| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4311| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4312| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
4313| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4314| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4315| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4316| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4317| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4318| [108782] Apache Xerces2 XML Service denial of service
4319| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4320| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4321| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4322| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4323| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4324| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4325| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4326| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4327| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4328| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4329| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4330| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4331| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4332| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4333| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4334| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4335| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4336| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4337| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4338| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4339| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4340| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4341| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4342| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4343| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4344| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4345| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4346| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4347| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4348| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4349| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4350| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4351| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4352| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4353| [107639] Apache NiFi 1.4.0 XML External Entity
4354| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4355| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4356| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4357| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4358| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4359| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4360| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4361| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4362| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4363| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4364| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4365| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4366| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4367| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4368| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4369| [107084] Apache Struts up to 2.3.19 cross site scripting
4370| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4371| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4372| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4373| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4374| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4375| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4376| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4377| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4378| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4379| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4380| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4381| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4382| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4383| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4384| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4385| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4386| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4387| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4388| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4389| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4390| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4391| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4392| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4393| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4394| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4395| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4396| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4397| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4398| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4399| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4400| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4401| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4402| [105643] Apache Pony Mail up to 0.8b weak authentication
4403| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4404| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4405| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4406| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4407| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4408| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4409| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4410| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4411| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4412| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4413| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4414| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4415| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4416| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4417| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4418| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4419| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4420| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4421| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4422| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4423| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4424| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4425| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4426| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4427| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4428| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4429| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4430| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4431| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4432| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4433| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4434| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4435| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4436| [103690] Apache OpenMeetings 1.0.0 sql injection
4437| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4438| [103688] Apache OpenMeetings 1.0.0 weak encryption
4439| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4440| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4441| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4442| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4443| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4444| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4445| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4446| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4447| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4448| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4449| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4450| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4451| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4452| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4453| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4454| [103352] Apache Solr Node weak authentication
4455| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4456| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4457| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4458| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
4459| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4460| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4461| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4462| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4463| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4464| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4465| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4466| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4467| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4468| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4469| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4470| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4471| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4472| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4473| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4474| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
4475| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4476| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4477| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4478| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4479| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4480| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4481| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4482| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4483| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4484| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4485| [99937] Apache Batik up to 1.8 privilege escalation
4486| [99936] Apache FOP up to 2.1 privilege escalation
4487| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4488| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4489| [99930] Apache Traffic Server up to 6.2.0 denial of service
4490| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4491| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4492| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4493| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4494| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4495| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4496| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4497| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4498| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4499| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4500| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4501| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4502| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4503| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4504| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4505| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4506| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4507| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4508| [98605] Apple macOS up to 10.12.3 Apache denial of service
4509| [98604] Apple macOS up to 10.12.3 Apache denial of service
4510| [98603] Apple macOS up to 10.12.3 Apache denial of service
4511| [98602] Apple macOS up to 10.12.3 Apache denial of service
4512| [98601] Apple macOS up to 10.12.3 Apache denial of service
4513| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4514| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4515| [98199] Apache Camel Validation XML External Entity
4516| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4517| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4518| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4519| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4520| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4521| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4522| [97081] Apache Tomcat HTTPS Request denial of service
4523| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4524| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4525| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4526| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4527| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4528| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4529| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4530| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4531| [95311] Apache Storm UI Daemon privilege escalation
4532| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4533| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4534| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4535| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4536| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4537| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4538| [94540] Apache Tika 1.9 tika-server File information disclosure
4539| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4540| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4541| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4542| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4543| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4544| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4545| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4546| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4547| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4548| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4549| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4550| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4551| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4552| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4553| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4554| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4555| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4556| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4557| [93532] Apache Commons Collections Library Java privilege escalation
4558| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4559| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4560| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4561| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4562| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4563| [93098] Apache Commons FileUpload privilege escalation
4564| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4565| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4566| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4567| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4568| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4569| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4570| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4571| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4572| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4573| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4574| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4575| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4576| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4577| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4578| [92549] Apache Tomcat on Red Hat privilege escalation
4579| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4580| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4581| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4582| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4583| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4584| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4585| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4586| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4587| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4588| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4589| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4590| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4591| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4592| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4593| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4594| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4595| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4596| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4597| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4598| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4599| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4600| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4601| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4602| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4603| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4604| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4605| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4606| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4607| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4608| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4609| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4610| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4611| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4612| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4613| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4614| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4615| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4616| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4617| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4618| [90263] Apache Archiva Header denial of service
4619| [90262] Apache Archiva Deserialize privilege escalation
4620| [90261] Apache Archiva XML DTD Connection privilege escalation
4621| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4622| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4623| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4624| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4625| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4626| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4627| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4628| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4629| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4630| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4631| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4632| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4633| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4634| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4635| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4636| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4637| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4638| [87765] Apache James Server 2.3.2 Command privilege escalation
4639| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4640| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4641| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4642| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4643| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4644| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4645| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4646| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4647| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4648| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4649| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4650| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4651| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4652| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4653| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4654| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4655| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4656| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
4657| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4658| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4659| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4660| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4661| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4662| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4663| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4664| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4665| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4666| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4667| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4668| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4669| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4670| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4671| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4672| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4673| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4674| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4675| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4676| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4677| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4678| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4679| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4680| [82076] Apache Ranger up to 0.5.1 privilege escalation
4681| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4682| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4683| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4684| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4685| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4686| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4687| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4688| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4689| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4690| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4691| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4692| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4693| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4694| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4695| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4696| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4697| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4698| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4699| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4700| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4701| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4702| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4703| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4704| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4705| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4706| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4707| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4708| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4709| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4710| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4711| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4712| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4713| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4714| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4715| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4716| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4717| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4718| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4719| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4720| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4721| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4722| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4723| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4724| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4725| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4726| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4727| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4728| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4729| [78989] Apache Ambari up to 2.1.1 Open Redirect
4730| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4731| [78987] Apache Ambari up to 2.0.x cross site scripting
4732| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4733| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4734| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4735| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4736| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4737| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4738| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4739| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4740| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4741| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4742| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4743| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4744| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4745| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4746| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4747| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4748| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4749| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4750| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4751| [76567] Apache Struts 2.3.20 unknown vulnerability
4752| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4753| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4754| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4755| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4756| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4757| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4758| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4759| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4760| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4761| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4762| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4763| [74793] Apache Tomcat File Upload denial of service
4764| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4765| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4766| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4767| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4768| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4769| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4770| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4771| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4772| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4773| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4774| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4775| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4776| [74468] Apache Batik up to 1.6 denial of service
4777| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4778| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4779| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4780| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4781| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4782| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4783| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4784| [73731] Apache XML Security unknown vulnerability
4785| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4786| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4787| [73593] Apache Traffic Server up to 5.1.0 denial of service
4788| [73511] Apache POI up to 3.10 Deadlock denial of service
4789| [73510] Apache Solr up to 4.3.0 cross site scripting
4790| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4791| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4792| [73173] Apache CloudStack Stack-Based unknown vulnerability
4793| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4794| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4795| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4796| [72890] Apache Qpid 0.30 unknown vulnerability
4797| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4798| [72878] Apache Cordova 3.5.0 cross site request forgery
4799| [72877] Apache Cordova 3.5.0 cross site request forgery
4800| [72876] Apache Cordova 3.5.0 cross site request forgery
4801| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4802| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4803| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4804| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4805| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4806| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4807| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4808| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4809| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4810| [71629] Apache Axis2/C spoofing
4811| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4812| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4813| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4814| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4815| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4816| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4817| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4818| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4819| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4820| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4821| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4822| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4823| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4824| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4825| [70809] Apache POI up to 3.11 Crash denial of service
4826| [70808] Apache POI up to 3.10 unknown vulnerability
4827| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4828| [70749] Apache Axis up to 1.4 getCN spoofing
4829| [70701] Apache Traffic Server up to 3.3.5 denial of service
4830| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4831| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4832| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4833| [70661] Apache Subversion up to 1.6.17 denial of service
4834| [70660] Apache Subversion up to 1.6.17 spoofing
4835| [70659] Apache Subversion up to 1.6.17 spoofing
4836| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4837| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4838| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4839| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4840| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4841| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4842| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4843| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4844| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4845| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4846| [69846] Apache HBase up to 0.94.8 information disclosure
4847| [69783] Apache CouchDB up to 1.2.0 memory corruption
4848| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4849| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4850| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4851| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4852| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4853| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4854| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4855| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4856| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4857| [69431] Apache Archiva up to 1.3.6 cross site scripting
4858| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4859| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4860| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4861| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4862| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4863| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4864| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4865| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4866| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4867| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4868| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4869| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4870| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4871| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4872| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4873| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4874| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4875| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4876| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4877| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4878| [66356] Apache Wicket up to 6.8.0 information disclosure
4879| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4880| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4881| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4882| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4883| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4884| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4885| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4886| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4887| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4888| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4889| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4890| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4891| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4892| [65668] Apache Solr 4.0.0 Updater denial of service
4893| [65665] Apache Solr up to 4.3.0 denial of service
4894| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4895| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4896| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4897| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4898| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4899| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4900| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4901| [65410] Apache Struts 2.3.15.3 cross site scripting
4902| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4903| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4904| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4905| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4906| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4907| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4908| [65340] Apache Shindig 2.5.0 information disclosure
4909| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4910| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4911| [10826] Apache Struts 2 File privilege escalation
4912| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4913| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4914| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4915| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4916| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4917| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4918| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4919| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4920| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4921| [64722] Apache XML Security for C++ Heap-based memory corruption
4922| [64719] Apache XML Security for C++ Heap-based memory corruption
4923| [64718] Apache XML Security for C++ verify denial of service
4924| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4925| [64716] Apache XML Security for C++ spoofing
4926| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4927| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4928| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4929| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4930| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4931| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4932| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4933| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4934| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4935| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4936| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4937| [64467] Apache Geronimo 3.0 memory corruption
4938| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4939| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4940| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4941| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4942| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4943| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4944| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4945| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4946| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4947| [8873] Apache Struts 2.3.14 privilege escalation
4948| [8872] Apache Struts 2.3.14 privilege escalation
4949| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4950| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4951| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4952| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4953| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4954| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4955| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4956| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4957| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4958| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4959| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4960| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4961| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4962| [8427] Apache Tomcat Session Transaction weak authentication
4963| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4964| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4965| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4966| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4967| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4968| [63747] Apache Rave up to 0.20 User Account information disclosure
4969| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4970| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4971| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4972| [7687] Apache CXF up to 2.7.2 Token weak authentication
4973| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4974| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4975| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4976| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4977| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4978| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4979| [63090] Apache Tomcat up to 4.1.24 denial of service
4980| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4981| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4982| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4983| [62833] Apache CXF -/2.6.0 spoofing
4984| [62832] Apache Axis2 up to 1.6.2 spoofing
4985| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4986| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4987| [62826] Apache Libcloud up to 0.11.0 spoofing
4988| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4989| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4990| [62661] Apache Axis2 unknown vulnerability
4991| [62658] Apache Axis2 unknown vulnerability
4992| [62467] Apache Qpid up to 0.17 denial of service
4993| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4994| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4995| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4996| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4997| [62035] Apache Struts up to 2.3.4 denial of service
4998| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4999| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
5000| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
5001| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
5002| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
5003| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
5004| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
5005| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
5006| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
5007| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
5008| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
5009| [61229] Apache Sling up to 2.1.1 denial of service
5010| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
5011| [61094] Apache Roller up to 5.0 cross site scripting
5012| [61093] Apache Roller up to 5.0 cross site request forgery
5013| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
5014| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
5015| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
5016| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
5017| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
5018| [60708] Apache Qpid 0.12 unknown vulnerability
5019| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
5020| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
5021| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
5022| [4882] Apache Wicket up to 1.5.4 directory traversal
5023| [4881] Apache Wicket up to 1.4.19 cross site scripting
5024| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
5025| [60352] Apache Struts up to 2.2.3 memory corruption
5026| [60153] Apache Portable Runtime up to 1.4.3 denial of service
5027| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
5028| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
5029| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
5030| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
5031| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
5032| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
5033| [4571] Apache Struts up to 2.3.1.2 privilege escalation
5034| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
5035| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
5036| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
5037| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
5038| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
5039| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
5040| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5041| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
5042| [59888] Apache Tomcat up to 6.0.6 denial of service
5043| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
5044| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
5045| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
5046| [59850] Apache Geronimo up to 2.2.1 denial of service
5047| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
5048| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
5049| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
5050| [58413] Apache Tomcat up to 6.0.10 spoofing
5051| [58381] Apache Wicket up to 1.4.17 cross site scripting
5052| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
5053| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
5054| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
5055| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
5056| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5057| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
5058| [57568] Apache Archiva up to 1.3.4 cross site scripting
5059| [57567] Apache Archiva up to 1.3.4 cross site request forgery
5060| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
5061| [4355] Apache HTTP Server APR apr_fnmatch denial of service
5062| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
5063| [57425] Apache Struts up to 2.2.1.1 cross site scripting
5064| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
5065| [57025] Apache Tomcat up to 7.0.11 information disclosure
5066| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
5067| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
5068| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5069| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
5070| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
5071| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
5072| [56512] Apache Continuum up to 1.4.0 cross site scripting
5073| [4285] Apache Tomcat 5.x JVM getLocale denial of service
5074| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
5075| [4283] Apache Tomcat 5.x ServletContect privilege escalation
5076| [56441] Apache Tomcat up to 7.0.6 denial of service
5077| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
5078| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
5079| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
5080| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
5081| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
5082| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
5083| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
5084| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
5085| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
5086| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
5087| [54693] Apache Traffic Server DNS Cache unknown vulnerability
5088| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
5089| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
5090| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5091| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5092| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5093| [54012] Apache Tomcat up to 6.0.10 denial of service
5094| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5095| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5096| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5097| [52894] Apache Tomcat up to 6.0.7 information disclosure
5098| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5099| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5100| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5101| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5102| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5103| [52584] Apache CouchDB up to 0.10.1 information disclosure
5104| [51757] Apache HTTP Server 2.0.44 cross site scripting
5105| [51756] Apache HTTP Server 2.0.44 spoofing
5106| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5107| [51690] Apache Tomcat up to 6.0 directory traversal
5108| [51689] Apache Tomcat up to 6.0 information disclosure
5109| [51688] Apache Tomcat up to 6.0 directory traversal
5110| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5111| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5112| [50626] Apache Solr 1.0.0 cross site scripting
5113| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5114| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5115| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5116| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5117| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5118| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5119| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5120| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5121| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5122| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5123| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5124| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5125| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5126| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
5127| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5128| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5129| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5130| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
5131| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
5132| [47214] Apachefriends xampp 1.6.8 spoofing
5133| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
5134| [47162] Apachefriends XAMPP 1.4.4 weak authentication
5135| [47065] Apache Tomcat 4.1.23 cross site scripting
5136| [46834] Apache Tomcat up to 5.5.20 cross site scripting
5137| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
5138| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
5139| [86625] Apache Struts directory traversal
5140| [44461] Apache Tomcat up to 5.5.0 information disclosure
5141| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
5142| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
5143| [43663] Apache Tomcat up to 6.0.16 directory traversal
5144| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
5145| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
5146| [43516] Apache Tomcat up to 4.1.20 directory traversal
5147| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5148| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5149| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5150| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5151| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5152| [40924] Apache Tomcat up to 6.0.15 information disclosure
5153| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5154| [40922] Apache Tomcat up to 6.0 information disclosure
5155| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5156| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5157| [40656] Apache Tomcat 5.5.20 information disclosure
5158| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5159| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5160| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5161| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5162| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5163| [40234] Apache Tomcat up to 6.0.15 directory traversal
5164| [40221] Apache HTTP Server 2.2.6 information disclosure
5165| [40027] David Castro Apache Authcas 0.4 sql injection
5166| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
5167| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5168| [3414] Apache Tomcat WebDAV Stored privilege escalation
5169| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5170| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5171| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5172| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5173| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5174| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5175| [38524] Apache Geronimo 2.0 unknown vulnerability
5176| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5177| [38331] Apache Tomcat 4.1.24 information disclosure
5178| [38330] Apache Tomcat 4.1.24 information disclosure
5179| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5180| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5181| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5182| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5183| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5184| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5185| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5186| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5187| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5188| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5189| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5190| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5191| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5192| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5193| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5194| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5195| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5196| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5197| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5198| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5199| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5200| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5201| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5202| [34252] Apache HTTP Server denial of service
5203| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5204| [33877] Apache Opentaps 0.9.3 cross site scripting
5205| [33876] Apache Open For Business Project unknown vulnerability
5206| [33875] Apache Open For Business Project cross site scripting
5207| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
5208| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5209| 
5210| MITRE CVE - https://cve.mitre.org:
5211| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5212| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5213| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5214| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5215| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5216| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5217| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5218| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5219| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5220| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5221| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5222| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5223| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5224| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5225| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5226| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5227| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5228| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5229| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5230| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5231| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5232| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5233| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5234| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5235| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5236| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5237| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5238| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5239| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5240| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5241| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5242| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5243| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5244| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5245| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5246| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5247| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5248| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js.  NOTE: AMQ-4124 is covered by CVE-2012-6551.
5249| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5250| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5251| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5252| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5253| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5254| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5255| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5256| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5257| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5258| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5259| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5260| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5261| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5262| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5263| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5264| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5265| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5266| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5267| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.  NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5268| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5269| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5270| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5271| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5272| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5273| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5274| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5275| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5276| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5277| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5278| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5279| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5280| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5281| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5282| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5283| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5284| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5285| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5286| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5287| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5288| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5289| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5290| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5291| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5292| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5293| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5294| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5295| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5296| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5297| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5298| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5299| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5300| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5301| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5302| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5303| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5304| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5305| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5306| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5307| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5308| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5309| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5310| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5311| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5312| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5313| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors.  NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5314| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5315| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5316| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5317| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5318| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5319| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5320| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5321| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5322| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5323| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5324| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5325| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5326| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5327| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5328| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces.  NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5329| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.  NOTE: this might overlap CVE-2011-4461.
5330| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5331| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5332| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5333| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5334| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5335| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5336| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5337| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5338| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5339| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5340| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5341| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5342| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5343| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5344| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5345| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5346| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5347| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5348| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5349| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5350| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.  NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5351| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5352| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5353| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5354| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5355| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5356| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5357| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5358| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5359| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5360| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5361| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5362| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5363| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5364| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5365| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5366| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5367| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5368| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5369| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5370| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5371| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5372| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5373| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5374| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5375| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5376| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5377| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5378| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5379| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5380| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5381| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5382| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5383| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5384| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5385| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5386| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5387| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5388| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5389| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5390| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5391| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5392| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5393| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5394| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5395| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5396| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.  NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5397| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5398| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5399| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5400| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter.  NOTE: some of these details are obtained from third party information.
5401| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5402| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5403| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5404| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5405| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5406| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5407| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5408| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5409| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting.  NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5410| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5411| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5412| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5413| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5414| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5415| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5416| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5417| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5418| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/.  NOTE: some of these details are obtained from third party information.
5419| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5420| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5421| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5422| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5423| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5424| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5425| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5426| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5427| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5428| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5429| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5430| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5431| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5432| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5433| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5434| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5435| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5436| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5437| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5438| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5439| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5440| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5441| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5442| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5443| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5444| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5445| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5446| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5447| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5448| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5449| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5450| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5451| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5452| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5453| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5454| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5455| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5456| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5457| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5458| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5459| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5460| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5461| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5462| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5463| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5464| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5465| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5466| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5467| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5468| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5469| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5470| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5471| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5472| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5473| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5474| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5475| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5476| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5477| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5478| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5479| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5480| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5481| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5482| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5483| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5484| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5485| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5486| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5487| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5488| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory.  NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5489| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5490| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5491| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5492| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5493| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5494| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5495| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5496| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5497| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5498| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5499| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5500| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5501| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5502| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5503| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5504| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5505| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5506| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5507| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5508| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5509| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5510| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5511| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5512| [CVE-2007-6423] ** DISPUTED **  Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL.  NOTE: the vendor could not reproduce this issue.
5513| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5514| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5515| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5516| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5517| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries.  NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5518| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5519| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5520| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5521| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.  NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5522| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5523| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5524| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5525| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5526| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5527| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5528| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5529| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5530| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5531| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5532| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5533| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5534| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5535| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5536| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5537| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5538| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5539| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5540| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5541| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5542| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5543| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5544| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5545| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes.  NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5546| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5547| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5548| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5549| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5550| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5551| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5552| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5553| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5554| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5555| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5556| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5557| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted.  NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."  In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5558| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory.  NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5559| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5560| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5561| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5562| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5563| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5564| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5565| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5566| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5567| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5568| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5569| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5570| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5571| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5572| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5573| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5574| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5575| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5576| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5577| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5578| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5579| [CVE-2007-0086] ** DISPUTED **  The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment.  NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5580| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5581| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5582| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5583| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
5584| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5585| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5586| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5587| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5588| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5589| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5590| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5591| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5592| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5593| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5594| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5595| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5596| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5597| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5598| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5599| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5600| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5601| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5602| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5603| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5604| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5605| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5606| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5607| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5608| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5609| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5610| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5611| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5612| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5613| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5614| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5615| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5616| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5617| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5618| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5619| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5620| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5621| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5622| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5623| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5624| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5625| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5626| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5627| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5628| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function.  NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE.  However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5629| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file.  NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE.  However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5630| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5631| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5632| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5633| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5634| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5635| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5636| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5637| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5638| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5639| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5640| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5641| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5642| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5643| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5644| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5645| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5646| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5647| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5648| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5649| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5650| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5651| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5652| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5653| [CVE-2005-1754] ** DISPUTED **  JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter.  NOTE: Sun and Apache dispute this issue.  Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5654| [CVE-2005-1753] ** DISPUTED **  ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue.  Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5655| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program.  Therefore this may not be a vulnerability.
5656| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5657| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5658| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5659| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5660| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5661| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5662| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5663| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5664| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5665| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5666| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5667| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5668| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5669| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5670| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5671| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5672| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5673| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5674| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5675| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5676| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5677| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5678| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5679| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5680| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5681| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5682| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5683| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5684| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5685| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5686| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5687| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5688| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5689| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5690| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5691| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5692| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5693| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5694| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5695| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5696| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5697| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5698| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5699| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5700| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5701| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5702| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5703| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5704| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5705| [CVE-2003-1307] ** DISPUTED **  The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port.  NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5706| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5707| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5708| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5709| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5710| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5711| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5712| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5713| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5714| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5715| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5716| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5717| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5718| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5719| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5720| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5721| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5722| [CVE-2003-0249] ** DISPUTED **  PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive.  NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method.  A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods.  It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5723| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5724| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5725| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5726| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5727| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5728| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5729| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5730| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5731| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5732| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5733| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5734| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5735| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5736| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5737| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5738| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5739| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5740| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5741| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5742| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5743| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5744| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5745| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5746| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5747| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5748| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5749| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5750| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5751| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5752| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5753| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5754| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5755| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5756| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5757| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5758| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5759| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5760| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5761| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5762| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5763| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5764| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5765| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5766| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5767| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5768| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5769| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5770| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5771| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5772| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5773| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5774| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5775| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5776| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5777| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5778| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5779| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5780| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5781| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5782| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5783| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5784| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5785| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5786| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5787| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5788| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5789| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5790| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5791| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5792| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5793| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5794| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5795| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code.  NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache.  The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5796| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5797| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5798| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5799| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5800| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5801| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5802| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5803| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5804| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5805| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5806| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5807| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5808| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5809| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5810| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5811| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5812| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5813| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5814| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5815| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5816| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5817| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5818| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5819| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5820| 
5821| SecurityFocus - https://www.securityfocus.com/bid/:
5822| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5823| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5824| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5825| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5826| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5827| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5828| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5829| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5830| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5831| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5832| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5833| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5834| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5835| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5836| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5837| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5838| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5839| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5840| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5841| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5842| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5843| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5844| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5845| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5846| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5847| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5848| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5849| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5850| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5851| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5852| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5853| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5854| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5855| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5856| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5857| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5858| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5859| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5860| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5861| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5862| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5863| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5864| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5865| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5866| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5867| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5868| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5869| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5870| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5871| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5872| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5873| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5874| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5875| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5876| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5877| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5878| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5879| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5880| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5881| [102154] Multiple Apache  Products CVE-2017-15708 Remote Code Execution Vulnerability
5882| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5883| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5884| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5885| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5886| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5887| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5888| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5889| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5890| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5891| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5892| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5893| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5894| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5895| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5896| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5897| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5898| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5899| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5900| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5901| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5902| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5903| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5904| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5905| [101560] Apache Portable Runtime Utility CVE-2017-12613  Multiple Information Disclosure Vulnerabilities
5906| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5907| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5908| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5909| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5910| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5911| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5912| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5913| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5914| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5915| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5916| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5917| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5918| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5919| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5920| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5921| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5922| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5923| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5924| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5925| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5926| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5927| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5928| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5929| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5930| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5931| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5932| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5933| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5934| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5935| [100447] Apache2Triad Multiple Security Vulnerabilities
5936| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5937| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5938| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5939| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5940| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5941| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5942| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5943| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5944| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5945| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5946| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5947| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5948| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5949| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5950| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5951| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5952| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5953| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5954| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5955| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5956| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5957| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5958| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5959| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5960| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5961| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5962| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5963| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5964| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5965| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5966| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5967| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5968| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5969| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5970| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5971| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5972| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5973| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5974| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5975| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5976| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5977| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5978| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5979| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5980| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5981| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5982| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5983| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5984| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5985| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5986| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5987| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5988| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5989| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5990| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5991| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5992| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5993| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5994| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5995| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5996| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5997| [97530] Apache Tomcat CVE-2017-5648  Information Disclosure Vulnerability
5998| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5999| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
6000| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
6001| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
6002| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
6003| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
6004| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
6005| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
6006| [96895] Apache Tomcat CVE-2016-8747  Information Disclosure Vulnerability
6007| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
6008| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
6009| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
6010| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
6011| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
6012| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
6013| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
6014| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
6015| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
6016| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
6017| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
6018| [95675] Apache Struts Remote Code Execution Vulnerability
6019| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
6020| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
6021| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
6022| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
6023| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
6024| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
6025| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
6026| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
6027| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
6028| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
6029| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
6030| [94828] Apache Tomcat CVE-2016-8745  Information Disclosure Vulnerability
6031| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
6032| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
6033| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
6034| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
6035| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
6036| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
6037| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
6038| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
6039| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
6040| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
6041| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
6042| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
6043| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
6044| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
6045| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
6046| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
6047| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
6048| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
6049| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
6050| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
6051| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
6052| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
6053| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
6054| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
6055| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
6056| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
6057| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
6058| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
6059| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
6060| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
6061| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
6062| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
6063| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
6064| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
6065| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
6066| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
6067| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
6068| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
6069| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
6070| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
6071| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
6072| [91736] Apache XML-RPC Multiple Security Vulnerabilities
6073| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
6074| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
6075| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
6076| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
6077| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
6078| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
6079| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
6080| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
6081| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
6082| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
6083| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
6084| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
6085| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
6086| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
6087| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
6088| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
6089| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
6090| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6091| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6092| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6093| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6094| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6095| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6096| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6097| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6098| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6099| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6100| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6101| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6102| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6103| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6104| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6105| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6106| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6107| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6108| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6109| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6110| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6111| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6112| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6113| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6114| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6115| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6116| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6117| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6118| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6119| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6120| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6121| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6122| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6123| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6124| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6125| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6126| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6127| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6128| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6129| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6130| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
6131| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
6132| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
6133| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
6134| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
6135| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
6136| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
6137| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
6138| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
6139| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
6140| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
6141| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
6142| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
6143| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
6144| [84316] Apache ActiveMQ  CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
6145| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
6146| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6147| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6148| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6149| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6150| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6151| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6152| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6153| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6154| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6155| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6156| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6157| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6158| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6159| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6160| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6161| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6162| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6163| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6164| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6165| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6166| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6167| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6168| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6169| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6170| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6171| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6172| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6173| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6174| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6175| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6176| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6177| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6178| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6179| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6180| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6181| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6182| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6183| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6184| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6185| [76933] Apache James Server Unspecified Command Execution Vulnerability
6186| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6187| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6188| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6189| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6190| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6191| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6192| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6193| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6194| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6195| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6196| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6197| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6198| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6199| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6200| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6201| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6202| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6203| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6204| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6205| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6206| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6207| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6208| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6209| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6210| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6211| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6212| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6213| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6214| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6215| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6216| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6217| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6218| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6219| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6220| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6221| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6222| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6223| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6224| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6225| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6226| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6227| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6228| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6229| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6230| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6231| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6232| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6233| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6234| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6235| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6236| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6237| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6238| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6239| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6240| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6241| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6242| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6243| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6244| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6245| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6246| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6247| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6248| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6249| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6250| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6251| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6252| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6253| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6254| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6255| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6256| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6257| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6258| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6259| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6260| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6261| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6262| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6263| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6264| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6265| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6266| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6267| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6268| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6269| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6270| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6271| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6272| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6273| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6274| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6275| [68229] Apache Harmony PRNG Entropy Weakness
6276| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6277| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6278| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6279| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6280| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6281| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6282| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6283| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6284| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6285| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6286| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6287| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6288| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6289| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6290| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6291| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6292| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6293| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6294| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6295| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6296| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6297| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6298| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6299| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6300| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6301| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6302| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6303| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6304| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6305| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6306| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6307| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6308| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6309| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6310| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6311| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6312| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6313| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6314| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6315| [64780] Apache CloudStack Unauthorized Access Vulnerability
6316| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6317| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6318| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6319| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6320| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6321| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6322| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6323| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6324| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6325| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6326| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6327| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6328| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6329| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6330| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6331| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6332| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6333| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6334| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6335| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6336| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6337| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6338| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6339| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6340| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6341| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6342| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6343| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6344| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6345| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6346| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6347| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6348| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6349| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6350| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6351| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6352| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6353| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6354| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6355| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6356| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6357| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6358| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6359| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6360| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6361| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6362| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6363| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6364| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6365| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6366| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6367| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6368| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6369| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6370| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6371| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6372| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6373| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6374| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6375| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6376| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6377| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6378| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6379| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6380| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6381| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6382| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6383| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6384| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6385| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6386| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6387| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6388| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6389| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6390| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6391| [58165] Apache  HTTP Server Multiple Cross Site Scripting Vulnerabilities
6392| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6393| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6394| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6395| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6396| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6397| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6398| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6399| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6400| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6401| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6402| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6403| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6404| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6405| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6406| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6407| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6408| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6409| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6410| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6411| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6412| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6413| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6414| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6415| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6416| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6417| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6418| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6419| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6420| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6421| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6422| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6423| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6424| [54798] Apache Libcloud Man In The Middle Vulnerability
6425| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6426| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6427| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6428| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6429| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6430| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6431| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6432| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6433| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6434| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6435| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6436| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6437| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6438| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6439| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6440| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6441| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6442| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6443| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6444| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6445| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6446| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6447| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6448| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6449| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6450| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6451| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6452| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6453| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6454| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6455| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6456| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6457| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6458| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6459| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6460| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6461| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6462| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6463| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6464| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6465| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6466| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6467| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6468| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6469| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6470| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6471| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6472| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6473| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6474| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6475| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6476| [49290] Apache Wicket Cross Site Scripting Vulnerability
6477| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6478| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6479| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6480| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6481| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6482| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6483| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6484| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6485| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6486| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6487| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6488| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6489| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6490| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6491| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6492| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6493| [46953] Apache MPM-ITK Module Security Weakness
6494| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6495| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6496| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6497| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6498| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6499| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6500| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6501| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6502| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6503| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6504| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6505| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6506| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6507| [44616] Apache Shiro Directory Traversal Vulnerability
6508| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6509| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6510| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6511| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6512| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6513| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6514| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6515| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6516| [42492] Apache CXF XML DTD Processing Security Vulnerability
6517| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6518| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6519| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6520| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6521| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6522| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6523| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6524| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6525| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6526| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6527| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6528| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6529| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6530| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6531| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6532| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6533| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6534| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6535| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6536| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6537| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6538| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6539| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6540| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6541| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6542| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6543| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6544| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6545| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6546| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6547| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6548| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6549| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6550| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6551| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6552| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6553| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6554| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6555| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6556| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6557| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6558| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6559| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6560| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6561| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6562| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6563| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6564| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6565| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6566| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6567| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6568| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6569| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6570| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6571| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6572| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6573| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6574| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6575| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6576| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6577| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6578| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6579| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6580| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6581| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6582| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6583| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6584| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6585| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6586| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6587| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6588| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6589| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6590| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6591| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6592| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6593| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6594| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6595| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6596| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6597| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6598| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6599| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6600| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6601| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6602| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6603| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6604| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6605| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6606| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6607| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6608| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6609| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6610| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6611| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6612| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6613| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6614| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6615| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6616| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6617| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6618| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6619| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6620| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6621| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6622| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6623| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6624| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6625| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6626| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6627| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6628| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6629| [20527] Apache Mod_TCL Remote Format String Vulnerability
6630| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6631| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6632| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6633| [19106] Apache Tomcat Information Disclosure Vulnerability
6634| [18138] Apache James SMTP Denial Of Service Vulnerability
6635| [17342] Apache Struts Multiple Remote Vulnerabilities
6636| [17095] Apache Log4Net Denial Of Service Vulnerability
6637| [16916] Apache mod_python FileSession Code Execution Vulnerability
6638| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6639| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6640| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6641| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6642| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6643| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6644| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6645| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6646| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6647| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6648| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6649| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6650| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6651| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6652| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6653| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6654| [14106] Apache HTTP Request Smuggling Vulnerability
6655| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6656| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6657| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6658| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6659| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6660| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6661| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6662| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6663| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6664| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6665| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6666| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6667| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6668| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6669| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6670| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6671| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6672| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6673| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6674| [11094] Apache mod_ssl Denial Of Service Vulnerability
6675| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6676| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6677| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6678| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6679| [10478] ClueCentral Apache Suexec Patch Security Weakness
6680| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()'  Stack Buffer Overflow Vulnerability
6681| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6682| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6683| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6684| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6685| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6686| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6687| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6688| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6689| [9733] Apache Cygwin Directory Traversal Vulnerability
6690| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6691| [9590] Apache-SSL Client Certificate Forging Vulnerability
6692| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6693| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6694| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6695| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6696| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6697| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6698| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6699| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6700| [8898] Red Hat Apache Directory Index Default Configuration Error
6701| [8883] Apache Cocoon Directory Traversal Vulnerability
6702| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6703| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6704| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6705| [8707] Apache htpasswd Password Entropy Weakness
6706| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6707| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6708| [8226] Apache HTTP Server Multiple Vulnerabilities
6709| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6710| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6711| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6712| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6713| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6714| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6715| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6716| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6717| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6718| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6719| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6720| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6721| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6722| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6723| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6724| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6725| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6726| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6727| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6728| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6729| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6730| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6731| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6732| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6733| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6734| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6735| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6736| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6737| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6738| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6739| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6740| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6741| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6742| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6743| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6744| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6745| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6746| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6747| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6748| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6749| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6750| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6751| [5485] Apache 2.0 Path Disclosure Vulnerability
6752| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6753| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6754| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6755| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6756| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6757| [5054] Apache Tomcat  Web Root Path Disclosure Vulnerability
6758| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6759| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6760| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6761| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6762| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6763| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6764| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6765| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6766| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6767| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6768| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6769| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6770| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6771| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6772| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6773| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6774| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6775| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6776| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6777| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6778| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6779| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6780| [3596] Apache Split-Logfile File Append Vulnerability
6781| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6782| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6783| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6784| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6785| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6786| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6787| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6788| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6789| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6790| [3169] Apache Server Address Disclosure Vulnerability
6791| [3009] Apache Possible Directory Index Disclosure Vulnerability
6792| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6793| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6794| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6795| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6796| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6797| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6798| [2216] Apache Web Server DoS Vulnerability
6799| [2182] Apache /tmp File Race Vulnerability
6800| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6801| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6802| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6803| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6804| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6805| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6806| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6807| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6808| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6809| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6810| [1457] Apache::ASP source.asp Example Script Vulnerability
6811| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6812| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6813| 
6814| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6815| [86258] Apache CloudStack text fields cross-site scripting
6816| [85983] Apache Subversion mod_dav_svn module denial of service
6817| [85875] Apache OFBiz UEL code execution
6818| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6819| [85871] Apache HTTP Server mod_session_dbd  unspecified
6820| [85756] Apache Struts OGNL expression command execution
6821| [85755] Apache Struts DefaultActionMapper class open redirect
6822| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6823| [85574] Apache HTTP Server mod_dav denial of service
6824| [85573] Apache Struts Showcase App OGNL code execution
6825| [85496] Apache CXF denial of service
6826| [85423] Apache Geronimo RMI classloader code execution
6827| [85326] Apache Santuario XML Security for C++ buffer overflow
6828| [85323] Apache Santuario XML Security for Java spoofing
6829| [85319] Apache Qpid Python client SSL spoofing
6830| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6831| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6832| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6833| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6834| [84952] Apache Tomcat CVE-2012-3544 denial of service
6835| [84763] Apache Struts CVE-2013-2135 security bypass
6836| [84762] Apache Struts CVE-2013-2134 security bypass
6837| [84719] Apache Subversion CVE-2013-2088 command execution
6838| [84718] Apache Subversion CVE-2013-2112 denial of service
6839| [84717] Apache Subversion CVE-2013-1968 denial of service
6840| [84577] Apache Tomcat security bypass
6841| [84576] Apache Tomcat symlink
6842| [84543] Apache Struts CVE-2013-2115 security bypass
6843| [84542] Apache Struts CVE-2013-1966 security bypass
6844| [84154] Apache Tomcat session hijacking
6845| [84144] Apache Tomcat denial of service
6846| [84143] Apache Tomcat information disclosure
6847| [84111] Apache HTTP Server command execution
6848| [84043] Apache Virtual Computing Lab cross-site scripting
6849| [84042] Apache Virtual Computing Lab cross-site scripting
6850| [83782] Apache CloudStack information disclosure
6851| [83781] Apache CloudStack security bypass
6852| [83720] Apache ActiveMQ cross-site scripting
6853| [83719] Apache ActiveMQ denial of service
6854| [83718] Apache ActiveMQ denial of service
6855| [83263] Apache Subversion denial of service
6856| [83262] Apache Subversion denial of service
6857| [83261] Apache Subversion denial of service
6858| [83259] Apache Subversion denial of service
6859| [83035] Apache mod_ruid2 security bypass
6860| [82852] Apache Qpid federation_tag security bypass
6861| [82851] Apache Qpid qpid::framing::Buffer denial of service
6862| [82758] Apache Rave User RPC API information disclosure
6863| [82663] Apache Subversion svn_fs_file_length() denial of service
6864| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6865| [82641] Apache Qpid AMQP denial of service
6866| [82626] Apache HTTP Server on Debian GNU/Linux  Debian apache2ctl symlink
6867| [82618] Apache Commons FileUpload symlink
6868| [82360] Apache HTTP Server manager interface cross-site scripting
6869| [82359] Apache HTTP Server hostnames cross-site scripting
6870| [82338] Apache Tomcat log/logdir information disclosure
6871| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6872| [82268] Apache OpenJPA deserialization command execution
6873| [81981] Apache CXF UsernameTokens security bypass
6874| [81980] Apache CXF WS-Security security bypass
6875| [81398] Apache OFBiz cross-site scripting
6876| [81240] Apache CouchDB directory traversal
6877| [81226] Apache CouchDB JSONP code execution
6878| [81225] Apache CouchDB Futon user interface cross-site scripting
6879| [81211] Apache Axis2/C SSL spoofing
6880| [81167] Apache CloudStack DeployVM information disclosure
6881| [81166] Apache CloudStack AddHost API information disclosure
6882| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6883| [80518] Apache Tomcat cross-site request forgery security bypass
6884| [80517] Apache Tomcat FormAuthenticator security bypass
6885| [80516] Apache Tomcat NIO denial of service
6886| [80408] Apache Tomcat replay-countermeasure security bypass
6887| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6888| [80317] Apache Tomcat slowloris denial of service
6889| [79984] Apache Commons HttpClient SSL spoofing
6890| [79983] Apache CXF SSL spoofing
6891| [79830] Apache Axis2/Java SSL spoofing
6892| [79829] Apache Axis SSL spoofing
6893| [79809] Apache Tomcat DIGEST security bypass
6894| [79806] Apache Tomcat parseHeaders() denial of service
6895| [79540] Apache OFBiz unspecified
6896| [79487] Apache Axis2 SAML security bypass
6897| [79212] Apache Cloudstack code execution
6898| [78734] Apache CXF SOAP Action security bypass
6899| [78730] Apache Qpid broker denial of service
6900| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6901| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6902| [78562] Apache mod_pagespeed module security bypass
6903| [78454] Apache Axis2 security bypass
6904| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6905| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6906| [78321] Apache Wicket unspecified cross-site scripting
6907| [78183] Apache Struts parameters denial of service
6908| [78182] Apache Struts cross-site request forgery
6909| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6910| [77987] mod_rpaf module for Apache denial of service
6911| [77958] Apache Struts skill name code execution
6912| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6913| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6914| [77568] Apache Qpid broker security bypass
6915| [77421] Apache Libcloud spoofing
6916| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6917| [77046] Oracle Solaris Apache HTTP Server information disclosure
6918| [76837] Apache Hadoop information disclosure
6919| [76802] Apache Sling CopyFrom denial of service
6920| [76692] Apache Hadoop symlink
6921| [76535] Apache Roller console cross-site request forgery
6922| [76534] Apache Roller weblog cross-site scripting
6923| [76152] Apache CXF elements security bypass
6924| [76151] Apache CXF child policies security bypass
6925| [75983] MapServer for Windows Apache file include
6926| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6927| [75558] Apache POI denial of service
6928| [75545] PHP apache_request_headers() buffer overflow
6929| [75302] Apache Qpid SASL security bypass
6930| [75211] Debian GNU/Linux apache 2 cross-site scripting
6931| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6932| [74871] Apache OFBiz FlexibleStringExpander code execution
6933| [74870] Apache OFBiz multiple cross-site scripting
6934| [74750] Apache Hadoop unspecified spoofing
6935| [74319] Apache Struts XSLTResult.java file upload
6936| [74313] Apache Traffic Server header buffer overflow
6937| [74276] Apache Wicket directory traversal
6938| [74273] Apache Wicket unspecified cross-site scripting
6939| [74181] Apache HTTP Server mod_fcgid module denial of service
6940| [73690] Apache Struts OGNL code execution
6941| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6942| [73100] Apache MyFaces in directory traversal
6943| [73096] Apache APR hash denial of service
6944| [73052] Apache Struts name cross-site scripting
6945| [73030] Apache CXF UsernameToken security bypass
6946| [72888] Apache Struts lastName cross-site scripting
6947| [72758] Apache HTTP Server httpOnly information disclosure
6948| [72757] Apache HTTP Server MPM denial of service
6949| [72585] Apache Struts ParameterInterceptor security bypass
6950| [72438] Apache Tomcat Digest security bypass
6951| [72437] Apache Tomcat Digest security bypass
6952| [72436] Apache Tomcat DIGEST security bypass
6953| [72425] Apache Tomcat parameter denial of service
6954| [72422] Apache Tomcat request object information disclosure
6955| [72377] Apache HTTP Server scoreboard security bypass
6956| [72345] Apache HTTP Server HTTP request denial of service
6957| [72229] Apache Struts ExceptionDelegator command execution
6958| [72089] Apache Struts ParameterInterceptor directory traversal
6959| [72088] Apache Struts CookieInterceptor command execution
6960| [72047] Apache Geronimo hash denial of service
6961| [72016] Apache Tomcat hash denial of service
6962| [71711] Apache Struts OGNL expression code execution
6963| [71654] Apache Struts interfaces security bypass
6964| [71620] Apache ActiveMQ failover denial of service
6965| [71617] Apache HTTP Server mod_proxy module information disclosure
6966| [71508] Apache MyFaces EL security bypass
6967| [71445] Apache HTTP Server mod_proxy security bypass
6968| [71203] Apache Tomcat servlets privilege escalation
6969| [71181] Apache HTTP Server ap_pregsub() denial of service
6970| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6971| [70336] Apache HTTP Server mod_proxy information disclosure
6972| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6973| [69472] Apache Tomcat AJP security bypass
6974| [69396] Apache HTTP Server ByteRange filter denial of service
6975| [69394] Apache Wicket multi window support cross-site scripting
6976| [69176] Apache Tomcat XML information disclosure
6977| [69161] Apache Tomcat jsvc information disclosure
6978| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6979| [68541] Apache Tomcat sendfile information disclosure
6980| [68420] Apache XML Security denial of service
6981| [68238] Apache Tomcat JMX information disclosure
6982| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6983| [67804] Apache Subversion control rules information disclosure
6984| [67803] Apache Subversion control rules denial of service
6985| [67802] Apache Subversion baselined denial of service
6986| [67672] Apache Archiva multiple cross-site scripting
6987| [67671] Apache Archiva multiple cross-site request forgery
6988| [67564] Apache APR apr_fnmatch() denial of service
6989| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6990| [67515] Apache Tomcat annotations security bypass
6991| [67480] Apache Struts s:submit information disclosure
6992| [67414] Apache APR apr_fnmatch() denial of service
6993| [67356] Apache Struts javatemplates cross-site scripting
6994| [67354] Apache Struts Xwork cross-site scripting
6995| [66676] Apache Tomcat HTTP BIO information disclosure
6996| [66675] Apache Tomcat web.xml security bypass
6997| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6998| [66241] Apache HttpComponents information disclosure
6999| [66154] Apache Tomcat ServletSecurity security bypass
7000| [65971] Apache Tomcat ServletSecurity security bypass
7001| [65876] Apache Subversion mod_dav_svn denial of service
7002| [65343] Apache Continuum unspecified cross-site scripting
7003| [65162] Apache Tomcat NIO connector denial of service
7004| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
7005| [65160] Apache Tomcat HTML Manager interface cross-site scripting
7006| [65159] Apache Tomcat ServletContect security bypass
7007| [65050] Apache CouchDB web-based administration UI cross-site scripting
7008| [64773] Oracle HTTP Server Apache Plugin unauthorized access
7009| [64473] Apache Subversion blame -g denial of service
7010| [64472] Apache Subversion walk() denial of service
7011| [64407] Apache Axis2 CVE-2010-0219 code execution
7012| [63926] Apache Archiva password privilege escalation
7013| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
7014| [63493] Apache Archiva credentials cross-site request forgery
7015| [63477] Apache Tomcat HttpOnly session hijacking
7016| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
7017| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
7018| [62959] Apache Shiro filters security bypass
7019| [62790] Apache Perl cgi module denial of service
7020| [62576] Apache Qpid exchange denial of service
7021| [62575] Apache Qpid AMQP denial of service
7022| [62354] Apache Qpid SSL denial of service
7023| [62235] Apache APR-util apr_brigade_split_line() denial of service
7024| [62181] Apache XML-RPC SAX Parser information disclosure
7025| [61721] Apache Traffic Server cache poisoning
7026| [61202] Apache Derby BUILTIN authentication functionality information disclosure
7027| [61186] Apache CouchDB Futon cross-site request forgery
7028| [61169] Apache CXF DTD denial of service
7029| [61070] Apache Jackrabbit search.jsp SQL injection
7030| [61006] Apache SLMS Quoting cross-site request forgery
7031| [60962] Apache Tomcat time cross-site scripting
7032| [60883] Apache mod_proxy_http information disclosure
7033| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
7034| [60264] Apache Tomcat Transfer-Encoding denial of service
7035| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
7036| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
7037| [59413] Apache mod_proxy_http timeout information disclosure
7038| [59058] Apache MyFaces unencrypted view state cross-site scripting
7039| [58827] Apache Axis2 xsd file include
7040| [58790] Apache Axis2 modules cross-site scripting
7041| [58299] Apache ActiveMQ queueBrowse cross-site scripting
7042| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
7043| [58056] Apache ActiveMQ .jsp source code disclosure
7044| [58055] Apache Tomcat realm name information disclosure
7045| [58046] Apache HTTP Server mod_auth_shadow security bypass
7046| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
7047| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
7048| [57429] Apache CouchDB algorithms information disclosure
7049| [57398] Apache ActiveMQ Web console cross-site request forgery
7050| [57397] Apache ActiveMQ createDestination.action cross-site scripting
7051| [56653] Apache HTTP Server DNS spoofing
7052| [56652] Apache HTTP Server DNS cross-site scripting
7053| [56625] Apache HTTP Server request header information disclosure
7054| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
7055| [56623] Apache HTTP Server mod_proxy_ajp denial of service
7056| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
7057| [55857] Apache Tomcat WAR files directory traversal
7058| [55856] Apache Tomcat autoDeploy attribute security bypass
7059| [55855] Apache Tomcat WAR directory traversal
7060| [55210] Intuit component for Joomla! Apache information disclosure
7061| [54533] Apache Tomcat 404 error page cross-site scripting
7062| [54182] Apache Tomcat admin default password
7063| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
7064| [53666] Apache HTTP Server Solaris pollset support denial of service
7065| [53650] Apache HTTP Server HTTP basic-auth module security bypass
7066| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
7067| [53041] mod_proxy_ftp module for Apache denial of service
7068| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
7069| [51953] Apache Tomcat Path Disclosure
7070| [51952] Apache Tomcat Path Traversal
7071| [51951] Apache stronghold-status Information Disclosure
7072| [51950] Apache stronghold-info Information Disclosure
7073| [51949] Apache PHP Source Code Disclosure
7074| [51948] Apache Multiviews Attack
7075| [51946] Apache JServ Environment Status Information Disclosure
7076| [51945] Apache error_log Information Disclosure
7077| [51944] Apache Default Installation Page Pattern Found
7078| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
7079| [51942] Apache AXIS XML External Entity File Retrieval
7080| [51941] Apache AXIS Sample Servlet Information Leak
7081| [51940] Apache access_log Information Disclosure
7082| [51626] Apache mod_deflate denial of service
7083| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
7084| [51365] Apache Tomcat RequestDispatcher security bypass
7085| [51273] Apache HTTP Server Incomplete Request denial of service
7086| [51195] Apache Tomcat XML information disclosure
7087| [50994] Apache APR-util xml/apr_xml.c denial of service
7088| [50993] Apache APR-util apr_brigade_vprintf denial of service
7089| [50964] Apache APR-util apr_strmatch_precompile() denial of service
7090| [50930] Apache Tomcat j_security_check information disclosure
7091| [50928] Apache Tomcat AJP denial of service
7092| [50884] Apache HTTP Server XML ENTITY denial of service
7093| [50808] Apache HTTP Server AllowOverride privilege escalation
7094| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7095| [50059] Apache mod_proxy_ajp information disclosure
7096| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7097| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7098| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7099| [49921] Apache ActiveMQ Web interface cross-site scripting
7100| [49898] Apache Geronimo Services/Repository directory traversal
7101| [49725] Apache Tomcat mod_jk module information disclosure
7102| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7103| [49712] Apache Struts unspecified cross-site scripting
7104| [49213] Apache Tomcat cal2.jsp cross-site scripting
7105| [48934] Apache Tomcat POST doRead method information disclosure
7106| [48211] Apache Tomcat header HTTP request smuggling
7107| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7108| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7109| [47709] Apache Roller &quot
7110| [47104] Novell Netware ApacheAdmin console security bypass
7111| [47086] Apache HTTP Server OS fingerprinting unspecified
7112| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7113| [45791] Apache Tomcat RemoteFilterValve security bypass
7114| [44435] Oracle WebLogic Apache Connector buffer overflow
7115| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7116| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7117| [44156] Apache Tomcat RequestDispatcher directory traversal
7118| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7119| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7120| [42987] Apache HTTP Server mod_proxy module denial of service
7121| [42915] Apache Tomcat JSP files path disclosure
7122| [42914] Apache Tomcat MS-DOS path disclosure
7123| [42892] Apache Tomcat unspecified unauthorized access
7124| [42816] Apache Tomcat Host Manager cross-site scripting
7125| [42303] Apache 403 error cross-site scripting
7126| [41618] Apache-SSL ExpandCert() authentication bypass
7127| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7128| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7129| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7130| [40562] Apache Geronimo init information disclosure
7131| [40478] Novell Web Manager webadmin-apache.conf security bypass
7132| [40411] Apache Tomcat exception handling information disclosure
7133| [40409] Apache Tomcat native (APR based) connector weak security
7134| [40403] Apache Tomcat quotes and %5C cookie information disclosure
7135| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
7136| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
7137| [39867] Apache HTTP Server mod_negotiation cross-site scripting
7138| [39804] Apache Tomcat SingleSignOn information disclosure
7139| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
7140| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
7141| [39608] Apache HTTP Server balancer manager cross-site request forgery
7142| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
7143| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
7144| [39472] Apache HTTP Server mod_status cross-site scripting
7145| [39201] Apache Tomcat JULI logging weak security
7146| [39158] Apache HTTP Server Windows SMB shares information disclosure
7147| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7148| [38951] Apache::AuthCAS Perl module cookie SQL injection
7149| [38800] Apache HTTP Server 413 error page cross-site scripting
7150| [38211] Apache Geronimo SQLLoginModule authentication bypass
7151| [37243] Apache Tomcat WebDAV directory traversal
7152| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7153| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7154| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7155| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7156| [36782] Apache Geronimo MEJB unauthorized access
7157| [36586] Apache HTTP Server UTF-7 cross-site scripting
7158| [36468] Apache Geronimo LoginModule security bypass
7159| [36467] Apache Tomcat functions.jsp cross-site scripting
7160| [36402] Apache Tomcat calendar cross-site request forgery
7161| [36354] Apache HTTP Server mod_proxy module denial of service
7162| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7163| [36336] Apache Derby lock table privilege escalation
7164| [36335] Apache Derby schema privilege escalation
7165| [36006] Apache Tomcat &quot
7166| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7167| [35999] Apache Tomcat \&quot
7168| [35795] Apache Tomcat CookieExample cross-site scripting
7169| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7170| [35384] Apache HTTP Server mod_cache module denial of service
7171| [35097] Apache HTTP Server mod_status module cross-site scripting
7172| [35095] Apache HTTP Server Prefork MPM module denial of service
7173| [34984] Apache HTTP Server recall_headers information disclosure
7174| [34966] Apache HTTP Server MPM content spoofing
7175| [34965] Apache HTTP Server MPM information disclosure
7176| [34963] Apache HTTP Server MPM multiple denial of service
7177| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7178| [34869] Apache Tomcat JSP example Web application cross-site scripting
7179| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7180| [34496] Apache Tomcat JK Connector security bypass
7181| [34377] Apache Tomcat hello.jsp cross-site scripting
7182| [34212] Apache Tomcat SSL configuration security bypass
7183| [34210] Apache Tomcat Accept-Language cross-site scripting
7184| [34209] Apache Tomcat calendar application cross-site scripting
7185| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7186| [34167] Apache Axis WSDL file path disclosure
7187| [34068] Apache Tomcat AJP connector information disclosure
7188| [33584] Apache HTTP Server suEXEC privilege escalation
7189| [32988] Apache Tomcat proxy module directory traversal
7190| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7191| [32708] Debian Apache tty privilege escalation
7192| [32441] ApacheStats extract() PHP call unspecified
7193| [32128] Apache Tomcat default account
7194| [31680] Apache Tomcat RequestParamExample cross-site scripting
7195| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7196| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7197| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7198| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7199| [29550] Apache mod_tcl set_var() format string
7200| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7201| [28357] Apache HTTP Server mod_alias script source information disclosure
7202| [28063] Apache mod_rewrite off-by-one buffer overflow
7203| [27902] Apache Tomcat URL information disclosure
7204| [26786] Apache James SMTP server denial of service
7205| [25680] libapache2 /tmp/svn file upload
7206| [25614] Apache Struts lookupMap cross-site scripting
7207| [25613] Apache Struts ActionForm denial of service
7208| [25612] Apache Struts isCancelled() security bypass
7209| [24965] Apache mod_python FileSession command execution
7210| [24716] Apache James spooler memory leak denial of service
7211| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7212| [24158] Apache Geronimo jsp-examples cross-site scripting
7213| [24030] Apache auth_ldap module multiple format strings
7214| [24008] Apache mod_ssl custom error message denial of service
7215| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7216| [23612] Apache mod_imap referer field cross-site scripting
7217| [23173] Apache Struts error message cross-site scripting
7218| [22942] Apache Tomcat directory listing denial of service
7219| [22858] Apache Multi-Processing Module code allows denial of service
7220| [22602] RHSA-2005:582 updates for Apache httpd not installed
7221| [22520] Apache mod-auth-shadow &quot
7222| [22466] ApacheTop symlink
7223| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7224| [22006] Apache HTTP Server byte-range filter denial of service
7225| [21567] Apache mod_ssl off-by-one buffer overflow
7226| [21195] Apache HTTP Server header HTTP request smuggling
7227| [20383] Apache HTTP Server htdigest buffer overflow
7228| [19681] Apache Tomcat AJP12 request denial of service
7229| [18993] Apache HTTP server check_forensic symlink attack
7230| [18790] Apache Tomcat Manager cross-site scripting
7231| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7232| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7233| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7234| [17961] Apache Web server ServerTokens has not been set
7235| [17930] Apache HTTP Server HTTP GET request denial of service
7236| [17785] Apache mod_include module buffer overflow
7237| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7238| [17473] Apache HTTP Server Satisfy directive allows access to resources
7239| [17413] Apache htpasswd buffer overflow
7240| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7241| [17382] Apache HTTP Server IPv6 apr_util denial of service
7242| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7243| [17273] Apache HTTP Server speculative mode denial of service
7244| [17200] Apache HTTP Server mod_ssl denial of service
7245| [16890] Apache HTTP Server server-info request has been detected
7246| [16889] Apache HTTP Server server-status request has been detected
7247| [16705] Apache mod_ssl format string attack
7248| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7249| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7250| [16230] Apache HTTP Server PHP denial of service
7251| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7252| [15958] Apache HTTP Server authentication modules memory corruption
7253| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7254| [15540] Apache HTTP Server socket starvation denial of service
7255| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7256| [15422] Apache HTTP Server mod_access information disclosure
7257| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7258| [15293] Apache for Cygwin &quot
7259| [15065] Apache-SSL has a default password
7260| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7261| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7262| [14751] Apache Mod_python output filter information disclosure
7263| [14125] Apache HTTP Server mod_userdir module information disclosure
7264| [14075] Apache HTTP Server mod_php file descriptor leak
7265| [13703] Apache HTTP Server account
7266| [13689] Apache HTTP Server configuration allows symlinks
7267| [13688] Apache HTTP Server configuration allows SSI
7268| [13687] Apache HTTP Server Server: header value
7269| [13685] Apache HTTP Server ServerTokens value
7270| [13684] Apache HTTP Server ServerSignature value
7271| [13672] Apache HTTP Server config allows directory autoindexing
7272| [13671] Apache HTTP Server default content
7273| [13670] Apache HTTP Server config file directive references outside content root
7274| [13668] Apache HTTP Server httpd not running in chroot environment
7275| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7276| [13664] Apache HTTP Server config file contains ScriptAlias entry
7277| [13663] Apache HTTP Server CGI support modules loaded
7278| [13661] Apache HTTP Server config file contains AddHandler entry
7279| [13660] Apache HTTP Server 500 error page not CGI script
7280| [13659] Apache HTTP Server 413 error page not CGI script
7281| [13658] Apache HTTP Server 403 error page not CGI script
7282| [13657] Apache HTTP Server 401 error page not CGI script
7283| [13552] Apache HTTP Server mod_cgid module information disclosure
7284| [13550] Apache GET request directory traversal
7285| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7286| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7287| [13429] Apache Tomcat non-HTTP request denial of service
7288| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7289| [13295] Apache weak password encryption
7290| [13254] Apache Tomcat .jsp cross-site scripting
7291| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7292| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7293| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7294| [12662] Apache HTTP Server rotatelogs denial of service
7295| [12554] Apache Tomcat stores password in plain text
7296| [12553] Apache HTTP Server redirects and subrequests denial of service
7297| [12552] Apache HTTP Server FTP proxy server denial of service
7298| [12551] Apache HTTP Server prefork MPM denial of service
7299| [12550] Apache HTTP Server weaker than expected encryption
7300| [12549] Apache HTTP Server type-map file denial of service
7301| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7302| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7303| [12091] Apache HTTP Server apr_password_validate denial of service
7304| [12090] Apache HTTP Server apr_psprintf code execution
7305| [11804] Apache HTTP Server mod_access_referer denial of service
7306| [11750] Apache HTTP Server could leak sensitive file descriptors
7307| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7308| [11703] Apache long slash path allows directory listing
7309| [11695] Apache HTTP Server LF (Line Feed) denial of service
7310| [11694] Apache HTTP Server filestat.c denial of service
7311| [11438] Apache HTTP Server MIME message boundaries information disclosure
7312| [11412] Apache HTTP Server error log terminal escape sequence injection
7313| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7314| [11195] Apache Tomcat web.xml could be used to read files
7315| [11194] Apache Tomcat URL appended with a null character could list directories
7316| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7317| [11126] Apache HTTP Server illegal character file disclosure
7318| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7319| [11124] Apache HTTP Server DOS device name denial of service
7320| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7321| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7322| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7323| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7324| [10499] Apache HTTP Server WebDAV HTTP POST view source
7325| [10457] Apache HTTP Server mod_ssl &quot
7326| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7327| [10414] Apache HTTP Server htdigest multiple buffer overflows
7328| [10413] Apache HTTP Server htdigest temporary file race condition
7329| [10412] Apache HTTP Server htpasswd temporary file race condition
7330| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7331| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7332| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7333| [10280] Apache HTTP Server shared memory scorecard overwrite
7334| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7335| [10241] Apache HTTP Server Host: header cross-site scripting
7336| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7337| [10208] Apache HTTP Server mod_dav denial of service
7338| [10206] HP VVOS Apache mod_ssl denial of service
7339| [10200] Apache HTTP Server stderr denial of service
7340| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7341| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7342| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7343| [10098] Slapper worm targets OpenSSL/Apache systems
7344| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7345| [9875] Apache HTTP Server .var file request could disclose installation path
7346| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7347| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7348| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7349| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7350| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7351| [9396] Apache Tomcat null character to threads denial of service
7352| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7353| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7354| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7355| [8932] Apache Tomcat example class information disclosure
7356| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7357| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7358| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7359| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7360| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7361| [8400] Apache HTTP Server mod_frontpage buffer overflows
7362| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7363| [8308] Apache &quot
7364| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7365| [8119] Apache and PHP OPTIONS request reveals &quot
7366| [8054] Apache is running on the system
7367| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7368| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7369| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7370| [7836] Apache HTTP Server log directory denial of service
7371| [7815] Apache for Windows &quot
7372| [7810] Apache HTTP request could result in unexpected behavior
7373| [7599] Apache Tomcat reveals installation path
7374| [7494] Apache &quot
7375| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7376| [7363] Apache Web Server hidden HTTP requests
7377| [7249] Apache mod_proxy denial of service
7378| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7379| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7380| [7059] Apache &quot
7381| [7057] Apache &quot
7382| [7056] Apache &quot
7383| [7055] Apache &quot
7384| [7054] Apache &quot
7385| [6997] Apache Jakarta Tomcat error message may reveal information
7386| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7387| [6970] Apache crafted HTTP request could reveal the internal IP address
7388| [6921] Apache long slash path allows directory listing
7389| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7390| [6527] Apache Web Server for Windows and OS2 denial of service
7391| [6316] Apache Jakarta Tomcat may reveal JSP source code
7392| [6305] Apache Jakarta Tomcat directory traversal
7393| [5926] Linux Apache symbolic link
7394| [5659] Apache Web server discloses files when used with php script
7395| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7396| [5204] Apache WebDAV directory listings
7397| [5197] Apache Web server reveals CGI script source code
7398| [5160] Apache Jakarta Tomcat default installation
7399| [5099] Trustix Secure Linux installs Apache with world writable access
7400| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7401| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7402| [4931] Apache source.asp example file allows users to write to files
7403| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7404| [4205] Apache Jakarta Tomcat delivers file contents
7405| [2084] Apache on Debian by default serves the /usr/doc directory
7406| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7407| [697] Apache HTTP server beck exploit
7408| [331] Apache cookies buffer overflow
7409| 
7410| Exploit-DB - https://www.exploit-db.com:
7411| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7412| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7413| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7414| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7415| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7416| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7417| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7418| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7419| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7420| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7421| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7422| [29859] Apache Roller OGNL Injection
7423| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7424| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7425| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7426| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7427| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7428| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7429| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7430| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7431| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7432| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7433| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7434| [27096] Apache Geronimo 1.0 Error Page XSS
7435| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7436| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7437| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7438| [25986] Plesk Apache Zeroday Remote Exploit
7439| [25980] Apache Struts includeParams Remote Code Execution
7440| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7441| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7442| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7443| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7444| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7445| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7446| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7447| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7448| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7449| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7450| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7451| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7452| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7453| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7454| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7455| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7456| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7457| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7458| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7459| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7460| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7461| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7462| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7463| [21719] Apache 2.0 Path Disclosure Vulnerability
7464| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7465| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7466| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7467| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7468| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7469| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7470| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7471| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7472| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7473| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7474| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7475| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7476| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7477| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7478| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7479| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7480| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7481| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7482| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7483| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7484| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7485| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7486| [20558] Apache 1.2 Web Server DoS Vulnerability
7487| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7488| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7489| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7490| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7491| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7492| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7493| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7494| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7495| [19231] PHP apache_request_headers Function Buffer Overflow
7496| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7497| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7498| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7499| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7500| [18442] Apache httpOnly Cookie Disclosure
7501| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7502| [18221] Apache HTTP Server Denial of Service
7503| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7504| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7505| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7506| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7507| [16782] Apache Win32 Chunked Encoding
7508| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7509| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7510| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7511| [15319] Apache 2.2 (Windows) Local Denial of Service
7512| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7513| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7514| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7515| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7516| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7517| [12330] Apache OFBiz - Multiple XSS
7518| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7519| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7520| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7521| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7522| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7523| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7524| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7525| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7526| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7527| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7528| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7529| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7530| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7531| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7532| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7533| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7534| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7535| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7536| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7537| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7538| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7539| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7540| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7541| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7542| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7543| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7544| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7545| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7546| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7547| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7548| [466] htpasswd Apache 1.3.31 - Local Exploit
7549| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7550| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7551| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7552| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7553| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7554| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7555| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7556| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7557| [9] Apache HTTP Server 2.x Memory Leak Exploit
7558| 
7559| OpenVAS (Nessus) - http://www.openvas.org:
7560| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7561| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7562| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7563| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7564| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7565| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7566| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7567| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7568| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7569| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7570| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7571| [900571] Apache APR-Utils Version Detection
7572| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7573| [900496] Apache Tiles Multiple XSS Vulnerability
7574| [900493] Apache Tiles Version Detection
7575| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7576| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7577| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7578| [870175] RedHat Update for apache RHSA-2008:0004-01
7579| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7580| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7581| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7582| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7583| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7584| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7585| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7586| [855821] Solaris Update for Apache 1.3 122912-19
7587| [855812] Solaris Update for Apache 1.3 122911-19
7588| [855737] Solaris Update for Apache 1.3 122911-17
7589| [855731] Solaris Update for Apache 1.3 122912-17
7590| [855695] Solaris Update for Apache 1.3 122911-16
7591| [855645] Solaris Update for Apache 1.3 122912-16
7592| [855587] Solaris Update for kernel update and Apache 108529-29
7593| [855566] Solaris Update for Apache 116973-07
7594| [855531] Solaris Update for Apache 116974-07
7595| [855524] Solaris Update for Apache 2 120544-14
7596| [855494] Solaris Update for Apache 1.3 122911-15
7597| [855478] Solaris Update for Apache Security 114145-11
7598| [855472] Solaris Update for Apache Security 113146-12
7599| [855179] Solaris Update for Apache 1.3 122912-15
7600| [855147] Solaris Update for kernel update  and Apache 108528-29
7601| [855077] Solaris Update for Apache 2 120543-14
7602| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7603| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7604| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7605| [841209] Ubuntu Update for apache2 USN-1627-1
7606| [840900] Ubuntu Update for apache2 USN-1368-1
7607| [840798] Ubuntu Update for apache2 USN-1259-1
7608| [840734] Ubuntu Update for apache2 USN-1199-1
7609| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7610| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7611| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7612| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7613| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7614| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7615| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7616| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7617| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7618| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7619| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7620| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7621| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7622| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7623| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7624| [835188] HP-UX Update for Apache HPSBUX02308
7625| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7626| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7627| [835172] HP-UX Update for Apache HPSBUX02365
7628| [835168] HP-UX Update for Apache HPSBUX02313
7629| [835148] HP-UX Update for Apache HPSBUX01064
7630| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7631| [835131] HP-UX Update for Apache HPSBUX00256
7632| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7633| [835104] HP-UX Update for Apache HPSBUX00224
7634| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7635| [835101] HP-UX Update for Apache HPSBUX01232
7636| [835080] HP-UX Update for Apache HPSBUX02273
7637| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7638| [835044] HP-UX Update for Apache HPSBUX01019
7639| [835040] HP-UX Update for Apache PHP HPSBUX00207
7640| [835025] HP-UX Update for Apache HPSBUX00197
7641| [835023] HP-UX Update for Apache HPSBUX01022
7642| [835022] HP-UX Update for Apache HPSBUX02292
7643| [835005] HP-UX Update for Apache HPSBUX02262
7644| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7645| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7646| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7647| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7648| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7649| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7650| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7651| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7652| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7653| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7654| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7655| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7656| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7657| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7658| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7659| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7660| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7661| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7662| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7663| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7664| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7665| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7666| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7667| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7668| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7669| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7670| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7671| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7672| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7673| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7674| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7675| [801942] Apache Archiva Multiple Vulnerabilities
7676| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7677| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7678| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7679| [801284] Apache Derby Information Disclosure Vulnerability
7680| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7681| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7682| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7683| [800680] Apache APR Version Detection
7684| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7685| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7686| [800677] Apache Roller Version Detection
7687| [800279] Apache mod_jk Module Version Detection
7688| [800278] Apache Struts Cross Site Scripting Vulnerability
7689| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7690| [800276] Apache Struts Version Detection
7691| [800271] Apache Struts Directory Traversal Vulnerability
7692| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7693| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7694| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7695| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7696| [103074] Apache Continuum Cross Site Scripting Vulnerability
7697| [103073] Apache Continuum Detection
7698| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7699| [101023] Apache Open For Business Weak Password security check
7700| [101020] Apache Open For Business HTML injection vulnerability
7701| [101019] Apache Open For Business service detection
7702| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7703| [100923] Apache Archiva Detection
7704| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7705| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7706| [100813] Apache Axis2 Detection
7707| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7708| [100795] Apache Derby Detection
7709| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7710| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7711| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7712| [100514] Apache Multiple Security Vulnerabilities
7713| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7714| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7715| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7716| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7717| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7718| [72612] FreeBSD Ports: apache22
7719| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7720| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7721| [71512] FreeBSD Ports: apache
7722| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7723| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7724| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7725| [70737] FreeBSD Ports: apache
7726| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7727| [70600] FreeBSD Ports: apache
7728| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7729| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7730| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7731| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7732| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7733| [67868] FreeBSD Ports: apache
7734| [66816] FreeBSD Ports: apache
7735| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7736| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7737| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7738| [66081] SLES11: Security update for Apache 2
7739| [66074] SLES10: Security update for Apache 2
7740| [66070] SLES9: Security update for Apache 2
7741| [65998] SLES10: Security update for apache2-mod_python
7742| [65893] SLES10: Security update for Apache 2
7743| [65888] SLES10: Security update for Apache 2
7744| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7745| [65510] SLES9: Security update for Apache 2
7746| [65472] SLES9: Security update for Apache
7747| [65467] SLES9: Security update for Apache
7748| [65450] SLES9: Security update for apache2
7749| [65390] SLES9: Security update for Apache2
7750| [65363] SLES9: Security update for Apache2
7751| [65309] SLES9: Security update for Apache and mod_ssl
7752| [65296] SLES9: Security update for webdav apache module
7753| [65283] SLES9: Security update for Apache2
7754| [65249] SLES9: Security update for Apache 2
7755| [65230] SLES9: Security update for Apache 2
7756| [65228] SLES9: Security update for Apache 2
7757| [65212] SLES9: Security update for apache2-mod_python
7758| [65209] SLES9: Security update for apache2-worker
7759| [65207] SLES9: Security update for Apache 2
7760| [65168] SLES9: Security update for apache2-mod_python
7761| [65142] SLES9: Security update for Apache2
7762| [65136] SLES9: Security update for Apache 2
7763| [65132] SLES9: Security update for apache
7764| [65131] SLES9: Security update for Apache 2 oes/CORE
7765| [65113] SLES9: Security update for apache2
7766| [65072] SLES9: Security update for apache and mod_ssl
7767| [65017] SLES9: Security update for Apache 2
7768| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7769| [64783] FreeBSD Ports: apache
7770| [64774] Ubuntu USN-802-2 (apache2)
7771| [64653] Ubuntu USN-813-2 (apache2)
7772| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7773| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7774| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7775| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7776| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7777| [64443] Ubuntu USN-802-1 (apache2)
7778| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7779| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7780| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7781| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7782| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7783| [64201] Ubuntu USN-787-1 (apache2)
7784| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7785| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7786| [63565] FreeBSD Ports: apache
7787| [63562] Ubuntu USN-731-1 (apache2)
7788| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7789| [61185] FreeBSD Ports: apache
7790| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7791| [60387] Slackware Advisory SSA:2008-045-02 apache 
7792| [58826] FreeBSD Ports: apache-tomcat
7793| [58825] FreeBSD Ports: apache-tomcat
7794| [58804] FreeBSD Ports: apache
7795| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7796| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7797| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7798| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7799| [57335] Debian Security Advisory DSA 1167-1 (apache)
7800| [57201] Debian Security Advisory DSA 1131-1 (apache)
7801| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7802| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd 
7803| [57145] FreeBSD Ports: apache
7804| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd 
7805| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux 
7806| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7807| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7808| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7809| [56067] FreeBSD Ports: apache
7810| [55803] Slackware Advisory SSA:2005-310-04 apache 
7811| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7812| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7813| [55355] FreeBSD Ports: apache
7814| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7815| [55261] Debian Security Advisory DSA 805-1 (apache2)
7816| [55259] Debian Security Advisory DSA 803-1 (apache)
7817| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7818| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7819| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7820| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7821| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7822| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7823| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7824| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7825| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7826| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7827| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7828| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7829| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7830| [54439] FreeBSD Ports: apache
7831| [53931] Slackware Advisory SSA:2004-133-01 apache 
7832| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php  
7833| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl  
7834| [53878] Slackware Advisory SSA:2003-308-01 apache security update 
7835| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7836| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7837| [53848] Debian Security Advisory DSA 131-1 (apache)
7838| [53784] Debian Security Advisory DSA 021-1 (apache)
7839| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7840| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7841| [53735] Debian Security Advisory DSA 187-1 (apache)
7842| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7843| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7844| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7845| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7846| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7847| [53282] Debian Security Advisory DSA 594-1 (apache)
7848| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7849| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7850| [53215] Debian Security Advisory DSA 525-1 (apache)
7851| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7852| [52529] FreeBSD Ports: apache+ssl
7853| [52501] FreeBSD Ports: apache
7854| [52461] FreeBSD Ports: apache
7855| [52390] FreeBSD Ports: apache
7856| [52389] FreeBSD Ports: apache
7857| [52388] FreeBSD Ports: apache
7858| [52383] FreeBSD Ports: apache
7859| [52339] FreeBSD Ports: apache+mod_ssl
7860| [52331] FreeBSD Ports: apache
7861| [52329] FreeBSD Ports: ru-apache+mod_ssl
7862| [52314] FreeBSD Ports: apache
7863| [52310] FreeBSD Ports: apache
7864| [15588] Detect Apache HTTPS
7865| [15555] Apache mod_proxy content-length buffer overflow
7866| [15554] Apache mod_include priviledge escalation
7867| [14771] Apache <= 1.3.33 htpasswd local overflow
7868| [14177] Apache mod_access rule bypass
7869| [13644] Apache mod_rootme Backdoor
7870| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7871| [12280] Apache Connection Blocking Denial of Service
7872| [12239] Apache Error Log Escape Sequence Injection
7873| [12123] Apache Tomcat source.jsp malformed request information disclosure
7874| [12085] Apache Tomcat servlet/JSP container default files 
7875| [11438] Apache Tomcat Directory Listing and File disclosure
7876| [11204] Apache Tomcat Default Accounts
7877| [11092] Apache 2.0.39 Win32 directory traversal
7878| [11046] Apache Tomcat TroubleShooter Servlet Installed
7879| [11042] Apache Tomcat DOS Device Name XSS
7880| [11041] Apache Tomcat /servlet Cross Site Scripting
7881| [10938] Apache Remote Command Execution via .bat files
7882| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7883| [10773] MacOS X Finder reveals contents of Apache Web files
7884| [10766] Apache UserDir Sensitive Information Disclosure
7885| [10756] MacOS X Finder reveals contents of Apache Web directories
7886| [10752] Apache Auth Module SQL Insertion Attack
7887| [10704] Apache Directory Listing
7888| [10678] Apache /server-info accessible
7889| [10677] Apache /server-status accessible
7890| [10440] Check for Apache Multiple / vulnerability
7891| 
7892| SecurityTracker - https://www.securitytracker.com:
7893| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7894| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7895| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7896| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7897| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7898| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7899| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7900| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7901| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7902| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7903| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7904| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7905| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7906| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7907| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7908| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7909| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7910| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7911| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7912| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7913| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7914| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7915| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7916| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7917| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7918| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7919| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7920| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7921| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7922| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7923| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7924| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7925| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7926| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7927| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7928| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7929| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7930| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7931| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7932| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7933| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7934| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7935| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7936| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7937| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7938| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7939| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7940| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7941| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7942| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7943| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7944| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7945| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7946| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7947| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7948| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7949| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7950| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7951| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7952| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7953| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7954| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7955| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7956| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7957| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7958| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7959| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7960| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7961| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7962| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7963| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7964| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7965| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7966| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7967| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7968| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7969| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7970| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7971| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7972| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7973| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7974| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7975| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7976| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7977| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7978| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7979| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7980| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7981| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7982| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7983| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7984| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7985| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7986| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7987| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7988| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7989| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7990| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7991| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7992| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7993| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7994| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7995| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7996| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7997| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7998| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7999| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
8000| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
8001| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
8002| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
8003| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
8004| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
8005| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
8006| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
8007| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
8008| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
8009| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
8010| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
8011| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
8012| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
8013| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
8014| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
8015| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
8016| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
8017| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
8018| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
8019| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
8020| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
8021| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
8022| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
8023| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
8024| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
8025| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
8026| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
8027| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
8028| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
8029| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
8030| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
8031| [1008920] Apache mod_digest May Validate Replayed Client Responses
8032| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
8033| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
8034| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
8035| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
8036| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
8037| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
8038| [1008030] Apache mod_rewrite Contains a Buffer Overflow
8039| [1008029] Apache mod_alias Contains a Buffer Overflow
8040| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
8041| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
8042| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
8043| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
8044| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
8045| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
8046| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
8047| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
8048| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
8049| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
8050| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
8051| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
8052| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
8053| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
8054| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
8055| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
8056| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
8057| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
8058| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
8059| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
8060| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
8061| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
8062| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
8063| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
8064| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
8065| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
8066| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
8067| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
8068| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
8069| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
8070| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
8071| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
8072| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
8073| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
8074| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
8075| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
8076| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
8077| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
8078| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8079| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8080| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
8081| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
8082| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
8083| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
8084| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
8085| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
8086| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
8087| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
8088| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
8089| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
8090| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8091| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8092| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8093| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8094| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8095| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8096| 
8097| OSVDB - http://www.osvdb.org:
8098| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8099| [96077] Apache CloudStack Global Settings Multiple Field XSS
8100| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8101| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8102| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8103| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8104| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8105| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8106| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8107| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8108| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8109| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8110| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8111| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8112| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8113| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8114| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8115| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8116| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8117| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8118| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8119| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8120| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8121| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8122| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8123| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8124| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8125| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8126| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8127| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8128| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8129| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8130| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
8131| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
8132| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
8133| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
8134| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
8135| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
8136| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
8137| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
8138| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
8139| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
8140| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
8141| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
8142| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
8143| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
8144| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
8145| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
8146| [94279] Apache Qpid CA Certificate Validation Bypass
8147| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8148| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8149| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8150| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8151| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8152| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8153| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8154| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8155| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8156| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8157| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8158| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8159| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8160| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8161| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8162| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8163| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8164| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8165| [93541] Apache Solr json.wrf Callback XSS
8166| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8167| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8168| [93520] Apache CloudStack Default SSL Key Weakness
8169| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8170| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8171| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8172| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8173| [93515] Apache HBase table.jsp name Parameter XSS
8174| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8175| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8176| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8177| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8178| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8179| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8180| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8181| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8182| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8183| [93252] Apache Tomcat FORM Authenticator Session Fixation
8184| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8185| [93171] Apache Sling HtmlResponse Error Message XSS
8186| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8187| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8188| [93168] Apache Click ErrorReport.java id Parameter XSS
8189| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8190| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8191| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8192| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8193| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8194| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8195| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8196| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8197| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8198| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8199| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8200| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8201| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8202| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8203| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8204| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8205| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8206| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8207| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8208| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8209| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8210| [93144] Apache Solr Admin Command Execution CSRF
8211| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8212| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8213| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8214| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8215| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8216| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8217| [92748] Apache CloudStack VM Console Access Restriction Bypass
8218| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8219| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8220| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8221| [92706] Apache ActiveMQ Debug Log Rendering XSS
8222| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8223| [92270] Apache Tomcat Unspecified CSRF
8224| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8225| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8226| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8227| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8228| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8229| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8230| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8231| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8232| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8233| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8234| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8235| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8236| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8237| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8238| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8239| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8240| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8241| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8242| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8243| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8244| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8245| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8246| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8247| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8248| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8249| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8250| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8251| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8252| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8253| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8254| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8255| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8256| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8257| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8258| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8259| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8260| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8261| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8262| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8263| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8264| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8265| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8266| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8267| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8268| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8269| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8270| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8271| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8272| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8273| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8274| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8275| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8276| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8277| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8278| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8279| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8280| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8281| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8282| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8283| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8284| [86901] Apache Tomcat Error Message Path Disclosure
8285| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8286| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8287| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8288| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8289| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8290| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8291| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8292| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8293| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8294| [85430] Apache mod_pagespeed Module Unspecified XSS
8295| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8296| [85249] Apache Wicket Unspecified XSS
8297| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8298| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8299| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8300| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8301| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8302| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8303| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8304| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8305| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8306| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8307| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8308| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8309| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8310| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8311| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8312| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8313| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8314| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8315| [83339] Apache Roller Blogger Roll Unspecified XSS
8316| [83270] Apache Roller Unspecified Admin Action CSRF
8317| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8318| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8319| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8320| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8321| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8322| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8323| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8324| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8325| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8326| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8327| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8328| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8329| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8330| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8331| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8332| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8333| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8334| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8335| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8336| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8337| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8338| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8339| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8340| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8341| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8342| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8343| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8344| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8345| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8346| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8347| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8348| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8349| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8350| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8351| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8352| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8353| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8354| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8355| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8356| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8357| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8358| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8359| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8360| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8361| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8362| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8363| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8364| [77593] Apache Struts Conversion Error OGNL Expression Injection
8365| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8366| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8367| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8368| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8369| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8370| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8371| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8372| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8373| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8374| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8375| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8376| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8377| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8378| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8379| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8380| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8381| [74725] Apache Wicket Multi Window Support Unspecified XSS
8382| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8383| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8384| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8385| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8386| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8387| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8388| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8389| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8390| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8391| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8392| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8393| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8394| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8395| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8396| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8397| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8398| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8399| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8400| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8401| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8402| [73154] Apache Archiva Multiple Unspecified CSRF
8403| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8404| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8405| [72238] Apache Struts Action / Method Names &lt
8406| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8407| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8408| [71557] Apache Tomcat HTML Manager Multiple XSS
8409| [71075] Apache Archiva User Management Page XSS
8410| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8411| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8412| [70924] Apache Continuum Multiple Admin Function CSRF
8413| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8414| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8415| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8416| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8417| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8418| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8419| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8420| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8421| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8422| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8423| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8424| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8425| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8426| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8427| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8428| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8429| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8430| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8431| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8432| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8433| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8434| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8435| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8436| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8437| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8438| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8439| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8440| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8441| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8442| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8443| [65054] Apache ActiveMQ Jetty Error Handler XSS
8444| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8445| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8446| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8447| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8448| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8449| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8450| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8451| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8452| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8453| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8454| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8455| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8456| [63895] Apache HTTP Server mod_headers Unspecified Issue
8457| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8458| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8459| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8460| [63140] Apache Thrift Service Malformed Data Remote DoS
8461| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8462| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8463| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8464| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8465| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8466| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8467| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8468| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8469| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8470| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8471| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8472| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8473| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8474| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8475| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8476| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8477| [60678] Apache Roller Comment Email Notification Manipulation DoS
8478| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8479| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8480| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8481| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8482| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8483| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8484| [60232] PHP on Apache php.exe Direct Request Remote DoS
8485| [60176] Apache Tomcat Windows Installer Admin Default Password
8486| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8487| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8488| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8489| [59944] Apache Hadoop jobhistory.jsp XSS
8490| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8491| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8492| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8493| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8494| [59019] Apache mod_python Cookie Salting Weakness
8495| [59018] Apache Harmony Error Message Handling Overflow
8496| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8497| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8498| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8499| [59010] Apache Solr get-file.jsp XSS
8500| [59009] Apache Solr action.jsp XSS
8501| [59008] Apache Solr analysis.jsp XSS
8502| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8503| [59006] Apache Beehive select / checkbox Tag XSS
8504| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8505| [59004] Apache Beehive Error Message XSS
8506| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8507| [59002] Apache Jetspeed default-page.psml URI XSS
8508| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8509| [59000] Apache CXF Unsigned Message Policy Bypass
8510| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8511| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8512| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8513| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8514| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8515| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8516| [58993] Apache Hadoop browseBlock.jsp XSS
8517| [58991] Apache Hadoop browseDirectory.jsp XSS
8518| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8519| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8520| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8521| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8522| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8523| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8524| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8525| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8526| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8527| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8528| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8529| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8530| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8531| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8532| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8533| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8534| [58974] Apache Sling /apps Script User Session Management Access Weakness
8535| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8536| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8537| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8538| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8539| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8540| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8541| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8542| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8543| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8544| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8545| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8546| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8547| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8548| [58805] Apache Derby Unauthenticated Database / Admin Access
8549| [58804] Apache Wicket Header Contribution Unspecified Issue
8550| [58803] Apache Wicket Session Fixation
8551| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8552| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8553| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8554| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8555| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8556| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8557| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8558| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8559| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8560| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8561| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8562| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8563| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8564| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8565| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8566| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8567| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8568| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8569| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8570| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8571| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8572| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8573| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8574| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8575| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8576| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8577| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8578| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8579| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8580| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8581| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8582| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8583| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8584| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8585| [58755] Apache Harmony DRLVM Non-public Class Member Access
8586| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8587| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8588| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8589| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8590| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8591| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8592| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8593| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8594| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8595| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8596| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8597| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8598| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8599| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8600| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8601| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8602| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8603| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8604| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8605| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8606| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8607| [58724] Apache Roller Logout Functionality Failure Session Persistence
8608| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8609| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8610| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8611| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8612| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8613| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8614| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8615| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8616| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8617| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8618| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8619| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8620| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8621| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8622| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8623| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8624| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8625| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8626| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8627| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8628| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8629| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8630| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8631| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8632| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8633| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8634| [58687] Apache Axis Invalid wsdl Request XSS
8635| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8636| [58685] Apache Velocity Template Designer Privileged Code Execution
8637| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8638| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8639| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8640| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8641| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8642| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8643| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8644| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8645| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8646| [58667] Apache Roller Database Cleartext Passwords Disclosure
8647| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8648| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8649| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8650| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8651| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8652| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8653| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8654| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8655| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8656| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8657| [56984] Apache Xerces2 Java Malformed XML Input DoS
8658| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8659| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8660| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8661| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8662| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8663| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8664| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8665| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8666| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8667| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8668| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8669| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8670| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8671| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8672| [55056] Apache Tomcat Cross-application TLD File Manipulation
8673| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8674| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8675| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8676| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8677| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8678| [54589] Apache Jserv Nonexistent JSP Request XSS
8679| [54122] Apache Struts s:a / s:url Tag href Element XSS
8680| [54093] Apache ActiveMQ Web Console JMS Message XSS
8681| [53932] Apache Geronimo Multiple Admin Function CSRF
8682| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8683| [53930] Apache Geronimo /console/portal/ URI XSS
8684| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8685| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8686| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8687| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8688| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8689| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8690| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8691| [53380] Apache Struts Unspecified XSS
8692| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8693| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8694| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8695| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8696| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8697| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8698| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8699| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8700| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8701| [51151] Apache Roller Search Function q Parameter XSS
8702| [50482] PHP with Apache php_value Order Unspecified Issue
8703| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8704| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8705| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8706| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8707| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8708| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8709| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8710| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8711| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8712| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8713| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8714| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8715| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8716| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8717| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8718| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8719| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8720| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8721| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8722| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8723| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8724| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8725| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8726| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8727| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8728| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8729| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8730| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8731| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8732| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8733| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8734| [43452] Apache Tomcat HTTP Request Smuggling
8735| [43309] Apache Geronimo LoginModule Login Method Bypass
8736| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8737| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8738| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8739| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8740| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8741| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8742| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8743| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8744| [42091] Apache Maven Site Plugin Installation Permission Weakness
8745| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8746| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8747| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8748| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8749| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8750| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8751| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8752| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8753| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8754| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8755| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8756| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8757| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8758| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8759| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8760| [40262] Apache HTTP Server mod_status refresh XSS
8761| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8762| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8763| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8764| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8765| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8766| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8767| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8768| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8769| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8770| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8771| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8772| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8773| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8774| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8775| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8776| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8777| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8778| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8779| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8780| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8781| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8782| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8783| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8784| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8785| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8786| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8787| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8788| [36079] Apache Tomcat Manager Uploaded Filename XSS
8789| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8790| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8791| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8792| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8793| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8794| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8795| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8796| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8797| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8798| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8799| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8800| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8801| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8802| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8803| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8804| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8805| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8806| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8807| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8808| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8809| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8810| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8811| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8812| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8813| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8814| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8815| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8816| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8817| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8818| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8819| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8820| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8821| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8822| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8823| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8824| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8825| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8826| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8827| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8828| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8829| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8830| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8831| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8832| [24365] Apache Struts Multiple Function Error Message XSS
8833| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8834| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8835| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8836| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8837| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8838| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8839| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8840| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8841| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8842| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8843| [22459] Apache Geronimo Error Page XSS
8844| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8845| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8846| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8847| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8848| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8849| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8850| [21021] Apache Struts Error Message XSS
8851| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8852| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8853| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8854| [20439] Apache Tomcat Directory Listing Saturation DoS
8855| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8856| [20285] Apache HTTP Server Log File Control Character Injection
8857| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8858| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8859| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8860| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8861| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8862| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8863| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8864| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8865| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8866| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8867| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8868| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8869| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8870| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8871| [18233] Apache HTTP Server htdigest user Variable Overfow
8872| [17738] Apache HTTP Server HTTP Request Smuggling
8873| [16586] Apache HTTP Server Win32 GET Overflow DoS
8874| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8875| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8876| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8877| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8878| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8879| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8880| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8881| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8882| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8883| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8884| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8885| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8886| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8887| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8888| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8889| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8890| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8891| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8892| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8893| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8894| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8895| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8896| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8897| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8898| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8899| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8900| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8901| [13304] Apache Tomcat realPath.jsp Path Disclosure
8902| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8903| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8904| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8905| [12848] Apache HTTP Server htdigest realm Variable Overflow
8906| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8907| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8908| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8909| [12557] Apache HTTP Server prefork MPM accept Error DoS
8910| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8911| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8912| [12231] Apache Tomcat web.xml Arbitrary File Access
8913| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8914| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8915| [12178] Apache Jakarta Lucene results.jsp XSS
8916| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8917| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8918| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8919| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8920| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8921| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8922| [10471] Apache Xerces-C++ XML Parser DoS
8923| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8924| [10068] Apache HTTP Server htpasswd Local Overflow
8925| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8926| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8927| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8928| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8929| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8930| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8931| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8932| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8933| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8934| [9714] Apache Authentication Module Threaded MPM DoS
8935| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8936| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8937| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8938| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8939| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8940| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8941| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8942| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8943| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8944| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8945| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8946| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8947| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8948| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8949| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8950| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8951| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8952| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8953| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8954| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8955| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8956| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8957| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8958| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8959| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8960| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8961| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8962| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8963| [9208] Apache Tomcat .jsp Encoded Newline XSS
8964| [9204] Apache Tomcat ROOT Application XSS
8965| [9203] Apache Tomcat examples Application XSS
8966| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8967| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8968| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8969| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8970| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8971| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8972| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8973| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8974| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8975| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8976| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8977| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8978| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8979| [7611] Apache HTTP Server mod_alias Local Overflow
8980| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8981| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8982| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8983| [6882] Apache mod_python Malformed Query String Variant DoS
8984| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8985| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8986| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8987| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8988| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8989| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8990| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8991| [5278] Apache Tomcat web.xml Restriction Bypass
8992| [5051] Apache Tomcat Null Character DoS
8993| [4973] Apache Tomcat servlet Mapping XSS
8994| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8995| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8996| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8997| [4568] mod_survey For Apache ENV Tags SQL Injection
8998| [4553] Apache HTTP Server ApacheBench Overflow DoS
8999| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
9000| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
9001| [4383] Apache HTTP Server Socket Race Condition DoS
9002| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
9003| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
9004| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
9005| [4231] Apache Cocoon Error Page Server Path Disclosure
9006| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
9007| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
9008| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
9009| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
9010| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
9011| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
9012| [3322] mod_php for Apache HTTP Server Process Hijack
9013| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
9014| [2885] Apache mod_python Malformed Query String DoS
9015| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
9016| [2733] Apache HTTP Server mod_rewrite Local Overflow
9017| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
9018| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
9019| [2149] Apache::Gallery Privilege Escalation
9020| [2107] Apache HTTP Server mod_ssl Host: Header XSS
9021| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
9022| [1833] Apache HTTP Server Multiple Slash GET Request DoS
9023| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
9024| [872] Apache Tomcat Multiple Default Accounts
9025| [862] Apache HTTP Server SSI Error Page XSS
9026| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
9027| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
9028| [845] Apache Tomcat MSDOS Device XSS
9029| [844] Apache Tomcat Java Servlet Error Page XSS
9030| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
9031| [838] Apache HTTP Server Chunked Encoding Remote Overflow
9032| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
9033| [775] Apache mod_python Module Importing Privilege Function Execution
9034| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
9035| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
9036| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
9037| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
9038| [637] Apache HTTP Server UserDir Directive Username Enumeration
9039| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
9040| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
9041| [562] Apache HTTP Server mod_info /server-info Information Disclosure
9042| [561] Apache Web Servers mod_status /server-status Information Disclosure
9043| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
9044| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
9045| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
9046| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
9047| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
9048| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
9049| [376] Apache Tomcat contextAdmin Arbitrary File Access
9050| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
9051| [222] Apache HTTP Server test-cgi Arbitrary File Access
9052| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
9053| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
9054|_
9055110/tcp  open  pop3     Dovecot pop3d
9056| vulscan: VulDB - https://vuldb.com:
9057| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
9058| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
9059| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
9060| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
9061| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
9062| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
9063| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
9064| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
9065| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
9066| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
9067| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
9068| [69835] Dovecot 2.2.0/2.2.1 denial of service
9069| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
9070| [65684] Dovecot up to 2.2.6 unknown vulnerability
9071| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
9072| [63692] Dovecot up to 2.0.15 spoofing
9073| [7062] Dovecot 2.1.10 mail-search.c denial of service
9074| [57517] Dovecot up to 2.0.12 Login directory traversal
9075| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
9076| [57515] Dovecot up to 2.0.12 Crash denial of service
9077| [54944] Dovecot up to 1.2.14 denial of service
9078| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
9079| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
9080| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
9081| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
9082| [53277] Dovecot up to 1.2.10 denial of service
9083| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
9084| [45256] Dovecot up to 1.1.5 directory traversal
9085| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
9086| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9087| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9088| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
9089| [40356] Dovecot 1.0.9 Cache unknown vulnerability
9090| [38222] Dovecot 1.0.2 directory traversal
9091| [36376] Dovecot up to 1.0.x directory traversal
9092| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
9093| 
9094| MITRE CVE - https://cve.mitre.org:
9095| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
9096| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
9097| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
9098| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
9099| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
9100| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
9101| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
9102| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9103| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9104| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
9105| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
9106| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
9107| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
9108| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
9109| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9110| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
9111| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
9112| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
9113| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
9114| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
9115| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
9116| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
9117| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
9118| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
9119| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
9120| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
9121| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
9122| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
9123| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
9124| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
9125| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
9126| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
9127| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login.  NOTE: vector 2 might be related to a double free vulnerability.
9128| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
9129| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
9130| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
9131| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
9132| 
9133| SecurityFocus - https://www.securityfocus.com/bid/:
9134| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
9135| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
9136| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
9137| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
9138| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
9139| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
9140| [67306] Dovecot Denial of Service Vulnerability
9141| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
9142| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
9143| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
9144| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9145| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
9146| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9147| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9148| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9149| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9150| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9151| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9152| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9153| [39838] tpop3d Remote Denial of Service Vulnerability
9154| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9155| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9156| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9157| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9158| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9159| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9160| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9161| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9162| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9163| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9164| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9165| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9166| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9167| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9168| [17961] Dovecot Remote Information Disclosure Vulnerability
9169| [16672] Dovecot Double Free Denial of Service Vulnerability
9170| [8495] akpop3d User Name SQL Injection Vulnerability
9171| [8473] Vpop3d Remote Denial Of Service Vulnerability
9172| [3990] ZPop3D Bad Login Logging Failure Vulnerability
9173| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
9174| 
9175| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9176| [86382] Dovecot POP3 Service denial of service
9177| [84396] Dovecot IMAP APPEND denial of service
9178| [80453] Dovecot mail-search.c denial of service
9179| [71354] Dovecot SSL Common Name (CN) weak security
9180| [67675] Dovecot script-login security bypass
9181| [67674] Dovecot script-login directory traversal
9182| [67589] Dovecot header name denial of service
9183| [63267] Apple Mac OS X Dovecot information disclosure
9184| [62340] Dovecot mailbox security bypass
9185| [62339] Dovecot IMAP or POP3 denial of service
9186| [62256] Dovecot mailbox security bypass
9187| [62255] Dovecot ACL entry security bypass
9188| [60639] Dovecot ACL plugin weak security
9189| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9190| [56763] Dovecot header denial of service
9191| [54363] Dovecot base_dir privilege escalation
9192| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9193| [46323] Dovecot dovecot.conf information disclosure
9194| [46227] Dovecot message parsing denial of service
9195| [45669] Dovecot ACL mailbox security bypass
9196| [45667] Dovecot ACL plugin rights security bypass
9197| [41085] Dovecot TAB characters authentication bypass
9198| [41009] Dovecot mail_extra_groups option unauthorized access
9199| [39342] Dovecot LDAP auth cache configuration security bypass
9200| [35767] Dovecot ACL plugin security bypass
9201| [34082] Dovecot mbox-storage.c directory traversal
9202| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9203| [26578] Cyrus IMAP pop3d buffer overflow
9204| [26536] Dovecot IMAP LIST information disclosure
9205| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9206| [24709] Dovecot APPEND command denial of service
9207| [13018] akpop3d authentication code SQL injection
9208| [7345] Slackware Linux imapd and ipop3d core dump
9209| [6269] imap, ipop2d and ipop3d buffer overflows
9210| [5923] Linuxconf vpop3d symbolic link
9211| [4918] IPOP3D, Buffer overflow attack
9212| [1560] IPOP3D, user login successful
9213| [1559] IPOP3D user login to remote host successful
9214| [1525] IPOP3D, user logout
9215| [1524] IPOP3D, user auto-logout
9216| [1523] IPOP3D, user login failure
9217| [1522] IPOP3D, brute force attack
9218| [1521] IPOP3D, user kiss of death logout
9219| [418] pop3d mktemp creates insecure temporary files
9220| 
9221| Exploit-DB - https://www.exploit-db.com:
9222| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9223| [23053] Vpop3d Remote Denial of Service Vulnerability
9224| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9225| [11893] tPop3d 1.5.3 DoS
9226| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9227| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9228| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9229| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9230| 
9231| OpenVAS (Nessus) - http://www.openvas.org:
9232| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9233| [901025] Dovecot Version Detection
9234| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9235| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9236| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9237| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9238| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9239| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9240| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9241| [863272] Fedora Update for dovecot FEDORA-2011-7612
9242| [863115] Fedora Update for dovecot FEDORA-2011-7258
9243| [861525] Fedora Update for dovecot FEDORA-2007-664
9244| [861394] Fedora Update for dovecot FEDORA-2007-493
9245| [861333] Fedora Update for dovecot FEDORA-2007-1485
9246| [860845] Fedora Update for dovecot FEDORA-2008-9202
9247| [860663] Fedora Update for dovecot FEDORA-2008-2475
9248| [860169] Fedora Update for dovecot FEDORA-2008-2464
9249| [860089] Fedora Update for dovecot FEDORA-2008-9232
9250| [840950] Ubuntu Update for dovecot USN-1295-1
9251| [840668] Ubuntu Update for dovecot USN-1143-1
9252| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9253| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9254| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9255| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9256| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9257| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9258| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9259| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9260| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9261| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9262| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9263| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9264| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9265| [70259] FreeBSD Ports: dovecot
9266| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9267| [66522] FreeBSD Ports: dovecot
9268| [65010] Ubuntu USN-838-1 (dovecot)
9269| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9270| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9271| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9272| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9273| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9274| [62854] FreeBSD Ports: dovecot-managesieve
9275| [61916] FreeBSD Ports: dovecot
9276| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9277| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9278| [60528] FreeBSD Ports: dovecot
9279| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9280| [60089] FreeBSD Ports: dovecot
9281| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9282| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9283| 
9284| SecurityTracker - https://www.securitytracker.com:
9285| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9286| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9287| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9288| 
9289| OSVDB - http://www.osvdb.org:
9290| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9291| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9292| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9293| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9294| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9295| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9296| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9297| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9298| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9299| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9300| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9301| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9302| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9303| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9304| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9305| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9306| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9307| [66110] Dovecot Multiple Unspecified Buffer Overflows
9308| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9309| [64783] Dovecot E-mail Message Header Unspecified DoS
9310| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9311| [62796] Dovecot mbox Format Email Header Handling DoS
9312| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9313| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9314| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9315| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9316| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9317| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9318| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9319| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9320| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9321| [39876] Dovecot LDAP Auth Cache Security Bypass
9322| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9323| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9324| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9325| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9326| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9327| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9328| [23280] Dovecot Malformed APPEND Command DoS
9329| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
9330| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9331| [5857] Linux pop3d Arbitrary Mail File Access
9332| [2471] akpop3d username SQL Injection
9333|_
9334143/tcp  open  imap     Dovecot imapd
9335| vulscan: VulDB - https://vuldb.com:
9336| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
9337| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
9338| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
9339| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
9340| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
9341| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
9342| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
9343| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
9344| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
9345| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
9346| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
9347| [69835] Dovecot 2.2.0/2.2.1 denial of service
9348| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
9349| [65684] Dovecot up to 2.2.6 unknown vulnerability
9350| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
9351| [63692] Dovecot up to 2.0.15 spoofing
9352| [7062] Dovecot 2.1.10 mail-search.c denial of service
9353| [59792] Cyrus IMAPd 2.4.11 weak authentication
9354| [57517] Dovecot up to 2.0.12 Login directory traversal
9355| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
9356| [57515] Dovecot up to 2.0.12 Crash denial of service
9357| [54944] Dovecot up to 1.2.14 denial of service
9358| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
9359| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
9360| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
9361| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
9362| [53277] Dovecot up to 1.2.10 denial of service
9363| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
9364| [45256] Dovecot up to 1.1.5 directory traversal
9365| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
9366| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9367| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9368| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
9369| [40356] Dovecot 1.0.9 Cache unknown vulnerability
9370| [38222] Dovecot 1.0.2 directory traversal
9371| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
9372| [36376] Dovecot up to 1.0.x directory traversal
9373| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
9374| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
9375| 
9376| MITRE CVE - https://cve.mitre.org:
9377| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
9378| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
9379| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
9380| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
9381| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
9382| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
9383| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
9384| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
9385| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
9386| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
9387| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9388| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9389| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
9390| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
9391| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
9392| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
9393| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
9394| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9395| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
9396| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
9397| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
9398| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
9399| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
9400| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
9401| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
9402| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
9403| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
9404| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
9405| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command.  NOTE: this issue might overlap with CVE-2004-1211.
9406| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
9407| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
9408| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
9409| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
9410| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
9411| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
9412| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
9413| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
9414| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
9415| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
9416| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
9417| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
9418| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
9419| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
9420| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login.  NOTE: vector 2 might be related to a double free vulnerability.
9421| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
9422| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
9423| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
9424| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
9425| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
9426| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
9427| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
9428| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
9429| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
9430| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
9431| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
9432| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
9433| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
9434| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
9435| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
9436| 
9437| SecurityFocus - https://www.securityfocus.com/bid/:
9438| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
9439| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
9440| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
9441| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
9442| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
9443| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
9444| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
9445| [67306] Dovecot Denial of Service Vulnerability
9446| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
9447| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
9448| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
9449| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9450| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
9451| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9452| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
9453| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9454| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
9455| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9456| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9457| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9458| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9459| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9460| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9461| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9462| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9463| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9464| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9465| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9466| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9467| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9468| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9469| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
9470| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
9471| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9472| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9473| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
9474| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9475| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9476| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9477| [17961] Dovecot Remote Information Disclosure Vulnerability
9478| [16672] Dovecot Double Free Denial of Service Vulnerability
9479| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
9480| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
9481| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
9482| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
9483| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
9484| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
9485| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
9486| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
9487| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
9488| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
9489| [130] imapd Buffer Overflow Vulnerability
9490| 
9491| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9492| [86382] Dovecot POP3 Service denial of service
9493| [84396] Dovecot IMAP APPEND denial of service
9494| [80453] Dovecot mail-search.c denial of service
9495| [71354] Dovecot SSL Common Name (CN) weak security
9496| [70325] Cyrus IMAPd NNTP security bypass
9497| [67675] Dovecot script-login security bypass
9498| [67674] Dovecot script-login directory traversal
9499| [67589] Dovecot header name denial of service
9500| [63267] Apple Mac OS X Dovecot information disclosure
9501| [62340] Dovecot mailbox security bypass
9502| [62339] Dovecot IMAP or POP3 denial of service
9503| [62256] Dovecot mailbox security bypass
9504| [62255] Dovecot ACL entry security bypass
9505| [60639] Dovecot ACL plugin weak security
9506| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9507| [56763] Dovecot header denial of service
9508| [54363] Dovecot base_dir privilege escalation
9509| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9510| [47526] UW-imapd rfc822_output_char() denial of service
9511| [46323] Dovecot dovecot.conf information disclosure
9512| [46227] Dovecot message parsing denial of service
9513| [45669] Dovecot ACL mailbox security bypass
9514| [45667] Dovecot ACL plugin rights security bypass
9515| [41085] Dovecot TAB characters authentication bypass
9516| [41009] Dovecot mail_extra_groups option unauthorized access
9517| [39342] Dovecot LDAP auth cache configuration security bypass
9518| [35767] Dovecot ACL plugin security bypass
9519| [34082] Dovecot mbox-storage.c directory traversal
9520| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9521| [26536] Dovecot IMAP LIST information disclosure
9522| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9523| [24709] Dovecot APPEND command denial of service
9524| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
9525| [19460] Cyrus IMAP imapd buffer overflow
9526| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
9527| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
9528| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
9529| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
9530| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
9531| [7345] Slackware Linux imapd and ipop3d core dump
9532| [573] Imapd denial of service
9533| 
9534| Exploit-DB - https://www.exploit-db.com:
9535| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
9536| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9537| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
9538| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
9539| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
9540| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
9541| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
9542| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
9543| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
9544| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
9545| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
9546| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9547| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
9548| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
9549| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
9550| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
9551| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
9552| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
9553| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9554| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
9555| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
9556| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
9557| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9558| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9559| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9560| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
9561| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
9562| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
9563| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
9564| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
9565| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
9566| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
9567| [340] Linux imapd Remote Overflow File Retrieve Exploit
9568| 
9569| OpenVAS (Nessus) - http://www.openvas.org:
9570| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9571| [901025] Dovecot Version Detection
9572| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
9573| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
9574| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9575| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
9576| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
9577| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9578| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
9579| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
9580| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
9581| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
9582| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
9583| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9584| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
9585| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9586| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
9587| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
9588| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
9589| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
9590| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
9591| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9592| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
9593| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
9594| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9595| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
9596| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9597| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
9598| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
9599| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
9600| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
9601| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
9602| [863272] Fedora Update for dovecot FEDORA-2011-7612
9603| [863115] Fedora Update for dovecot FEDORA-2011-7258
9604| [861525] Fedora Update for dovecot FEDORA-2007-664
9605| [861394] Fedora Update for dovecot FEDORA-2007-493
9606| [861333] Fedora Update for dovecot FEDORA-2007-1485
9607| [860845] Fedora Update for dovecot FEDORA-2008-9202
9608| [860663] Fedora Update for dovecot FEDORA-2008-2475
9609| [860169] Fedora Update for dovecot FEDORA-2008-2464
9610| [860089] Fedora Update for dovecot FEDORA-2008-9232
9611| [840950] Ubuntu Update for dovecot USN-1295-1
9612| [840668] Ubuntu Update for dovecot USN-1143-1
9613| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9614| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9615| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9616| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9617| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9618| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
9619| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
9620| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
9621| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9622| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9623| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
9624| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9625| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9626| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9627| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9628| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
9629| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9630| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9631| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
9632| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
9633| [70259] FreeBSD Ports: dovecot
9634| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
9635| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9636| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
9637| [66522] FreeBSD Ports: dovecot
9638| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
9639| [66233] SLES10: Security update for Cyrus IMAPD
9640| [66226] SLES11: Security update for Cyrus IMAPD
9641| [66222] SLES9: Security update for Cyrus IMAPD
9642| [65938] SLES10: Security update for Cyrus IMAPD
9643| [65723] SLES11: Security update for Cyrus IMAPD
9644| [65523] SLES9: Security update for Cyrus IMAPD
9645| [65479] SLES9: Security update for cyrus-imapd
9646| [65094] SLES9: Security update for cyrus-imapd
9647| [65010] Ubuntu USN-838-1 (dovecot)
9648| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
9649| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9650| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
9651| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
9652| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
9653| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9654| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9655| [64898] FreeBSD Ports: cyrus-imapd
9656| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
9657| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9658| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
9659| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
9660| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
9661| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
9662| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9663| [62854] FreeBSD Ports: dovecot-managesieve
9664| [61916] FreeBSD Ports: dovecot
9665| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9666| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9667| [60528] FreeBSD Ports: dovecot
9668| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9669| [60089] FreeBSD Ports: dovecot
9670| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9671| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9672| [55807] Slackware Advisory SSA:2005-310-06 imapd
9673| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
9674| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
9675| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
9676| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
9677| [52297] FreeBSD Ports: cyrus-imapd
9678| [52296] FreeBSD Ports: cyrus-imapd
9679| [52295] FreeBSD Ports: cyrus-imapd
9680| [52294] FreeBSD Ports: cyrus-imapd
9681| [52172] FreeBSD Ports: cyrus-imapd
9682| 
9683| SecurityTracker - https://www.securitytracker.com:
9684| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9685| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9686| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9687| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
9688| 
9689| OSVDB - http://www.osvdb.org:
9690| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9691| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9692| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9693| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9694| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
9695| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9696| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
9697| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9698| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9699| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9700| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9701| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9702| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9703| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9704| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9705| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9706| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9707| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9708| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9709| [66110] Dovecot Multiple Unspecified Buffer Overflows
9710| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9711| [64783] Dovecot E-mail Message Header Unspecified DoS
9712| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9713| [62796] Dovecot mbox Format Email Header Handling DoS
9714| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9715| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9716| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
9717| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
9718| [52906] UW-imapd c-client Initial Request Remote Format String
9719| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
9720| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
9721| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9722| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9723| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
9724| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
9725| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9726| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9727| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9728| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9729| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9730| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
9731| [39876] Dovecot LDAP Auth Cache Security Bypass
9732| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
9733| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9734| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9735| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
9736| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
9737| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
9738| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9739| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9740| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9741| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9742| [23280] Dovecot Malformed APPEND Command DoS
9743| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
9744| [13242] UW-imapd CRAM-MD5 Authentication Bypass
9745| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
9746| [12042] UoW imapd Multiple Unspecified Overflows
9747| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
9748| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9749| [911] UoW imapd AUTHENTICATE Command Remote Overflow
9750| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
9751| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
9752|_
9753443/tcp  open  ssl/http Apache httpd
9754| vulscan: VulDB - https://vuldb.com:
9755| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
9756| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
9757| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
9758| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
9759| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
9760| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
9761| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
9762| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
9763| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
9764| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
9765| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
9766| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
9767| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
9768| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
9769| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
9770| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
9771| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
9772| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
9773| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
9774| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
9775| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
9776| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
9777| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
9778| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
9779| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9780| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
9781| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
9782| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
9783| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
9784| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
9785| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
9786| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
9787| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9788| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9789| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
9790| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9791| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
9792| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
9793| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
9794| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
9795| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9796| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9797| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
9798| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
9799| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
9800| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9801| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9802| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
9803| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
9804| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9805| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9806| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
9807| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
9808| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
9809| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
9810| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
9811| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
9812| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
9813| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
9814| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
9815| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
9816| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9817| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9818| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
9819| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
9820| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9821| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
9822| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
9823| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
9824| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
9825| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
9826| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
9827| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
9828| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
9829| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
9830| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
9831| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
9832| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
9833| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
9834| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
9835| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
9836| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
9837| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
9838| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
9839| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
9840| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
9841| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
9842| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
9843| [136370] Apache Fineract up to 1.2.x sql injection
9844| [136369] Apache Fineract up to 1.2.x sql injection
9845| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
9846| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
9847| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
9848| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
9849| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
9850| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9851| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9852| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9853| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9854| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9855| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9856| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9857| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9858| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9859| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9860| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9861| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9862| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9863| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9864| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9865| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9866| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9867| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9868| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9869| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9870| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9871| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9872| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9873| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9874| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9875| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9876| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9877| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9878| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9879| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9880| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9881| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9882| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9883| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9884| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9885| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9886| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9887| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9888| [130629] Apache Guacamole Cookie Flag weak encryption
9889| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9890| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9891| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9892| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9893| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9894| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9895| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9896| [130123] Apache Airflow up to 1.8.2 information disclosure
9897| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9898| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9899| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9900| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9901| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9902| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9903| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9904| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9905| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9906| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9907| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9908| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9909| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9910| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9911| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9912| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9913| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9914| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9915| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9916| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9917| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9918| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9919| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9920| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9921| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9922| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9923| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9924| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9925| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9926| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9927| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9928| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9929| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9930| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9931| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9932| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9933| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9934| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9935| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9936| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9937| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9938| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9939| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9940| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9941| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9942| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9943| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9944| [127007] Apache Spark Request Code Execution
9945| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9946| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9947| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9948| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9949| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9950| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9951| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9952| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9953| [126346] Apache Tomcat Path privilege escalation
9954| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9955| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9956| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9957| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9958| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9959| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9960| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9961| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9962| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9963| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9964| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9965| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9966| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9967| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9968| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9969| [125383] Oracle up to  10.2.0 Apache Trinidad unknown vulnerability
9970| [125379] Oracle up to  10.1.x Apache Struts 1 cross site scripting
9971| [125377] Oracle up to  10.2.0 Apache Commons Collections unknown vulnerability
9972| [125376] Oracle Communications Application Session Controller up to  3.7.0 Apache Commons Collections unknown vulnerability
9973| [125375] Oracle Communications User Data Repository up to  12.1.x Apache Xerces memory corruption
9974| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9975| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9976| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9977| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9978| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9979| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9980| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9981| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9982| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9983| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9984| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9985| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9986| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9987| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9988| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9989| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9990| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9991| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9992| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9993| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9994| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9995| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9996| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9997| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9998| [123197] Apache Sentry up to 2.0.0 privilege escalation
9999| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
10000| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
10001| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
10002| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
10003| [122800] Apache Spark 1.3.0 REST API weak authentication
10004| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
10005| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
10006| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
10007| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
10008| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
10009| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
10010| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
10011| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
10012| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
10013| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
10014| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
10015| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
10016| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
10017| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
10018| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
10019| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
10020| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
10021| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
10022| [121354] Apache CouchDB HTTP API Code Execution
10023| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
10024| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
10025| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
10026| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
10027| [120168] Apache CXF weak authentication
10028| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
10029| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
10030| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
10031| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
10032| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
10033| [119306] Apache MXNet Network Interface privilege escalation
10034| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
10035| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
10036| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
10037| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
10038| [118143] Apache NiFi activemq-client Library Deserialization denial of service
10039| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
10040| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
10041| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
10042| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
10043| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
10044| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
10045| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
10046| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
10047| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
10048| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
10049| [117115] Apache Tika up to 1.17 tika-server command injection
10050| [116929] Apache Fineract getReportType Parameter privilege escalation
10051| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
10052| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
10053| [116926] Apache Fineract REST Parameter privilege escalation
10054| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
10055| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
10056| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
10057| [115883] Apache Hive up to 2.3.2 privilege escalation
10058| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
10059| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
10060| [115518] Apache Ignite 2.3 Deserialization privilege escalation
10061| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
10062| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
10063| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
10064| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
10065| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
10066| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
10067| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
10068| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
10069| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
10070| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
10071| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
10072| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
10073| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
10074| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
10075| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
10076| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
10077| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
10078| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
10079| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
10080| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
10081| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
10082| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
10083| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
10084| [113895] Apache Geode up to 1.3.x Code Execution
10085| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
10086| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
10087| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
10088| [113747] Apache Tomcat Servlets privilege escalation
10089| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
10090| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
10091| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
10092| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
10093| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
10094| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
10095| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
10096| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
10097| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
10098| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
10099| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
10100| [112885] Apache Allura up to 1.8.0 File information disclosure
10101| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
10102| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
10103| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
10104| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
10105| [112625] Apache POI up to 3.16 Loop denial of service
10106| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
10107| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
10108| [112339] Apache NiFi 1.5.0 Header privilege escalation
10109| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
10110| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
10111| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
10112| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
10113| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
10114| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
10115| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
10116| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
10117| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
10118| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
10119| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
10120| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
10121| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
10122| [112114] Oracle 9.1 Apache Log4j privilege escalation
10123| [112113] Oracle 9.1 Apache Log4j privilege escalation
10124| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
10125| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
10126| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
10127| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
10128| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
10129| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
10130| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
10131| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
10132| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
10133| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
10134| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
10135| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
10136| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
10137| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
10138| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
10139| [110701] Apache Fineract Query Parameter sql injection
10140| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
10141| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
10142| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
10143| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
10144| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
10145| [110106] Apache CXF Fediz Spring cross site request forgery
10146| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
10147| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
10148| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
10149| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
10150| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
10151| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
10152| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
10153| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
10154| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
10155| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
10156| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
10157| [108938] Apple macOS up to 10.13.1 apache denial of service
10158| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
10159| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
10160| [108935] Apple macOS up to 10.13.1 apache denial of service
10161| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
10162| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
10163| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
10164| [108931] Apple macOS up to 10.13.1 apache denial of service
10165| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
10166| [108929] Apple macOS up to 10.13.1 apache denial of service
10167| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
10168| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
10169| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
10170| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
10171| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
10172| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
10173| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
10174| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
10175| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
10176| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
10177| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
10178| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
10179| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
10180| [108782] Apache Xerces2 XML Service denial of service
10181| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
10182| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
10183| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
10184| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
10185| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
10186| [108629] Apache OFBiz up to 10.04.01 privilege escalation
10187| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
10188| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
10189| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
10190| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
10191| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
10192| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
10193| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
10194| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
10195| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
10196| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
10197| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
10198| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
10199| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
10200| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
10201| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
10202| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
10203| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
10204| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
10205| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
10206| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
10207| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
10208| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
10209| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
10210| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
10211| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
10212| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
10213| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
10214| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
10215| [107639] Apache NiFi 1.4.0 XML External Entity
10216| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
10217| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
10218| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
10219| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
10220| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
10221| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
10222| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
10223| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
10224| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
10225| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
10226| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
10227| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
10228| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
10229| [107197] Apache Xerces Jelly Parser XML File XML External Entity
10230| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
10231| [107084] Apache Struts up to 2.3.19 cross site scripting
10232| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
10233| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
10234| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
10235| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
10236| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
10237| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
10238| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
10239| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
10240| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
10241| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
10242| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
10243| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
10244| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
10245| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
10246| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
10247| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
10248| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
10249| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
10250| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
10251| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
10252| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
10253| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
10254| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
10255| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
10256| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
10257| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
10258| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
10259| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
10260| [105878] Apache Struts up to 2.3.24.0 privilege escalation
10261| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
10262| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
10263| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
10264| [105643] Apache Pony Mail up to 0.8b weak authentication
10265| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
10266| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
10267| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
10268| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
10269| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
10270| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
10271| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
10272| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
10273| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
10274| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
10275| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
10276| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
10277| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
10278| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
10279| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
10280| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
10281| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
10282| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
10283| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
10284| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
10285| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
10286| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
10287| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
10288| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
10289| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
10290| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
10291| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
10292| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
10293| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
10294| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
10295| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
10296| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
10297| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
10298| [103690] Apache OpenMeetings 1.0.0 sql injection
10299| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
10300| [103688] Apache OpenMeetings 1.0.0 weak encryption
10301| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
10302| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
10303| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
10304| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
10305| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
10306| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
10307| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
10308| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
10309| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
10310| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
10311| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
10312| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
10313| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
10314| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
10315| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
10316| [103352] Apache Solr Node weak authentication
10317| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
10318| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
10319| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
10320| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
10321| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
10322| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
10323| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
10324| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
10325| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
10326| [102536] Apache Ranger up to 0.6 Stored cross site scripting
10327| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
10328| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
10329| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
10330| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
10331| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
10332| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
10333| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
10334| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
10335| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
10336| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
10337| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
10338| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
10339| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
10340| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
10341| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
10342| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
10343| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
10344| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
10345| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
10346| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
10347| [99937] Apache Batik up to 1.8 privilege escalation
10348| [99936] Apache FOP up to 2.1 privilege escalation
10349| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
10350| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
10351| [99930] Apache Traffic Server up to 6.2.0 denial of service
10352| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
10353| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
10354| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
10355| [117569] Apache Hadoop up to 2.7.3 privilege escalation
10356| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
10357| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
10358| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
10359| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
10360| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
10361| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
10362| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
10363| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
10364| [99014] Apache Camel Jackson/JacksonXML privilege escalation
10365| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10366| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
10367| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10368| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
10369| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
10370| [98605] Apple macOS up to 10.12.3 Apache denial of service
10371| [98604] Apple macOS up to 10.12.3 Apache denial of service
10372| [98603] Apple macOS up to 10.12.3 Apache denial of service
10373| [98602] Apple macOS up to 10.12.3 Apache denial of service
10374| [98601] Apple macOS up to 10.12.3 Apache denial of service
10375| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
10376| [98405] Apache Hadoop up to 0.23.10 privilege escalation
10377| [98199] Apache Camel Validation XML External Entity
10378| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
10379| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
10380| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
10381| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
10382| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
10383| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
10384| [97081] Apache Tomcat HTTPS Request denial of service
10385| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
10386| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
10387| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
10388| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
10389| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
10390| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
10391| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
10392| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
10393| [95311] Apache Storm UI Daemon privilege escalation
10394| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
10395| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
10396| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
10397| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
10398| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
10399| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
10400| [94540] Apache Tika 1.9 tika-server File information disclosure
10401| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
10402| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
10403| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
10404| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
10405| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
10406| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
10407| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10408| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10409| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
10410| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
10411| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
10412| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
10413| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
10414| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
10415| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10416| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10417| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
10418| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
10419| [93532] Apache Commons Collections Library Java privilege escalation
10420| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
10421| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
10422| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
10423| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
10424| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
10425| [93098] Apache Commons FileUpload privilege escalation
10426| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
10427| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
10428| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
10429| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
10430| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
10431| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
10432| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
10433| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
10434| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
10435| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
10436| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
10437| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
10438| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
10439| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
10440| [92549] Apache Tomcat on Red Hat privilege escalation
10441| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
10442| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
10443| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
10444| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
10445| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
10446| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
10447| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
10448| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
10449| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
10450| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
10451| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
10452| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
10453| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
10454| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
10455| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
10456| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
10457| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
10458| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
10459| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
10460| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
10461| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
10462| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
10463| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
10464| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
10465| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
10466| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
10467| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
10468| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
10469| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
10470| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
10471| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
10472| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
10473| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
10474| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
10475| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
10476| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
10477| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
10478| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
10479| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
10480| [90263] Apache Archiva Header denial of service
10481| [90262] Apache Archiva Deserialize privilege escalation
10482| [90261] Apache Archiva XML DTD Connection privilege escalation
10483| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
10484| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
10485| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
10486| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
10487| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10488| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10489| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
10490| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
10491| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
10492| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
10493| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
10494| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
10495| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
10496| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
10497| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
10498| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
10499| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
10500| [87765] Apache James Server 2.3.2 Command privilege escalation
10501| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
10502| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
10503| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
10504| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
10505| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
10506| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
10507| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
10508| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
10509| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
10510| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10511| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10512| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
10513| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
10514| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
10515| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10516| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10517| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
10518| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
10519| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
10520| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
10521| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
10522| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
10523| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
10524| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
10525| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
10526| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
10527| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
10528| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
10529| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
10530| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
10531| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
10532| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
10533| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
10534| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
10535| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
10536| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
10537| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
10538| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
10539| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
10540| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
10541| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
10542| [82076] Apache Ranger up to 0.5.1 privilege escalation
10543| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
10544| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
10545| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
10546| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
10547| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
10548| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
10549| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
10550| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
10551| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
10552| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
10553| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
10554| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
10555| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10556| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10557| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
10558| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
10559| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
10560| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
10561| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
10562| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
10563| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
10564| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
10565| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
10566| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
10567| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
10568| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
10569| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
10570| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
10571| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
10572| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
10573| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
10574| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
10575| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
10576| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
10577| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
10578| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
10579| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
10580| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
10581| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
10582| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
10583| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
10584| [79791] Cisco Products Apache Commons Collections Library privilege escalation
10585| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10586| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10587| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
10588| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
10589| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
10590| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
10591| [78989] Apache Ambari up to 2.1.1 Open Redirect
10592| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
10593| [78987] Apache Ambari up to 2.0.x cross site scripting
10594| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
10595| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10596| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10597| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10598| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10599| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10600| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10601| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10602| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
10603| [77406] Apache Flex BlazeDS AMF Message XML External Entity
10604| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
10605| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
10606| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
10607| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
10608| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
10609| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
10610| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
10611| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
10612| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
10613| [76567] Apache Struts 2.3.20 unknown vulnerability
10614| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
10615| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
10616| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
10617| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
10618| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
10619| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
10620| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
10621| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
10622| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
10623| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
10624| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
10625| [74793] Apache Tomcat File Upload denial of service
10626| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
10627| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
10628| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
10629| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
10630| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
10631| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
10632| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
10633| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
10634| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
10635| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
10636| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
10637| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
10638| [74468] Apache Batik up to 1.6 denial of service
10639| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
10640| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
10641| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
10642| [74174] Apache WSS4J up to 2.0.0 privilege escalation
10643| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
10644| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
10645| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
10646| [73731] Apache XML Security unknown vulnerability
10647| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
10648| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
10649| [73593] Apache Traffic Server up to 5.1.0 denial of service
10650| [73511] Apache POI up to 3.10 Deadlock denial of service
10651| [73510] Apache Solr up to 4.3.0 cross site scripting
10652| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
10653| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
10654| [73173] Apache CloudStack Stack-Based unknown vulnerability
10655| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
10656| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
10657| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
10658| [72890] Apache Qpid 0.30 unknown vulnerability
10659| [72887] Apache Hive 0.13.0 File Permission privilege escalation
10660| [72878] Apache Cordova 3.5.0 cross site request forgery
10661| [72877] Apache Cordova 3.5.0 cross site request forgery
10662| [72876] Apache Cordova 3.5.0 cross site request forgery
10663| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
10664| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
10665| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
10666| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
10667| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10668| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10669| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
10670| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
10671| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
10672| [71629] Apache Axis2/C spoofing
10673| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
10674| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
10675| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
10676| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
10677| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
10678| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10679| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10680| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10681| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10682| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10683| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10684| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10685| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10686| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10687| [70809] Apache POI up to 3.11 Crash denial of service
10688| [70808] Apache POI up to 3.10 unknown vulnerability
10689| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10690| [70749] Apache Axis up to 1.4 getCN spoofing
10691| [70701] Apache Traffic Server up to 3.3.5 denial of service
10692| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10693| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10694| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10695| [70661] Apache Subversion up to 1.6.17 denial of service
10696| [70660] Apache Subversion up to 1.6.17 spoofing
10697| [70659] Apache Subversion up to 1.6.17 spoofing
10698| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10699| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10700| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10701| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10702| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10703| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10704| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10705| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10706| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10707| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10708| [69846] Apache HBase up to 0.94.8 information disclosure
10709| [69783] Apache CouchDB up to 1.2.0 memory corruption
10710| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10711| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
10712| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10713| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10714| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10715| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10716| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10717| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10718| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10719| [69431] Apache Archiva up to 1.3.6 cross site scripting
10720| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10721| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10722| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
10723| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10724| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10725| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10726| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10727| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10728| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10729| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10730| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10731| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10732| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10733| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10734| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10735| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10736| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10737| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10738| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10739| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10740| [66356] Apache Wicket up to 6.8.0 information disclosure
10741| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10742| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10743| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10744| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10745| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10746| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10747| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10748| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10749| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10750| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10751| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10752| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10753| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10754| [65668] Apache Solr 4.0.0 Updater denial of service
10755| [65665] Apache Solr up to 4.3.0 denial of service
10756| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10757| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10758| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10759| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10760| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10761| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10762| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10763| [65410] Apache Struts 2.3.15.3 cross site scripting
10764| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10765| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10766| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10767| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10768| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10769| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10770| [65340] Apache Shindig 2.5.0 information disclosure
10771| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10772| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10773| [10826] Apache Struts 2 File privilege escalation
10774| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10775| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10776| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10777| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10778| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
10779| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10780| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10781| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10782| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10783| [64722] Apache XML Security for C++ Heap-based memory corruption
10784| [64719] Apache XML Security for C++ Heap-based memory corruption
10785| [64718] Apache XML Security for C++ verify denial of service
10786| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10787| [64716] Apache XML Security for C++ spoofing
10788| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10789| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10790| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10791| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10792| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10793| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10794| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10795| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10796| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10797| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10798| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10799| [64467] Apache Geronimo 3.0 memory corruption
10800| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10801| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10802| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10803| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10804| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10805| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10806| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10807| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10808| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10809| [8873] Apache Struts 2.3.14 privilege escalation
10810| [8872] Apache Struts 2.3.14 privilege escalation
10811| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10812| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10813| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10814| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10815| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10816| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10817| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10818| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10819| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10820| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10821| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10822| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10823| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10824| [8427] Apache Tomcat Session Transaction weak authentication
10825| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10826| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10827| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10828| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10829| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10830| [63747] Apache Rave up to 0.20 User Account information disclosure
10831| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10832| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10833| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10834| [7687] Apache CXF up to 2.7.2 Token weak authentication
10835| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10836| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10837| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10838| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10839| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10840| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10841| [63090] Apache Tomcat up to 4.1.24 denial of service
10842| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10843| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10844| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10845| [62833] Apache CXF -/2.6.0 spoofing
10846| [62832] Apache Axis2 up to 1.6.2 spoofing
10847| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10848| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10849| [62826] Apache Libcloud up to 0.11.0 spoofing
10850| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10851| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10852| [62661] Apache Axis2 unknown vulnerability
10853| [62658] Apache Axis2 unknown vulnerability
10854| [62467] Apache Qpid up to 0.17 denial of service
10855| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10856| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10857| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10858| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10859| [62035] Apache Struts up to 2.3.4 denial of service
10860| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
10861| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10862| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10863| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10864| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10865| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10866| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10867| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10868| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10869| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10870| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10871| [61229] Apache Sling up to 2.1.1 denial of service
10872| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10873| [61094] Apache Roller up to 5.0 cross site scripting
10874| [61093] Apache Roller up to 5.0 cross site request forgery
10875| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10876| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10877| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
10878| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10879| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10880| [60708] Apache Qpid 0.12 unknown vulnerability
10881| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10882| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10883| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10884| [4882] Apache Wicket up to 1.5.4 directory traversal
10885| [4881] Apache Wicket up to 1.4.19 cross site scripting
10886| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10887| [60352] Apache Struts up to 2.2.3 memory corruption
10888| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10889| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10890| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10891| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10892| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10893| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10894| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10895| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10896| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10897| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10898| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10899| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10900| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10901| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10902| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10903| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10904| [59888] Apache Tomcat up to 6.0.6 denial of service
10905| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10906| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10907| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
10908| [59850] Apache Geronimo up to 2.2.1 denial of service
10909| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10910| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10911| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10912| [58413] Apache Tomcat up to 6.0.10 spoofing
10913| [58381] Apache Wicket up to 1.4.17 cross site scripting
10914| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10915| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10916| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10917| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10918| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10919| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10920| [57568] Apache Archiva up to 1.3.4 cross site scripting
10921| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10922| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10923| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10924| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10925| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10926| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10927| [57025] Apache Tomcat up to 7.0.11 information disclosure
10928| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10929| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10930| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10931| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10932| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10933| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10934| [56512] Apache Continuum up to 1.4.0 cross site scripting
10935| [4285] Apache Tomcat 5.x JVM getLocale denial of service
10936| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
10937| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10938| [56441] Apache Tomcat up to 7.0.6 denial of service
10939| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10940| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10941| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10942| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10943| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10944| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10945| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10946| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10947| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10948| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10949| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10950| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10951| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10952| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10953| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10954| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10955| [54012] Apache Tomcat up to 6.0.10 denial of service
10956| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10957| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10958| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10959| [52894] Apache Tomcat up to 6.0.7 information disclosure
10960| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10961| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10962| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10963| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10964| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10965| [52584] Apache CouchDB up to 0.10.1 information disclosure
10966| [51757] Apache HTTP Server 2.0.44 cross site scripting
10967| [51756] Apache HTTP Server 2.0.44 spoofing
10968| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10969| [51690] Apache Tomcat up to 6.0 directory traversal
10970| [51689] Apache Tomcat up to 6.0 information disclosure
10971| [51688] Apache Tomcat up to 6.0 directory traversal
10972| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10973| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10974| [50626] Apache Solr 1.0.0 cross site scripting
10975| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10976| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10977| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10978| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10979| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10980| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10981| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10982| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10983| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10984| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10985| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10986| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10987| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10988| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10989| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10990| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10991| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10992| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10993| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10994| [47214] Apachefriends xampp 1.6.8 spoofing
10995| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10996| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10997| [47065] Apache Tomcat 4.1.23 cross site scripting
10998| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10999| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
11000| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
11001| [86625] Apache Struts directory traversal
11002| [44461] Apache Tomcat up to 5.5.0 information disclosure
11003| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
11004| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
11005| [43663] Apache Tomcat up to 6.0.16 directory traversal
11006| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
11007| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
11008| [43516] Apache Tomcat up to 4.1.20 directory traversal
11009| [43509] Apache Tomcat up to 6.0.13 cross site scripting
11010| [42637] Apache Tomcat up to 6.0.16 cross site scripting
11011| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
11012| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
11013| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
11014| [40924] Apache Tomcat up to 6.0.15 information disclosure
11015| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
11016| [40922] Apache Tomcat up to 6.0 information disclosure
11017| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
11018| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
11019| [40656] Apache Tomcat 5.5.20 information disclosure
11020| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
11021| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
11022| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
11023| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
11024| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
11025| [40234] Apache Tomcat up to 6.0.15 directory traversal
11026| [40221] Apache HTTP Server 2.2.6 information disclosure
11027| [40027] David Castro Apache Authcas 0.4 sql injection
11028| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
11029| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
11030| [3414] Apache Tomcat WebDAV Stored privilege escalation
11031| [39489] Apache Jakarta Slide up to 2.1 directory traversal
11032| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
11033| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
11034| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
11035| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
11036| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
11037| [38524] Apache Geronimo 2.0 unknown vulnerability
11038| [3256] Apache Tomcat up to 6.0.13 cross site scripting
11039| [38331] Apache Tomcat 4.1.24 information disclosure
11040| [38330] Apache Tomcat 4.1.24 information disclosure
11041| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
11042| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
11043| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
11044| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
11045| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
11046| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
11047| [37292] Apache Tomcat up to 5.5.1 cross site scripting
11048| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
11049| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
11050| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
11051| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
11052| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
11053| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
11054| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
11055| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
11056| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
11057| [36225] XAMPP Apache Distribution 1.6.0a sql injection
11058| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
11059| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
11060| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
11061| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
11062| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
11063| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
11064| [34252] Apache HTTP Server denial of service
11065| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
11066| [33877] Apache Opentaps 0.9.3 cross site scripting
11067| [33876] Apache Open For Business Project unknown vulnerability
11068| [33875] Apache Open For Business Project cross site scripting
11069| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
11070| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
11071| 
11072| MITRE CVE - https://cve.mitre.org:
11073| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
11074| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
11075| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
11076| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
11077| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
11078| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
11079| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
11080| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
11081| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
11082| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
11083| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
11084| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
11085| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
11086| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
11087| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
11088| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
11089| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
11090| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
11091| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
11092| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
11093| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
11094| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
11095| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
11096| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
11097| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
11098| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
11099| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
11100| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
11101| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
11102| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
11103| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11104| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
11105| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
11106| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
11107| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
11108| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
11109| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
11110| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js.  NOTE: AMQ-4124 is covered by CVE-2012-6551.
11111| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
11112| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
11113| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
11114| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11115| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11116| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11117| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11118| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
11119| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
11120| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
11121| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
11122| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
11123| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
11124| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
11125| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
11126| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
11127| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
11128| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
11129| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.  NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
11130| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
11131| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
11132| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
11133| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
11134| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
11135| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
11136| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
11137| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11138| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
11139| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
11140| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
11141| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
11142| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
11143| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
11144| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
11145| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
11146| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
11147| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
11148| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
11149| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
11150| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
11151| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
11152| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
11153| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
11154| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
11155| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
11156| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
11157| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
11158| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
11159| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
11160| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
11161| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
11162| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
11163| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
11164| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
11165| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
11166| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
11167| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
11168| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
11169| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
11170| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
11171| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
11172| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
11173| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
11174| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
11175| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors.  NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
11176| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
11177| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
11178| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
11179| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
11180| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
11181| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
11182| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
11183| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
11184| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
11185| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
11186| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
11187| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
11188| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
11189| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
11190| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces.  NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
11191| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.  NOTE: this might overlap CVE-2011-4461.
11192| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
11193| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
11194| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
11195| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
11196| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
11197| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
11198| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
11199| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
11200| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
11201| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
11202| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
11203| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
11204| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
11205| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
11206| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
11207| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
11208| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
11209| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
11210| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
11211| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
11212| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.  NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
11213| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
11214| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
11215| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
11216| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
11217| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
11218| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
11219| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
11220| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
11221| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
11222| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
11223| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
11224| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
11225| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
11226| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
11227| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
11228| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
11229| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
11230| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
11231| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
11232| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
11233| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
11234| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
11235| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
11236| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11237| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
11238| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
11239| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
11240| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
11241| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
11242| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
11243| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
11244| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
11245| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
11246| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
11247| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
11248| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
11249| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
11250| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
11251| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
11252| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11253| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
11254| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
11255| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
11256| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
11257| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
11258| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.  NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
11259| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
11260| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
11261| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
11262| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter.  NOTE: some of these details are obtained from third party information.
11263| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
11264| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
11265| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
11266| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
11267| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
11268| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
11269| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
11270| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
11271| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting.  NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
11272| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
11273| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
11274| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
11275| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
11276| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
11277| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
11278| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
11279| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
11280| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/.  NOTE: some of these details are obtained from third party information.
11281| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
11282| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
11283| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
11284| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
11285| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
11286| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
11287| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
11288| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
11289| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
11290| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
11291| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
11292| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
11293| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11294| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
11295| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
11296| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
11297| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
11298| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
11299| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
11300| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
11301| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
11302| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
11303| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
11304| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
11305| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
11306| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
11307| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
11308| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
11309| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
11310| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
11311| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
11312| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
11313| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
11314| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
11315| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
11316| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
11317| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
11318| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
11319| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
11320| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
11321| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
11322| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
11323| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
11324| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
11325| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
11326| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
11327| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
11328| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
11329| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
11330| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
11331| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
11332| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
11333| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
11334| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
11335| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
11336| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
11337| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
11338| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
11339| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
11340| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
11341| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
11342| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11343| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
11344| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
11345| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
11346| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
11347| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
11348| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
11349| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
11350| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory.  NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
11351| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
11352| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
11353| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
11354| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
11355| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
11356| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
11357| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
11358| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
11359| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
11360| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
11361| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
11362| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
11363| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
11364| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
11365| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
11366| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11367| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11368| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
11369| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
11370| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
11371| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
11372| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
11373| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
11374| [CVE-2007-6423] ** DISPUTED **  Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL.  NOTE: the vendor could not reproduce this issue.
11375| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
11376| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
11377| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
11378| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11379| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries.  NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11380| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
11381| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
11382| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
11383| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.  NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11384| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
11385| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
11386| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
11387| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
11388| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
11389| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
11390| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
11391| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
11392| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11393| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
11394| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
11395| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
11396| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
11397| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
11398| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
11399| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
11400| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
11401| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
11402| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
11403| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
11404| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
11405| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
11406| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
11407| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes.  NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
11408| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
11409| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
11410| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
11411| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
11412| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
11413| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
11414| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
11415| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
11416| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
11417| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
11418| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
11419| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted.  NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."  In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
11420| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory.  NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11421| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11422| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
11423| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
11424| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
11425| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11426| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
11427| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
11428| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
11429| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
11430| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
11431| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
11432| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
11433| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
11434| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
11435| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
11436| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
11437| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
11438| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
11439| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11440| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11441| [CVE-2007-0086] ** DISPUTED **  The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment.  NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
11442| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
11443| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
11444| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
11445| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
11446| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
11447| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
11448| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11449| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
11450| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11451| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
11452| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
11453| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
11454| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11455| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
11456| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11457| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
11458| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
11459| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11460| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
11461| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
11462| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
11463| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
11464| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
11465| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
11466| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
11467| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
11468| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11469| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
11470| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
11471| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
11472| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
11473| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
11474| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
11475| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
11476| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
11477| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
11478| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
11479| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
11480| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
11481| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
11482| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
11483| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
11484| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
11485| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
11486| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
11487| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
11488| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
11489| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
11490| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function.  NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE.  However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11491| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file.  NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE.  However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11492| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
11493| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
11494| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
11495| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
11496| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
11497| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
11498| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
11499| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
11500| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
11501| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
11502| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
11503| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
11504| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
11505| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
11506| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
11507| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
11508| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
11509| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
11510| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
11511| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
11512| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
11513| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
11514| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
11515| [CVE-2005-1754] ** DISPUTED **  JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter.  NOTE: Sun and Apache dispute this issue.  Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11516| [CVE-2005-1753] ** DISPUTED **  ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue.  Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11517| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program.  Therefore this may not be a vulnerability.
11518| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
11519| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
11520| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
11521| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
11522| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
11523| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
11524| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
11525| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
11526| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
11527| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
11528| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
11529| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
11530| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
11531| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
11532| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
11533| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11534| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11535| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
11536| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
11537| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
11538| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
11539| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
11540| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
11541| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
11542| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
11543| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
11544| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
11545| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
11546| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
11547| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
11548| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
11549| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
11550| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
11551| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
11552| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
11553| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
11554| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
11555| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
11556| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
11557| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
11558| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
11559| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
11560| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11561| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11562| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
11563| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
11564| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
11565| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
11566| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
11567| [CVE-2003-1307] ** DISPUTED **  The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port.  NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
11568| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
11569| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
11570| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
11571| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
11572| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
11573| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
11574| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
11575| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
11576| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
11577| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
11578| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
11579| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
11580| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
11581| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
11582| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
11583| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
11584| [CVE-2003-0249] ** DISPUTED **  PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive.  NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method.  A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods.  It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
11585| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
11586| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
11587| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
11588| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
11589| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
11590| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
11591| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
11592| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
11593| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
11594| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
11595| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
11596| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
11597| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
11598| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
11599| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
11600| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
11601| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
11602| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
11603| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
11604| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
11605| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
11606| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
11607| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11608| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
11609| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
11610| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
11611| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
11612| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
11613| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
11614| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
11615| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
11616| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
11617| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
11618| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
11619| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
11620| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
11621| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
11622| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
11623| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
11624| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
11625| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
11626| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
11627| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
11628| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
11629| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
11630| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
11631| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
11632| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
11633| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
11634| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
11635| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
11636| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
11637| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
11638| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
11639| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
11640| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
11641| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
11642| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
11643| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
11644| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
11645| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
11646| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
11647| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
11648| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
11649| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
11650| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
11651| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
11652| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
11653| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
11654| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
11655| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
11656| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
11657| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code.  NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache.  The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
11658| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
11659| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
11660| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
11661| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
11662| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
11663| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
11664| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
11665| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
11666| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
11667| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
11668| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
11669| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11670| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
11671| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11672| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11673| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11674| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11675| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11676| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11677| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11678| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11679| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11680| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11681| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11682| 
11683| SecurityFocus - https://www.securityfocus.com/bid/:
11684| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11685| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11686| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11687| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11688| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11689| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11690| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11691| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11692| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11693| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11694| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11695| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11696| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11697| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11698| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11699| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11700| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11701| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11702| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11703| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11704| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11705| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11706| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11707| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11708| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11709| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11710| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11711| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11712| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11713| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11714| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11715| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11716| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11717| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11718| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11719| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11720| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11721| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11722| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11723| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11724| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11725| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11726| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11727| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11728| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11729| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11730| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11731| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11732| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11733| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11734| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11735| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11736| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11737| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11738| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11739| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11740| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11741| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11742| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11743| [102154] Multiple Apache  Products CVE-2017-15708 Remote Code Execution Vulnerability
11744| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11745| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11746| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11747| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11748| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11749| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11750| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11751| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11752| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11753| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11754| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11755| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11756| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11757| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11758| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11759| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11760| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11761| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11762| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11763| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11764| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11765| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11766| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11767| [101560] Apache Portable Runtime Utility CVE-2017-12613  Multiple Information Disclosure Vulnerabilities
11768| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11769| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11770| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11771| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11772| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11773| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11774| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11775| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11776| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11777| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11778| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11779| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11780| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11781| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11782| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11783| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11784| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11785| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11786| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11787| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11788| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11789| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11790| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11791| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11792| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11793| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11794| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11795| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11796| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11797| [100447] Apache2Triad Multiple Security Vulnerabilities
11798| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11799| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11800| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11801| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11802| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11803| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11804| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11805| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11806| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11807| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11808| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11809| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11810| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11811| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11812| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11813| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11814| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11815| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11816| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11817| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11818| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11819| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11820| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11821| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11822| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11823| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11824| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11825| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11826| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11827| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11828| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11829| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11830| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11831| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11832| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11833| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11834| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11835| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11836| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11837| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11838| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11839| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11840| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11841| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11842| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11843| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11844| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11845| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11846| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11847| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11848| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11849| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11850| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11851| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11852| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11853| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11854| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11855| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11856| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11857| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11858| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11859| [97530] Apache Tomcat CVE-2017-5648  Information Disclosure Vulnerability
11860| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11861| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11862| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11863| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11864| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11865| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11866| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11867| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11868| [96895] Apache Tomcat CVE-2016-8747  Information Disclosure Vulnerability
11869| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11870| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11871| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11872| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11873| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11874| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11875| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11876| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11877| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11878| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11879| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11880| [95675] Apache Struts Remote Code Execution Vulnerability
11881| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11882| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11883| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11884| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11885| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11886| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11887| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11888| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11889| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11890| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11891| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11892| [94828] Apache Tomcat CVE-2016-8745  Information Disclosure Vulnerability
11893| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11894| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11895| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11896| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11897| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11898| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11899| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11900| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11901| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11902| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11903| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11904| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11905| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11906| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11907| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11908| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11909| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11910| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11911| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11912| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11913| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11914| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11915| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11916| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11917| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11918| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11919| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11920| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11921| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11922| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11923| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11924| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11925| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11926| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11927| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11928| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11929| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11930| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11931| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11932| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11933| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11934| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11935| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11936| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11937| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11938| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11939| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11940| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11941| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11942| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11943| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11944| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11945| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11946| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11947| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11948| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11949| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11950| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11951| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11952| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11953| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11954| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11955| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11956| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11957| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11958| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11959| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11960| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11961| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11962| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11963| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11964| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11965| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11966| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11967| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11968| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11969| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11970| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11971| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11972| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11973| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11974| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11975| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11976| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11977| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11978| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11979| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11980| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11981| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11982| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11983| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11984| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11985| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11986| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11987| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11988| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11989| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11990| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11991| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11992| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11993| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11994| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11995| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11996| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11997| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11998| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11999| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
12000| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
12001| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
12002| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
12003| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
12004| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
12005| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
12006| [84316] Apache ActiveMQ  CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
12007| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
12008| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
12009| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
12010| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
12011| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
12012| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
12013| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
12014| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
12015| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
12016| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
12017| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
12018| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
12019| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
12020| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
12021| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
12022| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
12023| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
12024| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
12025| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
12026| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
12027| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
12028| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
12029| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
12030| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
12031| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
12032| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
12033| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
12034| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
12035| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
12036| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
12037| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
12038| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
12039| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
12040| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
12041| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
12042| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
12043| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
12044| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
12045| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
12046| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
12047| [76933] Apache James Server Unspecified Command Execution Vulnerability
12048| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
12049| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
12050| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
12051| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
12052| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
12053| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
12054| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
12055| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
12056| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
12057| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
12058| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
12059| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
12060| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
12061| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
12062| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
12063| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
12064| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
12065| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
12066| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
12067| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
12068| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
12069| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
12070| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
12071| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
12072| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
12073| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
12074| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
12075| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
12076| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
12077| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
12078| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
12079| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
12080| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
12081| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
12082| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
12083| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
12084| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
12085| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
12086| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
12087| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
12088| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
12089| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
12090| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
12091| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
12092| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
12093| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
12094| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
12095| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
12096| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
12097| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
12098| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
12099| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
12100| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
12101| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
12102| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
12103| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
12104| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
12105| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
12106| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
12107| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
12108| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
12109| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
12110| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
12111| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
12112| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
12113| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
12114| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
12115| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
12116| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
12117| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
12118| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
12119| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
12120| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
12121| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
12122| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
12123| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
12124| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
12125| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
12126| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
12127| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
12128| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
12129| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
12130| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
12131| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
12132| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
12133| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
12134| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
12135| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
12136| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
12137| [68229] Apache Harmony PRNG Entropy Weakness
12138| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
12139| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
12140| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
12141| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
12142| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
12143| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
12144| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
12145| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
12146| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
12147| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
12148| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
12149| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
12150| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
12151| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
12152| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
12153| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
12154| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
12155| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
12156| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
12157| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
12158| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
12159| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
12160| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
12161| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
12162| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
12163| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
12164| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
12165| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
12166| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
12167| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
12168| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
12169| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
12170| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
12171| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
12172| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
12173| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
12174| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
12175| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
12176| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
12177| [64780] Apache CloudStack Unauthorized Access Vulnerability
12178| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
12179| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
12180| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
12181| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
12182| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
12183| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
12184| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
12185| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
12186| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
12187| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
12188| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
12189| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12190| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
12191| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
12192| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
12193| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
12194| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
12195| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
12196| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
12197| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
12198| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
12199| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
12200| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
12201| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
12202| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
12203| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
12204| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
12205| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
12206| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
12207| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
12208| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
12209| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
12210| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
12211| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
12212| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
12213| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
12214| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
12215| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
12216| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
12217| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
12218| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
12219| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
12220| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
12221| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
12222| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
12223| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
12224| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
12225| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
12226| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
12227| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
12228| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
12229| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
12230| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
12231| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
12232| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
12233| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
12234| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
12235| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
12236| [59670] Apache VCL Multiple Input Validation Vulnerabilities
12237| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
12238| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
12239| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
12240| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
12241| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
12242| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
12243| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
12244| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
12245| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
12246| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
12247| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
12248| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
12249| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
12250| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
12251| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
12252| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
12253| [58165] Apache  HTTP Server Multiple Cross Site Scripting Vulnerabilities
12254| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
12255| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
12256| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
12257| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
12258| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
12259| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
12260| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
12261| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
12262| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
12263| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
12264| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
12265| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
12266| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
12267| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
12268| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
12269| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
12270| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
12271| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
12272| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
12273| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
12274| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
12275| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
12276| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
12277| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
12278| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
12279| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
12280| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
12281| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
12282| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
12283| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
12284| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
12285| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
12286| [54798] Apache Libcloud Man In The Middle Vulnerability
12287| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
12288| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
12289| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
12290| [54189] Apache Roller Cross Site Request Forgery Vulnerability
12291| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
12292| [53880] Apache CXF Child Policies Security Bypass Vulnerability
12293| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
12294| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
12295| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
12296| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
12297| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
12298| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
12299| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
12300| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12301| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
12302| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
12303| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
12304| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
12305| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
12306| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
12307| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
12308| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
12309| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
12310| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
12311| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
12312| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
12313| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12314| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12315| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
12316| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
12317| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
12318| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
12319| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
12320| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
12321| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
12322| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12323| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
12324| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
12325| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
12326| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
12327| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12328| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12329| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
12330| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
12331| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12332| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
12333| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
12334| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
12335| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
12336| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
12337| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
12338| [49290] Apache Wicket Cross Site Scripting Vulnerability
12339| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
12340| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
12341| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
12342| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
12343| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
12344| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
12345| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
12346| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12347| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
12348| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
12349| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
12350| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
12351| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
12352| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
12353| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
12354| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
12355| [46953] Apache MPM-ITK Module Security Weakness
12356| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
12357| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
12358| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
12359| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
12360| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
12361| [46166] Apache Tomcat JVM Denial of Service Vulnerability
12362| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
12363| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12364| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
12365| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
12366| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
12367| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
12368| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
12369| [44616] Apache Shiro Directory Traversal Vulnerability
12370| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
12371| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
12372| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
12373| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
12374| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
12375| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12376| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
12377| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
12378| [42492] Apache CXF XML DTD Processing Security Vulnerability
12379| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
12380| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12381| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12382| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
12383| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
12384| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12385| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
12386| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
12387| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
12388| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12389| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12390| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
12391| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
12392| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12393| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
12394| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
12395| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
12396| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
12397| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
12398| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
12399| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
12400| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
12401| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
12402| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
12403| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
12404| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
12405| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
12406| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
12407| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
12408| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
12409| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12410| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
12411| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
12412| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
12413| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
12414| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12415| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
12416| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
12417| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
12418| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
12419| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
12420| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12421| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12422| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
12423| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
12424| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
12425| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
12426| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
12427| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
12428| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12429| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
12430| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
12431| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12432| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
12433| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
12434| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
12435| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
12436| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
12437| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
12438| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
12439| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12440| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
12441| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
12442| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
12443| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
12444| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
12445| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
12446| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
12447| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
12448| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
12449| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12450| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
12451| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12452| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
12453| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
12454| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
12455| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
12456| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
12457| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12458| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
12459| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
12460| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
12461| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
12462| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
12463| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
12464| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
12465| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
12466| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
12467| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
12468| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
12469| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
12470| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
12471| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
12472| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
12473| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
12474| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
12475| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
12476| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
12477| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
12478| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
12479| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
12480| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
12481| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12482| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
12483| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
12484| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
12485| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
12486| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
12487| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
12488| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
12489| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
12490| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
12491| [20527] Apache Mod_TCL Remote Format String Vulnerability
12492| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
12493| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
12494| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
12495| [19106] Apache Tomcat Information Disclosure Vulnerability
12496| [18138] Apache James SMTP Denial Of Service Vulnerability
12497| [17342] Apache Struts Multiple Remote Vulnerabilities
12498| [17095] Apache Log4Net Denial Of Service Vulnerability
12499| [16916] Apache mod_python FileSession Code Execution Vulnerability
12500| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
12501| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
12502| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
12503| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
12504| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
12505| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
12506| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
12507| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
12508| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
12509| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
12510| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
12511| [15177] PHP Apache 2 Local Denial of Service Vulnerability
12512| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
12513| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
12514| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
12515| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
12516| [14106] Apache HTTP Request Smuggling Vulnerability
12517| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
12518| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
12519| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
12520| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
12521| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
12522| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
12523| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
12524| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
12525| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
12526| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
12527| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
12528| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
12529| [11471] Apache mod_include Local Buffer Overflow Vulnerability
12530| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
12531| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
12532| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
12533| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
12534| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12535| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
12536| [11094] Apache mod_ssl Denial Of Service Vulnerability
12537| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
12538| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
12539| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
12540| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
12541| [10478] ClueCentral Apache Suexec Patch Security Weakness
12542| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()'  Stack Buffer Overflow Vulnerability
12543| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
12544| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
12545| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
12546| [9921] Apache Connection Blocking Denial Of Service Vulnerability
12547| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
12548| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
12549| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
12550| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
12551| [9733] Apache Cygwin Directory Traversal Vulnerability
12552| [9599] Apache mod_php Global Variables Information Disclosure Weakness
12553| [9590] Apache-SSL Client Certificate Forging Vulnerability
12554| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
12555| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
12556| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
12557| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
12558| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
12559| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
12560| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
12561| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
12562| [8898] Red Hat Apache Directory Index Default Configuration Error
12563| [8883] Apache Cocoon Directory Traversal Vulnerability
12564| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
12565| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
12566| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
12567| [8707] Apache htpasswd Password Entropy Weakness
12568| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
12569| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
12570| [8226] Apache HTTP Server Multiple Vulnerabilities
12571| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
12572| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
12573| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
12574| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
12575| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
12576| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
12577| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
12578| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
12579| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
12580| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
12581| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
12582| [7255] Apache Web Server File Descriptor Leakage Vulnerability
12583| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12584| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
12585| [6939] Apache Web Server ETag Header Information Disclosure Weakness
12586| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
12587| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
12588| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
12589| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
12590| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
12591| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
12592| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
12593| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
12594| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
12595| [6117] Apache mod_php File Descriptor Leakage Vulnerability
12596| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
12597| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
12598| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
12599| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
12600| [5992] Apache HTDigest Insecure Temporary File Vulnerability
12601| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
12602| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
12603| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
12604| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
12605| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
12606| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12607| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
12608| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
12609| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
12610| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
12611| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12612| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
12613| [5485] Apache 2.0 Path Disclosure Vulnerability
12614| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12615| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
12616| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
12617| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
12618| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
12619| [5054] Apache Tomcat  Web Root Path Disclosure Vulnerability
12620| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
12621| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
12622| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
12623| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
12624| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
12625| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
12626| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
12627| [4437] Apache Error Message Cross-Site Scripting Vulnerability
12628| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
12629| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
12630| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
12631| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
12632| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
12633| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
12634| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
12635| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
12636| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
12637| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
12638| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
12639| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
12640| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
12641| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
12642| [3596] Apache Split-Logfile File Append Vulnerability
12643| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
12644| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
12645| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
12646| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
12647| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
12648| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
12649| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
12650| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
12651| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
12652| [3169] Apache Server Address Disclosure Vulnerability
12653| [3009] Apache Possible Directory Index Disclosure Vulnerability
12654| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
12655| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
12656| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
12657| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
12658| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
12659| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
12660| [2216] Apache Web Server DoS Vulnerability
12661| [2182] Apache /tmp File Race Vulnerability
12662| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
12663| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
12664| [1821] Apache mod_cookies Buffer Overflow Vulnerability
12665| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
12666| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
12667| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
12668| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
12669| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
12670| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12671| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12672| [1457] Apache::ASP source.asp Example Script Vulnerability
12673| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12674| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12675| 
12676| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12677| [86258] Apache CloudStack text fields cross-site scripting
12678| [85983] Apache Subversion mod_dav_svn module denial of service
12679| [85875] Apache OFBiz UEL code execution
12680| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12681| [85871] Apache HTTP Server mod_session_dbd  unspecified
12682| [85756] Apache Struts OGNL expression command execution
12683| [85755] Apache Struts DefaultActionMapper class open redirect
12684| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12685| [85574] Apache HTTP Server mod_dav denial of service
12686| [85573] Apache Struts Showcase App OGNL code execution
12687| [85496] Apache CXF denial of service
12688| [85423] Apache Geronimo RMI classloader code execution
12689| [85326] Apache Santuario XML Security for C++ buffer overflow
12690| [85323] Apache Santuario XML Security for Java spoofing
12691| [85319] Apache Qpid Python client SSL spoofing
12692| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12693| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12694| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12695| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12696| [84952] Apache Tomcat CVE-2012-3544 denial of service
12697| [84763] Apache Struts CVE-2013-2135 security bypass
12698| [84762] Apache Struts CVE-2013-2134 security bypass
12699| [84719] Apache Subversion CVE-2013-2088 command execution
12700| [84718] Apache Subversion CVE-2013-2112 denial of service
12701| [84717] Apache Subversion CVE-2013-1968 denial of service
12702| [84577] Apache Tomcat security bypass
12703| [84576] Apache Tomcat symlink
12704| [84543] Apache Struts CVE-2013-2115 security bypass
12705| [84542] Apache Struts CVE-2013-1966 security bypass
12706| [84154] Apache Tomcat session hijacking
12707| [84144] Apache Tomcat denial of service
12708| [84143] Apache Tomcat information disclosure
12709| [84111] Apache HTTP Server command execution
12710| [84043] Apache Virtual Computing Lab cross-site scripting
12711| [84042] Apache Virtual Computing Lab cross-site scripting
12712| [83782] Apache CloudStack information disclosure
12713| [83781] Apache CloudStack security bypass
12714| [83720] Apache ActiveMQ cross-site scripting
12715| [83719] Apache ActiveMQ denial of service
12716| [83718] Apache ActiveMQ denial of service
12717| [83263] Apache Subversion denial of service
12718| [83262] Apache Subversion denial of service
12719| [83261] Apache Subversion denial of service
12720| [83259] Apache Subversion denial of service
12721| [83035] Apache mod_ruid2 security bypass
12722| [82852] Apache Qpid federation_tag security bypass
12723| [82851] Apache Qpid qpid::framing::Buffer denial of service
12724| [82758] Apache Rave User RPC API information disclosure
12725| [82663] Apache Subversion svn_fs_file_length() denial of service
12726| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12727| [82641] Apache Qpid AMQP denial of service
12728| [82626] Apache HTTP Server on Debian GNU/Linux  Debian apache2ctl symlink
12729| [82618] Apache Commons FileUpload symlink
12730| [82360] Apache HTTP Server manager interface cross-site scripting
12731| [82359] Apache HTTP Server hostnames cross-site scripting
12732| [82338] Apache Tomcat log/logdir information disclosure
12733| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12734| [82268] Apache OpenJPA deserialization command execution
12735| [81981] Apache CXF UsernameTokens security bypass
12736| [81980] Apache CXF WS-Security security bypass
12737| [81398] Apache OFBiz cross-site scripting
12738| [81240] Apache CouchDB directory traversal
12739| [81226] Apache CouchDB JSONP code execution
12740| [81225] Apache CouchDB Futon user interface cross-site scripting
12741| [81211] Apache Axis2/C SSL spoofing
12742| [81167] Apache CloudStack DeployVM information disclosure
12743| [81166] Apache CloudStack AddHost API information disclosure
12744| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12745| [80518] Apache Tomcat cross-site request forgery security bypass
12746| [80517] Apache Tomcat FormAuthenticator security bypass
12747| [80516] Apache Tomcat NIO denial of service
12748| [80408] Apache Tomcat replay-countermeasure security bypass
12749| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12750| [80317] Apache Tomcat slowloris denial of service
12751| [79984] Apache Commons HttpClient SSL spoofing
12752| [79983] Apache CXF SSL spoofing
12753| [79830] Apache Axis2/Java SSL spoofing
12754| [79829] Apache Axis SSL spoofing
12755| [79809] Apache Tomcat DIGEST security bypass
12756| [79806] Apache Tomcat parseHeaders() denial of service
12757| [79540] Apache OFBiz unspecified
12758| [79487] Apache Axis2 SAML security bypass
12759| [79212] Apache Cloudstack code execution
12760| [78734] Apache CXF SOAP Action security bypass
12761| [78730] Apache Qpid broker denial of service
12762| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12763| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12764| [78562] Apache mod_pagespeed module security bypass
12765| [78454] Apache Axis2 security bypass
12766| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12767| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12768| [78321] Apache Wicket unspecified cross-site scripting
12769| [78183] Apache Struts parameters denial of service
12770| [78182] Apache Struts cross-site request forgery
12771| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12772| [77987] mod_rpaf module for Apache denial of service
12773| [77958] Apache Struts skill name code execution
12774| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12775| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12776| [77568] Apache Qpid broker security bypass
12777| [77421] Apache Libcloud spoofing
12778| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12779| [77046] Oracle Solaris Apache HTTP Server information disclosure
12780| [76837] Apache Hadoop information disclosure
12781| [76802] Apache Sling CopyFrom denial of service
12782| [76692] Apache Hadoop symlink
12783| [76535] Apache Roller console cross-site request forgery
12784| [76534] Apache Roller weblog cross-site scripting
12785| [76152] Apache CXF elements security bypass
12786| [76151] Apache CXF child policies security bypass
12787| [75983] MapServer for Windows Apache file include
12788| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12789| [75558] Apache POI denial of service
12790| [75545] PHP apache_request_headers() buffer overflow
12791| [75302] Apache Qpid SASL security bypass
12792| [75211] Debian GNU/Linux apache 2 cross-site scripting
12793| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12794| [74871] Apache OFBiz FlexibleStringExpander code execution
12795| [74870] Apache OFBiz multiple cross-site scripting
12796| [74750] Apache Hadoop unspecified spoofing
12797| [74319] Apache Struts XSLTResult.java file upload
12798| [74313] Apache Traffic Server header buffer overflow
12799| [74276] Apache Wicket directory traversal
12800| [74273] Apache Wicket unspecified cross-site scripting
12801| [74181] Apache HTTP Server mod_fcgid module denial of service
12802| [73690] Apache Struts OGNL code execution
12803| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12804| [73100] Apache MyFaces in directory traversal
12805| [73096] Apache APR hash denial of service
12806| [73052] Apache Struts name cross-site scripting
12807| [73030] Apache CXF UsernameToken security bypass
12808| [72888] Apache Struts lastName cross-site scripting
12809| [72758] Apache HTTP Server httpOnly information disclosure
12810| [72757] Apache HTTP Server MPM denial of service
12811| [72585] Apache Struts ParameterInterceptor security bypass
12812| [72438] Apache Tomcat Digest security bypass
12813| [72437] Apache Tomcat Digest security bypass
12814| [72436] Apache Tomcat DIGEST security bypass
12815| [72425] Apache Tomcat parameter denial of service
12816| [72422] Apache Tomcat request object information disclosure
12817| [72377] Apache HTTP Server scoreboard security bypass
12818| [72345] Apache HTTP Server HTTP request denial of service
12819| [72229] Apache Struts ExceptionDelegator command execution
12820| [72089] Apache Struts ParameterInterceptor directory traversal
12821| [72088] Apache Struts CookieInterceptor command execution
12822| [72047] Apache Geronimo hash denial of service
12823| [72016] Apache Tomcat hash denial of service
12824| [71711] Apache Struts OGNL expression code execution
12825| [71654] Apache Struts interfaces security bypass
12826| [71620] Apache ActiveMQ failover denial of service
12827| [71617] Apache HTTP Server mod_proxy module information disclosure
12828| [71508] Apache MyFaces EL security bypass
12829| [71445] Apache HTTP Server mod_proxy security bypass
12830| [71203] Apache Tomcat servlets privilege escalation
12831| [71181] Apache HTTP Server ap_pregsub() denial of service
12832| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12833| [70336] Apache HTTP Server mod_proxy information disclosure
12834| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12835| [69472] Apache Tomcat AJP security bypass
12836| [69396] Apache HTTP Server ByteRange filter denial of service
12837| [69394] Apache Wicket multi window support cross-site scripting
12838| [69176] Apache Tomcat XML information disclosure
12839| [69161] Apache Tomcat jsvc information disclosure
12840| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12841| [68541] Apache Tomcat sendfile information disclosure
12842| [68420] Apache XML Security denial of service
12843| [68238] Apache Tomcat JMX information disclosure
12844| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12845| [67804] Apache Subversion control rules information disclosure
12846| [67803] Apache Subversion control rules denial of service
12847| [67802] Apache Subversion baselined denial of service
12848| [67672] Apache Archiva multiple cross-site scripting
12849| [67671] Apache Archiva multiple cross-site request forgery
12850| [67564] Apache APR apr_fnmatch() denial of service
12851| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12852| [67515] Apache Tomcat annotations security bypass
12853| [67480] Apache Struts s:submit information disclosure
12854| [67414] Apache APR apr_fnmatch() denial of service
12855| [67356] Apache Struts javatemplates cross-site scripting
12856| [67354] Apache Struts Xwork cross-site scripting
12857| [66676] Apache Tomcat HTTP BIO information disclosure
12858| [66675] Apache Tomcat web.xml security bypass
12859| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12860| [66241] Apache HttpComponents information disclosure
12861| [66154] Apache Tomcat ServletSecurity security bypass
12862| [65971] Apache Tomcat ServletSecurity security bypass
12863| [65876] Apache Subversion mod_dav_svn denial of service
12864| [65343] Apache Continuum unspecified cross-site scripting
12865| [65162] Apache Tomcat NIO connector denial of service
12866| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12867| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12868| [65159] Apache Tomcat ServletContect security bypass
12869| [65050] Apache CouchDB web-based administration UI cross-site scripting
12870| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12871| [64473] Apache Subversion blame -g denial of service
12872| [64472] Apache Subversion walk() denial of service
12873| [64407] Apache Axis2 CVE-2010-0219 code execution
12874| [63926] Apache Archiva password privilege escalation
12875| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12876| [63493] Apache Archiva credentials cross-site request forgery
12877| [63477] Apache Tomcat HttpOnly session hijacking
12878| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12879| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12880| [62959] Apache Shiro filters security bypass
12881| [62790] Apache Perl cgi module denial of service
12882| [62576] Apache Qpid exchange denial of service
12883| [62575] Apache Qpid AMQP denial of service
12884| [62354] Apache Qpid SSL denial of service
12885| [62235] Apache APR-util apr_brigade_split_line() denial of service
12886| [62181] Apache XML-RPC SAX Parser information disclosure
12887| [61721] Apache Traffic Server cache poisoning
12888| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12889| [61186] Apache CouchDB Futon cross-site request forgery
12890| [61169] Apache CXF DTD denial of service
12891| [61070] Apache Jackrabbit search.jsp SQL injection
12892| [61006] Apache SLMS Quoting cross-site request forgery
12893| [60962] Apache Tomcat time cross-site scripting
12894| [60883] Apache mod_proxy_http information disclosure
12895| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12896| [60264] Apache Tomcat Transfer-Encoding denial of service
12897| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12898| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12899| [59413] Apache mod_proxy_http timeout information disclosure
12900| [59058] Apache MyFaces unencrypted view state cross-site scripting
12901| [58827] Apache Axis2 xsd file include
12902| [58790] Apache Axis2 modules cross-site scripting
12903| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12904| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12905| [58056] Apache ActiveMQ .jsp source code disclosure
12906| [58055] Apache Tomcat realm name information disclosure
12907| [58046] Apache HTTP Server mod_auth_shadow security bypass
12908| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12909| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12910| [57429] Apache CouchDB algorithms information disclosure
12911| [57398] Apache ActiveMQ Web console cross-site request forgery
12912| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12913| [56653] Apache HTTP Server DNS spoofing
12914| [56652] Apache HTTP Server DNS cross-site scripting
12915| [56625] Apache HTTP Server request header information disclosure
12916| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12917| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12918| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12919| [55857] Apache Tomcat WAR files directory traversal
12920| [55856] Apache Tomcat autoDeploy attribute security bypass
12921| [55855] Apache Tomcat WAR directory traversal
12922| [55210] Intuit component for Joomla! Apache information disclosure
12923| [54533] Apache Tomcat 404 error page cross-site scripting
12924| [54182] Apache Tomcat admin default password
12925| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12926| [53666] Apache HTTP Server Solaris pollset support denial of service
12927| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12928| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12929| [53041] mod_proxy_ftp module for Apache denial of service
12930| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12931| [51953] Apache Tomcat Path Disclosure
12932| [51952] Apache Tomcat Path Traversal
12933| [51951] Apache stronghold-status Information Disclosure
12934| [51950] Apache stronghold-info Information Disclosure
12935| [51949] Apache PHP Source Code Disclosure
12936| [51948] Apache Multiviews Attack
12937| [51946] Apache JServ Environment Status Information Disclosure
12938| [51945] Apache error_log Information Disclosure
12939| [51944] Apache Default Installation Page Pattern Found
12940| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12941| [51942] Apache AXIS XML External Entity File Retrieval
12942| [51941] Apache AXIS Sample Servlet Information Leak
12943| [51940] Apache access_log Information Disclosure
12944| [51626] Apache mod_deflate denial of service
12945| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12946| [51365] Apache Tomcat RequestDispatcher security bypass
12947| [51273] Apache HTTP Server Incomplete Request denial of service
12948| [51195] Apache Tomcat XML information disclosure
12949| [50994] Apache APR-util xml/apr_xml.c denial of service
12950| [50993] Apache APR-util apr_brigade_vprintf denial of service
12951| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12952| [50930] Apache Tomcat j_security_check information disclosure
12953| [50928] Apache Tomcat AJP denial of service
12954| [50884] Apache HTTP Server XML ENTITY denial of service
12955| [50808] Apache HTTP Server AllowOverride privilege escalation
12956| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12957| [50059] Apache mod_proxy_ajp information disclosure
12958| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12959| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12960| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12961| [49921] Apache ActiveMQ Web interface cross-site scripting
12962| [49898] Apache Geronimo Services/Repository directory traversal
12963| [49725] Apache Tomcat mod_jk module information disclosure
12964| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12965| [49712] Apache Struts unspecified cross-site scripting
12966| [49213] Apache Tomcat cal2.jsp cross-site scripting
12967| [48934] Apache Tomcat POST doRead method information disclosure
12968| [48211] Apache Tomcat header HTTP request smuggling
12969| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12970| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12971| [47709] Apache Roller &quot
12972| [47104] Novell Netware ApacheAdmin console security bypass
12973| [47086] Apache HTTP Server OS fingerprinting unspecified
12974| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12975| [45791] Apache Tomcat RemoteFilterValve security bypass
12976| [44435] Oracle WebLogic Apache Connector buffer overflow
12977| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12978| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12979| [44156] Apache Tomcat RequestDispatcher directory traversal
12980| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12981| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12982| [42987] Apache HTTP Server mod_proxy module denial of service
12983| [42915] Apache Tomcat JSP files path disclosure
12984| [42914] Apache Tomcat MS-DOS path disclosure
12985| [42892] Apache Tomcat unspecified unauthorized access
12986| [42816] Apache Tomcat Host Manager cross-site scripting
12987| [42303] Apache 403 error cross-site scripting
12988| [41618] Apache-SSL ExpandCert() authentication bypass
12989| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12990| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12991| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12992| [40562] Apache Geronimo init information disclosure
12993| [40478] Novell Web Manager webadmin-apache.conf security bypass
12994| [40411] Apache Tomcat exception handling information disclosure
12995| [40409] Apache Tomcat native (APR based) connector weak security
12996| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12997| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12998| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12999| [39867] Apache HTTP Server mod_negotiation cross-site scripting
13000| [39804] Apache Tomcat SingleSignOn information disclosure
13001| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
13002| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
13003| [39608] Apache HTTP Server balancer manager cross-site request forgery
13004| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
13005| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
13006| [39472] Apache HTTP Server mod_status cross-site scripting
13007| [39201] Apache Tomcat JULI logging weak security
13008| [39158] Apache HTTP Server Windows SMB shares information disclosure
13009| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
13010| [38951] Apache::AuthCAS Perl module cookie SQL injection
13011| [38800] Apache HTTP Server 413 error page cross-site scripting
13012| [38211] Apache Geronimo SQLLoginModule authentication bypass
13013| [37243] Apache Tomcat WebDAV directory traversal
13014| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
13015| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
13016| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
13017| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
13018| [36782] Apache Geronimo MEJB unauthorized access
13019| [36586] Apache HTTP Server UTF-7 cross-site scripting
13020| [36468] Apache Geronimo LoginModule security bypass
13021| [36467] Apache Tomcat functions.jsp cross-site scripting
13022| [36402] Apache Tomcat calendar cross-site request forgery
13023| [36354] Apache HTTP Server mod_proxy module denial of service
13024| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
13025| [36336] Apache Derby lock table privilege escalation
13026| [36335] Apache Derby schema privilege escalation
13027| [36006] Apache Tomcat &quot
13028| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
13029| [35999] Apache Tomcat \&quot
13030| [35795] Apache Tomcat CookieExample cross-site scripting
13031| [35536] Apache Tomcat SendMailServlet example cross-site scripting
13032| [35384] Apache HTTP Server mod_cache module denial of service
13033| [35097] Apache HTTP Server mod_status module cross-site scripting
13034| [35095] Apache HTTP Server Prefork MPM module denial of service
13035| [34984] Apache HTTP Server recall_headers information disclosure
13036| [34966] Apache HTTP Server MPM content spoofing
13037| [34965] Apache HTTP Server MPM information disclosure
13038| [34963] Apache HTTP Server MPM multiple denial of service
13039| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
13040| [34869] Apache Tomcat JSP example Web application cross-site scripting
13041| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
13042| [34496] Apache Tomcat JK Connector security bypass
13043| [34377] Apache Tomcat hello.jsp cross-site scripting
13044| [34212] Apache Tomcat SSL configuration security bypass
13045| [34210] Apache Tomcat Accept-Language cross-site scripting
13046| [34209] Apache Tomcat calendar application cross-site scripting
13047| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
13048| [34167] Apache Axis WSDL file path disclosure
13049| [34068] Apache Tomcat AJP connector information disclosure
13050| [33584] Apache HTTP Server suEXEC privilege escalation
13051| [32988] Apache Tomcat proxy module directory traversal
13052| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
13053| [32708] Debian Apache tty privilege escalation
13054| [32441] ApacheStats extract() PHP call unspecified
13055| [32128] Apache Tomcat default account
13056| [31680] Apache Tomcat RequestParamExample cross-site scripting
13057| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
13058| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
13059| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
13060| [30456] Apache mod_auth_kerb off-by-one buffer overflow
13061| [29550] Apache mod_tcl set_var() format string
13062| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
13063| [28357] Apache HTTP Server mod_alias script source information disclosure
13064| [28063] Apache mod_rewrite off-by-one buffer overflow
13065| [27902] Apache Tomcat URL information disclosure
13066| [26786] Apache James SMTP server denial of service
13067| [25680] libapache2 /tmp/svn file upload
13068| [25614] Apache Struts lookupMap cross-site scripting
13069| [25613] Apache Struts ActionForm denial of service
13070| [25612] Apache Struts isCancelled() security bypass
13071| [24965] Apache mod_python FileSession command execution
13072| [24716] Apache James spooler memory leak denial of service
13073| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
13074| [24158] Apache Geronimo jsp-examples cross-site scripting
13075| [24030] Apache auth_ldap module multiple format strings
13076| [24008] Apache mod_ssl custom error message denial of service
13077| [24003] Apache mod_auth_pgsql module multiple syslog format strings
13078| [23612] Apache mod_imap referer field cross-site scripting
13079| [23173] Apache Struts error message cross-site scripting
13080| [22942] Apache Tomcat directory listing denial of service
13081| [22858] Apache Multi-Processing Module code allows denial of service
13082| [22602] RHSA-2005:582 updates for Apache httpd not installed
13083| [22520] Apache mod-auth-shadow &quot
13084| [22466] ApacheTop symlink
13085| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
13086| [22006] Apache HTTP Server byte-range filter denial of service
13087| [21567] Apache mod_ssl off-by-one buffer overflow
13088| [21195] Apache HTTP Server header HTTP request smuggling
13089| [20383] Apache HTTP Server htdigest buffer overflow
13090| [19681] Apache Tomcat AJP12 request denial of service
13091| [18993] Apache HTTP server check_forensic symlink attack
13092| [18790] Apache Tomcat Manager cross-site scripting
13093| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
13094| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
13095| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
13096| [17961] Apache Web server ServerTokens has not been set
13097| [17930] Apache HTTP Server HTTP GET request denial of service
13098| [17785] Apache mod_include module buffer overflow
13099| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
13100| [17473] Apache HTTP Server Satisfy directive allows access to resources
13101| [17413] Apache htpasswd buffer overflow
13102| [17384] Apache HTTP Server environment variable configuration file buffer overflow
13103| [17382] Apache HTTP Server IPv6 apr_util denial of service
13104| [17366] Apache HTTP Server mod_dav module LOCK denial of service
13105| [17273] Apache HTTP Server speculative mode denial of service
13106| [17200] Apache HTTP Server mod_ssl denial of service
13107| [16890] Apache HTTP Server server-info request has been detected
13108| [16889] Apache HTTP Server server-status request has been detected
13109| [16705] Apache mod_ssl format string attack
13110| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
13111| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
13112| [16230] Apache HTTP Server PHP denial of service
13113| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
13114| [15958] Apache HTTP Server authentication modules memory corruption
13115| [15547] Apache HTTP Server mod_disk_cache local information disclosure
13116| [15540] Apache HTTP Server socket starvation denial of service
13117| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
13118| [15422] Apache HTTP Server mod_access information disclosure
13119| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
13120| [15293] Apache for Cygwin &quot
13121| [15065] Apache-SSL has a default password
13122| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
13123| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
13124| [14751] Apache Mod_python output filter information disclosure
13125| [14125] Apache HTTP Server mod_userdir module information disclosure
13126| [14075] Apache HTTP Server mod_php file descriptor leak
13127| [13703] Apache HTTP Server account
13128| [13689] Apache HTTP Server configuration allows symlinks
13129| [13688] Apache HTTP Server configuration allows SSI
13130| [13687] Apache HTTP Server Server: header value
13131| [13685] Apache HTTP Server ServerTokens value
13132| [13684] Apache HTTP Server ServerSignature value
13133| [13672] Apache HTTP Server config allows directory autoindexing
13134| [13671] Apache HTTP Server default content
13135| [13670] Apache HTTP Server config file directive references outside content root
13136| [13668] Apache HTTP Server httpd not running in chroot environment
13137| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
13138| [13664] Apache HTTP Server config file contains ScriptAlias entry
13139| [13663] Apache HTTP Server CGI support modules loaded
13140| [13661] Apache HTTP Server config file contains AddHandler entry
13141| [13660] Apache HTTP Server 500 error page not CGI script
13142| [13659] Apache HTTP Server 413 error page not CGI script
13143| [13658] Apache HTTP Server 403 error page not CGI script
13144| [13657] Apache HTTP Server 401 error page not CGI script
13145| [13552] Apache HTTP Server mod_cgid module information disclosure
13146| [13550] Apache GET request directory traversal
13147| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
13148| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
13149| [13429] Apache Tomcat non-HTTP request denial of service
13150| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
13151| [13295] Apache weak password encryption
13152| [13254] Apache Tomcat .jsp cross-site scripting
13153| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
13154| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
13155| [12681] Apache HTTP Server mod_proxy could allow mail relaying
13156| [12662] Apache HTTP Server rotatelogs denial of service
13157| [12554] Apache Tomcat stores password in plain text
13158| [12553] Apache HTTP Server redirects and subrequests denial of service
13159| [12552] Apache HTTP Server FTP proxy server denial of service
13160| [12551] Apache HTTP Server prefork MPM denial of service
13161| [12550] Apache HTTP Server weaker than expected encryption
13162| [12549] Apache HTTP Server type-map file denial of service
13163| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
13164| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
13165| [12091] Apache HTTP Server apr_password_validate denial of service
13166| [12090] Apache HTTP Server apr_psprintf code execution
13167| [11804] Apache HTTP Server mod_access_referer denial of service
13168| [11750] Apache HTTP Server could leak sensitive file descriptors
13169| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
13170| [11703] Apache long slash path allows directory listing
13171| [11695] Apache HTTP Server LF (Line Feed) denial of service
13172| [11694] Apache HTTP Server filestat.c denial of service
13173| [11438] Apache HTTP Server MIME message boundaries information disclosure
13174| [11412] Apache HTTP Server error log terminal escape sequence injection
13175| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
13176| [11195] Apache Tomcat web.xml could be used to read files
13177| [11194] Apache Tomcat URL appended with a null character could list directories
13178| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
13179| [11126] Apache HTTP Server illegal character file disclosure
13180| [11125] Apache HTTP Server DOS device name HTTP POST code execution
13181| [11124] Apache HTTP Server DOS device name denial of service
13182| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
13183| [10938] Apache HTTP Server printenv test CGI cross-site scripting
13184| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
13185| [10575] Apache mod_php module could allow an attacker to take over the httpd process
13186| [10499] Apache HTTP Server WebDAV HTTP POST view source
13187| [10457] Apache HTTP Server mod_ssl &quot
13188| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
13189| [10414] Apache HTTP Server htdigest multiple buffer overflows
13190| [10413] Apache HTTP Server htdigest temporary file race condition
13191| [10412] Apache HTTP Server htpasswd temporary file race condition
13192| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
13193| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
13194| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
13195| [10280] Apache HTTP Server shared memory scorecard overwrite
13196| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
13197| [10241] Apache HTTP Server Host: header cross-site scripting
13198| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
13199| [10208] Apache HTTP Server mod_dav denial of service
13200| [10206] HP VVOS Apache mod_ssl denial of service
13201| [10200] Apache HTTP Server stderr denial of service
13202| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
13203| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
13204| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
13205| [10098] Slapper worm targets OpenSSL/Apache systems
13206| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
13207| [9875] Apache HTTP Server .var file request could disclose installation path
13208| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
13209| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
13210| [9623] Apache HTTP Server ap_log_rerror() path disclosure
13211| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
13212| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
13213| [9396] Apache Tomcat null character to threads denial of service
13214| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
13215| [9249] Apache HTTP Server chunked encoding heap buffer overflow
13216| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
13217| [8932] Apache Tomcat example class information disclosure
13218| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
13219| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
13220| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
13221| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
13222| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
13223| [8400] Apache HTTP Server mod_frontpage buffer overflows
13224| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
13225| [8308] Apache &quot
13226| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
13227| [8119] Apache and PHP OPTIONS request reveals &quot
13228| [8054] Apache is running on the system
13229| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
13230| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
13231| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
13232| [7836] Apache HTTP Server log directory denial of service
13233| [7815] Apache for Windows &quot
13234| [7810] Apache HTTP request could result in unexpected behavior
13235| [7599] Apache Tomcat reveals installation path
13236| [7494] Apache &quot
13237| [7419] Apache Web Server could allow remote attackers to overwrite .log files
13238| [7363] Apache Web Server hidden HTTP requests
13239| [7249] Apache mod_proxy denial of service
13240| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
13241| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
13242| [7059] Apache &quot
13243| [7057] Apache &quot
13244| [7056] Apache &quot
13245| [7055] Apache &quot
13246| [7054] Apache &quot
13247| [6997] Apache Jakarta Tomcat error message may reveal information
13248| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
13249| [6970] Apache crafted HTTP request could reveal the internal IP address
13250| [6921] Apache long slash path allows directory listing
13251| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
13252| [6527] Apache Web Server for Windows and OS2 denial of service
13253| [6316] Apache Jakarta Tomcat may reveal JSP source code
13254| [6305] Apache Jakarta Tomcat directory traversal
13255| [5926] Linux Apache symbolic link
13256| [5659] Apache Web server discloses files when used with php script
13257| [5310] Apache mod_rewrite allows attacker to view arbitrary files
13258| [5204] Apache WebDAV directory listings
13259| [5197] Apache Web server reveals CGI script source code
13260| [5160] Apache Jakarta Tomcat default installation
13261| [5099] Trustix Secure Linux installs Apache with world writable access
13262| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
13263| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
13264| [4931] Apache source.asp example file allows users to write to files
13265| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
13266| [4205] Apache Jakarta Tomcat delivers file contents
13267| [2084] Apache on Debian by default serves the /usr/doc directory
13268| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
13269| [697] Apache HTTP server beck exploit
13270| [331] Apache cookies buffer overflow
13271| 
13272| Exploit-DB - https://www.exploit-db.com:
13273| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
13274| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
13275| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
13276| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
13277| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
13278| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
13279| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
13280| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
13281| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
13282| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
13283| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
13284| [29859] Apache Roller OGNL Injection
13285| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
13286| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
13287| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
13288| [29290] Apache / PHP 5.x Remote Code Execution Exploit
13289| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
13290| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
13291| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
13292| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
13293| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
13294| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
13295| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
13296| [27096] Apache Geronimo 1.0 Error Page XSS
13297| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
13298| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
13299| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
13300| [25986] Plesk Apache Zeroday Remote Exploit
13301| [25980] Apache Struts includeParams Remote Code Execution
13302| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
13303| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
13304| [24874] Apache Struts ParametersInterceptor Remote Code Execution
13305| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
13306| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
13307| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
13308| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
13309| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
13310| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
13311| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
13312| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
13313| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
13314| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
13315| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
13316| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
13317| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
13318| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
13319| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
13320| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
13321| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
13322| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
13323| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
13324| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
13325| [21719] Apache 2.0 Path Disclosure Vulnerability
13326| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
13327| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
13328| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
13329| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
13330| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
13331| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
13332| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
13333| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
13334| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
13335| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
13336| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
13337| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
13338| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
13339| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
13340| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
13341| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
13342| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
13343| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
13344| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
13345| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
13346| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
13347| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
13348| [20558] Apache 1.2 Web Server DoS Vulnerability
13349| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
13350| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
13351| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
13352| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
13353| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
13354| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
13355| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
13356| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
13357| [19231] PHP apache_request_headers Function Buffer Overflow
13358| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
13359| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
13360| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
13361| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
13362| [18442] Apache httpOnly Cookie Disclosure
13363| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
13364| [18221] Apache HTTP Server Denial of Service
13365| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
13366| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
13367| [17691] Apache Struts < 2.2.0 - Remote Command Execution
13368| [16798] Apache mod_jk 1.2.20 Buffer Overflow
13369| [16782] Apache Win32 Chunked Encoding
13370| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
13371| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
13372| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
13373| [15319] Apache 2.2 (Windows) Local Denial of Service
13374| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
13375| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13376| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
13377| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
13378| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
13379| [12330] Apache OFBiz - Multiple XSS
13380| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
13381| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
13382| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
13383| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
13384| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
13385| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
13386| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
13387| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
13388| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13389| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
13390| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
13391| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
13392| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13393| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
13394| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
13395| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
13396| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
13397| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
13398| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
13399| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
13400| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
13401| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
13402| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
13403| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
13404| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
13405| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
13406| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
13407| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
13408| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
13409| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
13410| [466] htpasswd Apache 1.3.31 - Local Exploit
13411| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
13412| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
13413| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
13414| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
13415| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
13416| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
13417| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
13418| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
13419| [9] Apache HTTP Server 2.x Memory Leak Exploit
13420| 
13421| OpenVAS (Nessus) - http://www.openvas.org:
13422| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
13423| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
13424| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
13425| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
13426| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
13427| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
13428| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
13429| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
13430| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
13431| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
13432| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
13433| [900571] Apache APR-Utils Version Detection
13434| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
13435| [900496] Apache Tiles Multiple XSS Vulnerability
13436| [900493] Apache Tiles Version Detection
13437| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
13438| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
13439| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
13440| [870175] RedHat Update for apache RHSA-2008:0004-01
13441| [864591] Fedora Update for apache-poi FEDORA-2012-10835
13442| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
13443| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
13444| [864250] Fedora Update for apache-poi FEDORA-2012-7683
13445| [864249] Fedora Update for apache-poi FEDORA-2012-7686
13446| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
13447| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
13448| [855821] Solaris Update for Apache 1.3 122912-19
13449| [855812] Solaris Update for Apache 1.3 122911-19
13450| [855737] Solaris Update for Apache 1.3 122911-17
13451| [855731] Solaris Update for Apache 1.3 122912-17
13452| [855695] Solaris Update for Apache 1.3 122911-16
13453| [855645] Solaris Update for Apache 1.3 122912-16
13454| [855587] Solaris Update for kernel update and Apache 108529-29
13455| [855566] Solaris Update for Apache 116973-07
13456| [855531] Solaris Update for Apache 116974-07
13457| [855524] Solaris Update for Apache 2 120544-14
13458| [855494] Solaris Update for Apache 1.3 122911-15
13459| [855478] Solaris Update for Apache Security 114145-11
13460| [855472] Solaris Update for Apache Security 113146-12
13461| [855179] Solaris Update for Apache 1.3 122912-15
13462| [855147] Solaris Update for kernel update  and Apache 108528-29
13463| [855077] Solaris Update for Apache 2 120543-14
13464| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
13465| [850088] SuSE Update for apache2 SUSE-SA:2007:061
13466| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
13467| [841209] Ubuntu Update for apache2 USN-1627-1
13468| [840900] Ubuntu Update for apache2 USN-1368-1
13469| [840798] Ubuntu Update for apache2 USN-1259-1
13470| [840734] Ubuntu Update for apache2 USN-1199-1
13471| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
13472| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
13473| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
13474| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
13475| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
13476| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
13477| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
13478| [835253] HP-UX Update for Apache Web Server HPSBUX02645
13479| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
13480| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
13481| [835236] HP-UX Update for Apache with PHP HPSBUX02543
13482| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
13483| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
13484| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
13485| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
13486| [835188] HP-UX Update for Apache HPSBUX02308
13487| [835181] HP-UX Update for Apache With PHP HPSBUX02332
13488| [835180] HP-UX Update for Apache with PHP HPSBUX02342
13489| [835172] HP-UX Update for Apache HPSBUX02365
13490| [835168] HP-UX Update for Apache HPSBUX02313
13491| [835148] HP-UX Update for Apache HPSBUX01064
13492| [835139] HP-UX Update for Apache with PHP HPSBUX01090
13493| [835131] HP-UX Update for Apache HPSBUX00256
13494| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
13495| [835104] HP-UX Update for Apache HPSBUX00224
13496| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
13497| [835101] HP-UX Update for Apache HPSBUX01232
13498| [835080] HP-UX Update for Apache HPSBUX02273
13499| [835078] HP-UX Update for ApacheStrong HPSBUX00255
13500| [835044] HP-UX Update for Apache HPSBUX01019
13501| [835040] HP-UX Update for Apache PHP HPSBUX00207
13502| [835025] HP-UX Update for Apache HPSBUX00197
13503| [835023] HP-UX Update for Apache HPSBUX01022
13504| [835022] HP-UX Update for Apache HPSBUX02292
13505| [835005] HP-UX Update for Apache HPSBUX02262
13506| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
13507| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
13508| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
13509| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
13510| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
13511| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
13512| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
13513| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
13514| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
13515| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
13516| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
13517| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
13518| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
13519| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
13520| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
13521| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
13522| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
13523| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
13524| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
13525| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
13526| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
13527| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
13528| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
13529| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
13530| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
13531| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
13532| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
13533| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
13534| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
13535| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
13536| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
13537| [801942] Apache Archiva Multiple Vulnerabilities
13538| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
13539| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
13540| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
13541| [801284] Apache Derby Information Disclosure Vulnerability
13542| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
13543| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
13544| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
13545| [800680] Apache APR Version Detection
13546| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
13547| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
13548| [800677] Apache Roller Version Detection
13549| [800279] Apache mod_jk Module Version Detection
13550| [800278] Apache Struts Cross Site Scripting Vulnerability
13551| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
13552| [800276] Apache Struts Version Detection
13553| [800271] Apache Struts Directory Traversal Vulnerability
13554| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
13555| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
13556| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
13557| [103122] Apache Web Server ETag Header Information Disclosure Weakness
13558| [103074] Apache Continuum Cross Site Scripting Vulnerability
13559| [103073] Apache Continuum Detection
13560| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
13561| [101023] Apache Open For Business Weak Password security check
13562| [101020] Apache Open For Business HTML injection vulnerability
13563| [101019] Apache Open For Business service detection
13564| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
13565| [100923] Apache Archiva Detection
13566| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
13567| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
13568| [100813] Apache Axis2 Detection
13569| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
13570| [100795] Apache Derby Detection
13571| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
13572| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
13573| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
13574| [100514] Apache Multiple Security Vulnerabilities
13575| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
13576| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
13577| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
13578| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13579| [72626] Debian Security Advisory DSA 2579-1 (apache2)
13580| [72612] FreeBSD Ports: apache22
13581| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
13582| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
13583| [71512] FreeBSD Ports: apache
13584| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
13585| [71256] Debian Security Advisory DSA 2452-1 (apache2)
13586| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
13587| [70737] FreeBSD Ports: apache
13588| [70724] Debian Security Advisory DSA 2405-1 (apache2)
13589| [70600] FreeBSD Ports: apache
13590| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
13591| [70235] Debian Security Advisory DSA 2298-2 (apache2)
13592| [70233] Debian Security Advisory DSA 2298-1 (apache2)
13593| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
13594| [69338] Debian Security Advisory DSA 2202-1 (apache2)
13595| [67868] FreeBSD Ports: apache
13596| [66816] FreeBSD Ports: apache
13597| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
13598| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
13599| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
13600| [66081] SLES11: Security update for Apache 2
13601| [66074] SLES10: Security update for Apache 2
13602| [66070] SLES9: Security update for Apache 2
13603| [65998] SLES10: Security update for apache2-mod_python
13604| [65893] SLES10: Security update for Apache 2
13605| [65888] SLES10: Security update for Apache 2
13606| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
13607| [65510] SLES9: Security update for Apache 2
13608| [65472] SLES9: Security update for Apache
13609| [65467] SLES9: Security update for Apache
13610| [65450] SLES9: Security update for apache2
13611| [65390] SLES9: Security update for Apache2
13612| [65363] SLES9: Security update for Apache2
13613| [65309] SLES9: Security update for Apache and mod_ssl
13614| [65296] SLES9: Security update for webdav apache module
13615| [65283] SLES9: Security update for Apache2
13616| [65249] SLES9: Security update for Apache 2
13617| [65230] SLES9: Security update for Apache 2
13618| [65228] SLES9: Security update for Apache 2
13619| [65212] SLES9: Security update for apache2-mod_python
13620| [65209] SLES9: Security update for apache2-worker
13621| [65207] SLES9: Security update for Apache 2
13622| [65168] SLES9: Security update for apache2-mod_python
13623| [65142] SLES9: Security update for Apache2
13624| [65136] SLES9: Security update for Apache 2
13625| [65132] SLES9: Security update for apache
13626| [65131] SLES9: Security update for Apache 2 oes/CORE
13627| [65113] SLES9: Security update for apache2
13628| [65072] SLES9: Security update for apache and mod_ssl
13629| [65017] SLES9: Security update for Apache 2
13630| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
13631| [64783] FreeBSD Ports: apache
13632| [64774] Ubuntu USN-802-2 (apache2)
13633| [64653] Ubuntu USN-813-2 (apache2)
13634| [64559] Debian Security Advisory DSA 1834-2 (apache2)
13635| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
13636| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
13637| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
13638| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
13639| [64443] Ubuntu USN-802-1 (apache2)
13640| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
13641| [64423] Debian Security Advisory DSA 1834-1 (apache2)
13642| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
13643| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
13644| [64251] Debian Security Advisory DSA 1816-1 (apache2)
13645| [64201] Ubuntu USN-787-1 (apache2)
13646| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
13647| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
13648| [63565] FreeBSD Ports: apache
13649| [63562] Ubuntu USN-731-1 (apache2)
13650| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
13651| [61185] FreeBSD Ports: apache
13652| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
13653| [60387] Slackware Advisory SSA:2008-045-02 apache 
13654| [58826] FreeBSD Ports: apache-tomcat
13655| [58825] FreeBSD Ports: apache-tomcat
13656| [58804] FreeBSD Ports: apache
13657| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
13658| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
13659| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
13660| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
13661| [57335] Debian Security Advisory DSA 1167-1 (apache)
13662| [57201] Debian Security Advisory DSA 1131-1 (apache)
13663| [57200] Debian Security Advisory DSA 1132-1 (apache2)
13664| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd 
13665| [57145] FreeBSD Ports: apache
13666| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd 
13667| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux 
13668| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
13669| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
13670| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
13671| [56067] FreeBSD Ports: apache
13672| [55803] Slackware Advisory SSA:2005-310-04 apache 
13673| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13674| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13675| [55355] FreeBSD Ports: apache
13676| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13677| [55261] Debian Security Advisory DSA 805-1 (apache2)
13678| [55259] Debian Security Advisory DSA 803-1 (apache)
13679| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13680| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13681| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13682| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13683| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13684| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13685| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13686| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13687| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13688| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13689| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13690| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13691| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13692| [54439] FreeBSD Ports: apache
13693| [53931] Slackware Advisory SSA:2004-133-01 apache 
13694| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php  
13695| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl  
13696| [53878] Slackware Advisory SSA:2003-308-01 apache security update 
13697| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13698| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13699| [53848] Debian Security Advisory DSA 131-1 (apache)
13700| [53784] Debian Security Advisory DSA 021-1 (apache)
13701| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13702| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13703| [53735] Debian Security Advisory DSA 187-1 (apache)
13704| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13705| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13706| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13707| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13708| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13709| [53282] Debian Security Advisory DSA 594-1 (apache)
13710| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13711| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13712| [53215] Debian Security Advisory DSA 525-1 (apache)
13713| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13714| [52529] FreeBSD Ports: apache+ssl
13715| [52501] FreeBSD Ports: apache
13716| [52461] FreeBSD Ports: apache
13717| [52390] FreeBSD Ports: apache
13718| [52389] FreeBSD Ports: apache
13719| [52388] FreeBSD Ports: apache
13720| [52383] FreeBSD Ports: apache
13721| [52339] FreeBSD Ports: apache+mod_ssl
13722| [52331] FreeBSD Ports: apache
13723| [52329] FreeBSD Ports: ru-apache+mod_ssl
13724| [52314] FreeBSD Ports: apache
13725| [52310] FreeBSD Ports: apache
13726| [15588] Detect Apache HTTPS
13727| [15555] Apache mod_proxy content-length buffer overflow
13728| [15554] Apache mod_include priviledge escalation
13729| [14771] Apache <= 1.3.33 htpasswd local overflow
13730| [14177] Apache mod_access rule bypass
13731| [13644] Apache mod_rootme Backdoor
13732| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13733| [12280] Apache Connection Blocking Denial of Service
13734| [12239] Apache Error Log Escape Sequence Injection
13735| [12123] Apache Tomcat source.jsp malformed request information disclosure
13736| [12085] Apache Tomcat servlet/JSP container default files 
13737| [11438] Apache Tomcat Directory Listing and File disclosure
13738| [11204] Apache Tomcat Default Accounts
13739| [11092] Apache 2.0.39 Win32 directory traversal
13740| [11046] Apache Tomcat TroubleShooter Servlet Installed
13741| [11042] Apache Tomcat DOS Device Name XSS
13742| [11041] Apache Tomcat /servlet Cross Site Scripting
13743| [10938] Apache Remote Command Execution via .bat files
13744| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13745| [10773] MacOS X Finder reveals contents of Apache Web files
13746| [10766] Apache UserDir Sensitive Information Disclosure
13747| [10756] MacOS X Finder reveals contents of Apache Web directories
13748| [10752] Apache Auth Module SQL Insertion Attack
13749| [10704] Apache Directory Listing
13750| [10678] Apache /server-info accessible
13751| [10677] Apache /server-status accessible
13752| [10440] Check for Apache Multiple / vulnerability
13753| 
13754| SecurityTracker - https://www.securitytracker.com:
13755| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13756| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13757| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13758| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13759| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13760| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13761| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13762| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13763| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13764| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13765| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13766| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13767| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13768| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13769| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13770| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13771| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13772| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13773| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13774| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13775| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13776| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13777| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13778| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13779| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13780| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13781| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13782| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13783| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13784| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13785| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13786| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13787| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13788| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13789| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13790| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13791| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13792| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13793| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13794| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13795| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13796| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13797| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13798| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13799| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13800| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13801| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13802| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13803| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13804| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13805| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13806| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13807| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13808| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13809| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13810| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13811| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13812| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13813| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13814| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13815| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13816| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13817| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13818| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13819| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13820| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13821| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13822| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13823| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13824| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13825| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13826| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13827| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13828| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13829| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13830| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13831| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13832| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13833| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13834| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13835| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13836| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13837| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13838| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13839| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13840| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13841| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13842| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13843| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13844| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13845| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13846| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13847| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13848| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13849| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13850| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13851| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13852| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13853| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13854| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13855| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13856| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13857| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13858| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13859| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13860| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13861| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13862| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13863| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13864| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13865| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13866| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13867| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13868| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13869| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13870| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13871| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13872| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13873| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13874| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13875| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13876| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13877| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13878| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13879| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13880| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13881| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13882| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13883| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13884| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13885| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13886| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13887| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13888| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13889| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13890| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13891| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13892| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13893| [1008920] Apache mod_digest May Validate Replayed Client Responses
13894| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13895| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13896| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13897| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13898| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13899| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13900| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13901| [1008029] Apache mod_alias Contains a Buffer Overflow
13902| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13903| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13904| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13905| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13906| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13907| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13908| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13909| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13910| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13911| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13912| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13913| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13914| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13915| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13916| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13917| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13918| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13919| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13920| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13921| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13922| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13923| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13924| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13925| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13926| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13927| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13928| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13929| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13930| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13931| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13932| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13933| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13934| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13935| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13936| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13937| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13938| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13939| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13940| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13941| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13942| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13943| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13944| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13945| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13946| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13947| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13948| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13949| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13950| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13951| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13952| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13953| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13954| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13955| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13956| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13957| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13958| 
13959| OSVDB - http://www.osvdb.org:
13960| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13961| [96077] Apache CloudStack Global Settings Multiple Field XSS
13962| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13963| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13964| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13965| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13966| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13967| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13968| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13969| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13970| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13971| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13972| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13973| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13974| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13975| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13976| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13977| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13978| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13979| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13980| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13981| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13982| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13983| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13984| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13985| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13986| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13987| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13988| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13989| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13990| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13991| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13992| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13993| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13994| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13995| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13996| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13997| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13998| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13999| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
14000| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
14001| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
14002| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
14003| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
14004| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
14005| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
14006| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
14007| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
14008| [94279] Apache Qpid CA Certificate Validation Bypass
14009| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
14010| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
14011| [94042] Apache Axis JAX-WS Java Unspecified Exposure
14012| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
14013| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
14014| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
14015| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
14016| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
14017| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
14018| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
14019| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
14020| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
14021| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
14022| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
14023| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
14024| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
14025| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
14026| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
14027| [93541] Apache Solr json.wrf Callback XSS
14028| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
14029| [93521] Apache jUDDI Security API Token Session Persistence Weakness
14030| [93520] Apache CloudStack Default SSL Key Weakness
14031| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
14032| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
14033| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
14034| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
14035| [93515] Apache HBase table.jsp name Parameter XSS
14036| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
14037| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
14038| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
14039| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
14040| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
14041| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
14042| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
14043| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
14044| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
14045| [93252] Apache Tomcat FORM Authenticator Session Fixation
14046| [93172] Apache Camel camel/endpoints/ Endpoint XSS
14047| [93171] Apache Sling HtmlResponse Error Message XSS
14048| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
14049| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
14050| [93168] Apache Click ErrorReport.java id Parameter XSS
14051| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
14052| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
14053| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
14054| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
14055| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
14056| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
14057| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
14058| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
14059| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
14060| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
14061| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
14062| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
14063| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
14064| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
14065| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
14066| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
14067| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
14068| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
14069| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
14070| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
14071| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
14072| [93144] Apache Solr Admin Command Execution CSRF
14073| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
14074| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
14075| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
14076| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
14077| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
14078| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
14079| [92748] Apache CloudStack VM Console Access Restriction Bypass
14080| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
14081| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
14082| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
14083| [92706] Apache ActiveMQ Debug Log Rendering XSS
14084| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
14085| [92270] Apache Tomcat Unspecified CSRF
14086| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
14087| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
14088| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
14089| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
14090| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
14091| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
14092| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
14093| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
14094| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
14095| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
14096| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
14097| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
14098| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
14099| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
14100| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
14101| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
14102| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
14103| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
14104| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
14105| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
14106| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
14107| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
14108| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
14109| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
14110| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
14111| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
14112| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
14113| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
14114| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
14115| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
14116| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
14117| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
14118| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
14119| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
14120| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
14121| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
14122| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
14123| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
14124| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
14125| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
14126| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
14127| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
14128| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
14129| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
14130| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
14131| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
14132| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
14133| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
14134| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
14135| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
14136| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
14137| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
14138| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
14139| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
14140| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
14141| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
14142| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
14143| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
14144| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
14145| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
14146| [86901] Apache Tomcat Error Message Path Disclosure
14147| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
14148| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
14149| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
14150| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
14151| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
14152| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
14153| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
14154| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
14155| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
14156| [85430] Apache mod_pagespeed Module Unspecified XSS
14157| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
14158| [85249] Apache Wicket Unspecified XSS
14159| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
14160| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
14161| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
14162| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
14163| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
14164| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
14165| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
14166| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
14167| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
14168| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
14169| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
14170| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
14171| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
14172| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
14173| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
14174| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
14175| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
14176| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
14177| [83339] Apache Roller Blogger Roll Unspecified XSS
14178| [83270] Apache Roller Unspecified Admin Action CSRF
14179| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
14180| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
14181| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
14182| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
14183| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
14184| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
14185| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
14186| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
14187| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
14188| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
14189| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
14190| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
14191| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
14192| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
14193| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
14194| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
14195| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
14196| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
14197| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
14198| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
14199| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
14200| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
14201| [80300] Apache Wicket wicket:pageMapName Parameter XSS
14202| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
14203| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
14204| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
14205| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
14206| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
14207| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
14208| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
14209| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
14210| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
14211| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
14212| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
14213| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
14214| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
14215| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
14216| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
14217| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
14218| [78331] Apache Tomcat Request Object Recycling Information Disclosure
14219| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
14220| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
14221| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
14222| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
14223| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
14224| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
14225| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
14226| [77593] Apache Struts Conversion Error OGNL Expression Injection
14227| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
14228| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
14229| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
14230| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
14231| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
14232| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
14233| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
14234| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
14235| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
14236| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
14237| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
14238| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
14239| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
14240| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
14241| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
14242| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
14243| [74725] Apache Wicket Multi Window Support Unspecified XSS
14244| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
14245| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
14246| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
14247| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
14248| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
14249| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
14250| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
14251| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
14252| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
14253| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
14254| [73644] Apache XML Security Signature Key Parsing Overflow DoS
14255| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
14256| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
14257| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
14258| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
14259| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
14260| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
14261| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
14262| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
14263| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
14264| [73154] Apache Archiva Multiple Unspecified CSRF
14265| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
14266| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
14267| [72238] Apache Struts Action / Method Names &lt
14268| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
14269| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
14270| [71557] Apache Tomcat HTML Manager Multiple XSS
14271| [71075] Apache Archiva User Management Page XSS
14272| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
14273| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
14274| [70924] Apache Continuum Multiple Admin Function CSRF
14275| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
14276| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
14277| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
14278| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
14279| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
14280| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
14281| [69520] Apache Archiva Administrator Credential Manipulation CSRF
14282| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
14283| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
14284| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
14285| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
14286| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
14287| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
14288| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
14289| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
14290| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
14291| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
14292| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
14293| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
14294| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
14295| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
14296| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
14297| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
14298| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
14299| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
14300| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
14301| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
14302| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
14303| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
14304| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
14305| [65054] Apache ActiveMQ Jetty Error Handler XSS
14306| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
14307| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
14308| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
14309| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
14310| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
14311| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
14312| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
14313| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
14314| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
14315| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
14316| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
14317| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
14318| [63895] Apache HTTP Server mod_headers Unspecified Issue
14319| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
14320| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
14321| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
14322| [63140] Apache Thrift Service Malformed Data Remote DoS
14323| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
14324| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
14325| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
14326| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
14327| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
14328| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
14329| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
14330| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
14331| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
14332| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
14333| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
14334| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
14335| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
14336| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
14337| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
14338| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
14339| [60678] Apache Roller Comment Email Notification Manipulation DoS
14340| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
14341| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
14342| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
14343| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
14344| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
14345| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
14346| [60232] PHP on Apache php.exe Direct Request Remote DoS
14347| [60176] Apache Tomcat Windows Installer Admin Default Password
14348| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
14349| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
14350| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
14351| [59944] Apache Hadoop jobhistory.jsp XSS
14352| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
14353| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
14354| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
14355| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
14356| [59019] Apache mod_python Cookie Salting Weakness
14357| [59018] Apache Harmony Error Message Handling Overflow
14358| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
14359| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
14360| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
14361| [59010] Apache Solr get-file.jsp XSS
14362| [59009] Apache Solr action.jsp XSS
14363| [59008] Apache Solr analysis.jsp XSS
14364| [59007] Apache Solr schema.jsp Multiple Parameter XSS
14365| [59006] Apache Beehive select / checkbox Tag XSS
14366| [59005] Apache Beehive jpfScopeID Global Parameter XSS
14367| [59004] Apache Beehive Error Message XSS
14368| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
14369| [59002] Apache Jetspeed default-page.psml URI XSS
14370| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
14371| [59000] Apache CXF Unsigned Message Policy Bypass
14372| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
14373| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
14374| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
14375| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
14376| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
14377| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
14378| [58993] Apache Hadoop browseBlock.jsp XSS
14379| [58991] Apache Hadoop browseDirectory.jsp XSS
14380| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
14381| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
14382| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
14383| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
14384| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
14385| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
14386| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
14387| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
14388| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
14389| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
14390| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
14391| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
14392| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
14393| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
14394| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
14395| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
14396| [58974] Apache Sling /apps Script User Session Management Access Weakness
14397| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
14398| [58931] Apache Geronimo Cookie Parameters Validation Weakness
14399| [58930] Apache Xalan-C++ XPath Handling Remote DoS
14400| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
14401| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
14402| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
14403| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
14404| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
14405| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
14406| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
14407| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
14408| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
14409| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
14410| [58805] Apache Derby Unauthenticated Database / Admin Access
14411| [58804] Apache Wicket Header Contribution Unspecified Issue
14412| [58803] Apache Wicket Session Fixation
14413| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
14414| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
14415| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
14416| [58799] Apache Tapestry Logging Cleartext Password Disclosure
14417| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
14418| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
14419| [58796] Apache Jetspeed Unsalted Password Storage Weakness
14420| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
14421| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
14422| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
14423| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
14424| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
14425| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
14426| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
14427| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
14428| [58775] Apache JSPWiki preview.jsp action Parameter XSS
14429| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14430| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
14431| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
14432| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
14433| [58770] Apache JSPWiki Group.jsp group Parameter XSS
14434| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
14435| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
14436| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
14437| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
14438| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14439| [58763] Apache JSPWiki Include Tag Multiple Script XSS
14440| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
14441| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
14442| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
14443| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
14444| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
14445| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
14446| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
14447| [58755] Apache Harmony DRLVM Non-public Class Member Access
14448| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
14449| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
14450| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
14451| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
14452| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
14453| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
14454| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
14455| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
14456| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
14457| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
14458| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
14459| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
14460| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
14461| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
14462| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
14463| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
14464| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
14465| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
14466| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
14467| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
14468| [58725] Apache Tapestry Basic String ACL Bypass Weakness
14469| [58724] Apache Roller Logout Functionality Failure Session Persistence
14470| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
14471| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
14472| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
14473| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
14474| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
14475| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
14476| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
14477| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
14478| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
14479| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
14480| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
14481| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
14482| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
14483| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
14484| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
14485| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
14486| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
14487| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
14488| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
14489| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
14490| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
14491| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
14492| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
14493| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
14494| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
14495| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
14496| [58687] Apache Axis Invalid wsdl Request XSS
14497| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
14498| [58685] Apache Velocity Template Designer Privileged Code Execution
14499| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
14500| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
14501| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
14502| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
14503| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
14504| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
14505| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
14506| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
14507| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
14508| [58667] Apache Roller Database Cleartext Passwords Disclosure
14509| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
14510| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
14511| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
14512| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
14513| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
14514| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
14515| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
14516| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
14517| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
14518| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
14519| [56984] Apache Xerces2 Java Malformed XML Input DoS
14520| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
14521| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
14522| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
14523| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
14524| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
14525| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
14526| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
14527| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
14528| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
14529| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
14530| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
14531| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
14532| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
14533| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
14534| [55056] Apache Tomcat Cross-application TLD File Manipulation
14535| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
14536| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
14537| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
14538| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
14539| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
14540| [54589] Apache Jserv Nonexistent JSP Request XSS
14541| [54122] Apache Struts s:a / s:url Tag href Element XSS
14542| [54093] Apache ActiveMQ Web Console JMS Message XSS
14543| [53932] Apache Geronimo Multiple Admin Function CSRF
14544| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
14545| [53930] Apache Geronimo /console/portal/ URI XSS
14546| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
14547| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
14548| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
14549| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
14550| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
14551| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
14552| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
14553| [53380] Apache Struts Unspecified XSS
14554| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
14555| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
14556| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
14557| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
14558| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
14559| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
14560| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
14561| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
14562| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
14563| [51151] Apache Roller Search Function q Parameter XSS
14564| [50482] PHP with Apache php_value Order Unspecified Issue
14565| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
14566| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
14567| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
14568| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
14569| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
14570| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
14571| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
14572| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
14573| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
14574| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
14575| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
14576| [47096] Oracle Weblogic Apache Connector POST Request Overflow
14577| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
14578| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
14579| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
14580| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
14581| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
14582| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
14583| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
14584| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
14585| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
14586| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
14587| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
14588| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
14589| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
14590| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
14591| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
14592| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
14593| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
14594| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
14595| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
14596| [43452] Apache Tomcat HTTP Request Smuggling
14597| [43309] Apache Geronimo LoginModule Login Method Bypass
14598| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
14599| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
14600| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
14601| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
14602| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
14603| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
14604| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
14605| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
14606| [42091] Apache Maven Site Plugin Installation Permission Weakness
14607| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
14608| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
14609| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
14610| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
14611| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
14612| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
14613| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
14614| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
14615| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
14616| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
14617| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
14618| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
14619| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
14620| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
14621| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
14622| [40262] Apache HTTP Server mod_status refresh XSS
14623| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
14624| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
14625| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
14626| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
14627| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
14628| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
14629| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
14630| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
14631| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
14632| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
14633| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
14634| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
14635| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
14636| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
14637| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
14638| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
14639| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
14640| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
14641| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
14642| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
14643| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
14644| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
14645| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
14646| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
14647| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
14648| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
14649| [36080] Apache Tomcat JSP Examples Crafted URI XSS
14650| [36079] Apache Tomcat Manager Uploaded Filename XSS
14651| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
14652| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
14653| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
14654| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
14655| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
14656| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
14657| [34881] Apache Tomcat Malformed Accept-Language Header XSS
14658| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
14659| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
14660| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14661| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
14662| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
14663| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
14664| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
14665| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
14666| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
14667| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
14668| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
14669| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
14670| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
14671| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14672| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14673| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14674| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14675| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14676| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14677| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14678| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14679| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14680| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14681| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14682| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14683| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14684| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14685| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14686| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14687| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14688| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14689| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14690| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14691| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14692| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14693| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14694| [24365] Apache Struts Multiple Function Error Message XSS
14695| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14696| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14697| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14698| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14699| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14700| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14701| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14702| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14703| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14704| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14705| [22459] Apache Geronimo Error Page XSS
14706| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14707| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14708| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14709| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14710| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14711| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14712| [21021] Apache Struts Error Message XSS
14713| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14714| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14715| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14716| [20439] Apache Tomcat Directory Listing Saturation DoS
14717| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14718| [20285] Apache HTTP Server Log File Control Character Injection
14719| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14720| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14721| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14722| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14723| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14724| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14725| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14726| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14727| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14728| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14729| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14730| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14731| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14732| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14733| [18233] Apache HTTP Server htdigest user Variable Overfow
14734| [17738] Apache HTTP Server HTTP Request Smuggling
14735| [16586] Apache HTTP Server Win32 GET Overflow DoS
14736| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14737| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14738| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14739| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14740| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14741| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14742| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14743| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14744| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14745| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14746| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14747| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14748| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14749| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14750| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14751| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14752| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14753| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14754| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14755| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14756| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14757| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14758| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14759| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14760| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14761| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14762| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14763| [13304] Apache Tomcat realPath.jsp Path Disclosure
14764| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14765| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14766| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14767| [12848] Apache HTTP Server htdigest realm Variable Overflow
14768| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14769| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14770| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14771| [12557] Apache HTTP Server prefork MPM accept Error DoS
14772| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14773| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14774| [12231] Apache Tomcat web.xml Arbitrary File Access
14775| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14776| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14777| [12178] Apache Jakarta Lucene results.jsp XSS
14778| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14779| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14780| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14781| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14782| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14783| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14784| [10471] Apache Xerces-C++ XML Parser DoS
14785| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14786| [10068] Apache HTTP Server htpasswd Local Overflow
14787| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14788| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14789| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14790| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14791| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14792| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14793| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14794| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14795| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14796| [9714] Apache Authentication Module Threaded MPM DoS
14797| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14798| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14799| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14800| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14801| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14802| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14803| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14804| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14805| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14806| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14807| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14808| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14809| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14810| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14811| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14812| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14813| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14814| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14815| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14816| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14817| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14818| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14819| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14820| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14821| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14822| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14823| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14824| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14825| [9208] Apache Tomcat .jsp Encoded Newline XSS
14826| [9204] Apache Tomcat ROOT Application XSS
14827| [9203] Apache Tomcat examples Application XSS
14828| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14829| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14830| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14831| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14832| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14833| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14834| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14835| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14836| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14837| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14838| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14839| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14840| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14841| [7611] Apache HTTP Server mod_alias Local Overflow
14842| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14843| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14844| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14845| [6882] Apache mod_python Malformed Query String Variant DoS
14846| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14847| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14848| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14849| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14850| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14851| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14852| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14853| [5278] Apache Tomcat web.xml Restriction Bypass
14854| [5051] Apache Tomcat Null Character DoS
14855| [4973] Apache Tomcat servlet Mapping XSS
14856| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14857| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14858| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14859| [4568] mod_survey For Apache ENV Tags SQL Injection
14860| [4553] Apache HTTP Server ApacheBench Overflow DoS
14861| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14862| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14863| [4383] Apache HTTP Server Socket Race Condition DoS
14864| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14865| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14866| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14867| [4231] Apache Cocoon Error Page Server Path Disclosure
14868| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14869| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14870| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14871| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14872| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14873| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14874| [3322] mod_php for Apache HTTP Server Process Hijack
14875| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14876| [2885] Apache mod_python Malformed Query String DoS
14877| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14878| [2733] Apache HTTP Server mod_rewrite Local Overflow
14879| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14880| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14881| [2149] Apache::Gallery Privilege Escalation
14882| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14883| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14884| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14885| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14886| [872] Apache Tomcat Multiple Default Accounts
14887| [862] Apache HTTP Server SSI Error Page XSS
14888| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14889| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14890| [845] Apache Tomcat MSDOS Device XSS
14891| [844] Apache Tomcat Java Servlet Error Page XSS
14892| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14893| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14894| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14895| [775] Apache mod_python Module Importing Privilege Function Execution
14896| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14897| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14898| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14899| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14900| [637] Apache HTTP Server UserDir Directive Username Enumeration
14901| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14902| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14903| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14904| [561] Apache Web Servers mod_status /server-status Information Disclosure
14905| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14906| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14907| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14908| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14909| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14910| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14911| [376] Apache Tomcat contextAdmin Arbitrary File Access
14912| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14913| [222] Apache HTTP Server test-cgi Arbitrary File Access
14914| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14915| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14916|_
14917465/tcp  open  ssl/smtp Exim smtpd 4.92
14918| vulscan: VulDB - https://vuldb.com:
14919| [141327] Exim up to 4.92.1 Backslash privilege escalation
14920| [138827] Exim up to 4.92 Expansion Code Execution
14921| [135932] Exim up to 4.92 privilege escalation
14922| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14923| 
14924| MITRE CVE - https://cve.mitre.org:
14925| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14926| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14927| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14928| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14929| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14930| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14931| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14932| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14933| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14934| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14935| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14936| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14937| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14938| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14939| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14940| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14941| 
14942| SecurityFocus - https://www.securityfocus.com/bid/:
14943| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14944| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14945| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14946| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14947| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14948| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14949| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14950| [56285] Exim DKIM  DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14951| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14952| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14953| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14954| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14955| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14956| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14957| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14958| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14959| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14960| [17110] sa-exim Unauthorized File Access Vulnerability
14961| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14962| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14963| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14964| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14965| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14966| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14967| [6314] Exim Internet Mailer Format String Vulnerability
14968| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14969| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14970| [2828] Exim Format String Vulnerability
14971| [1859] Exim Buffer Overflow Vulnerability
14972| 
14973| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14974| [84758] Exim sender_address parameter command execution
14975| [84015] Exim command execution
14976| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14977| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14978| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14979| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14980| [67455] Exim DKIM processing code execution
14981| [67299] Exim dkim_exim_verify_finish() format string
14982| [65028] Exim open_log privilege escalation
14983| [63967] Exim config file privilege escalation
14984| [63960] Exim header buffer overflow
14985| [59043] Exim mail directory privilege escalation
14986| [59042] Exim MBX symlink
14987| [52922] ikiwiki teximg plugin information disclosure
14988| [34265] Exim spamd buffer overflow
14989| [25286] Sa-exim greylistclean.cron file deletion
14990| [22687] RHSA-2005:025 updates for exim not installed
14991| [18901] Exim dns_build_reverse buffer overflow
14992| [18764] Exim spa_base64_to_bits function buffer overflow
14993| [18763] Exim host_aton buffer overflow
14994| [16079] Exim require_verify buffer overflow
14995| [16077] Exim header_check_syntax buffer overflow
14996| [16075] Exim sender_verify buffer overflow
14997| [13067] Exim HELO or EHLO command heap overflow
14998| [10761] Exim daemon.c format string
14999| [8194] Exim configuration file -c command-line argument buffer overflow
15000| [7738] Exim allows attacker to hide commands in localhost names using pipes
15001| [6671] Exim &quot
15002| [1893] Exim MTA allows local users to gain root privileges
15003| 
15004| Exploit-DB - https://www.exploit-db.com:
15005| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
15006| [15725] Exim 4.63 Remote Root Exploit
15007| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
15008| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
15009| [796] Exim <= 4.42 Local Root Exploit
15010| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
15011| 
15012| OpenVAS (Nessus) - http://www.openvas.org:
15013| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
15014| 
15015| SecurityTracker - https://www.securitytracker.com:
15016| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
15017| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
15018| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
15019| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
15020| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
15021| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
15022| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
15023| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
15024| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
15025| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
15026| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
15027| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
15028| 
15029| OSVDB - http://www.osvdb.org:
15030| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
15031| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
15032| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
15033| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
15034| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
15035| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
15036| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
15037| [70696] Exim log.c open_log() Function Local Privilege Escalation
15038| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
15039| [69685] Exim string_format Function Remote Overflow
15040| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
15041| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
15042| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
15043| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
15044| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
15045| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
15046| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
15047| [12726] Exim -be Command Line Option host_aton Function Local Overflow
15048| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
15049| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
15050| [10032] libXpm CreateXImage Function Integer Overflow
15051| [7160] Exim .forward :include: Option Privilege Escalation
15052| [6479] Vexim COOKIE Authentication Credential Disclosure
15053| [6478] Vexim Multiple Parameter SQL Injection
15054| [5930] Exim Parenthesis File Name Filter Bypass
15055| [5897] Exim header_syntax Function Remote Overflow
15056| [5896] Exim sender_verify Function Remote Overflow
15057| [5530] Exim Localhost Name Arbitrary Command Execution
15058| [5330] Exim Configuration File Variable Overflow
15059| [1855] Exim Batched SMTP Mail Header Format String
15060|_
15061587/tcp  open  smtp     Exim smtpd 4.92
15062| vulscan: VulDB - https://vuldb.com:
15063| [141327] Exim up to 4.92.1 Backslash privilege escalation
15064| [138827] Exim up to 4.92 Expansion Code Execution
15065| [135932] Exim up to 4.92 privilege escalation
15066| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
15067| 
15068| MITRE CVE - https://cve.mitre.org:
15069| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
15070| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
15071| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
15072| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
15073| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
15074| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
15075| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
15076| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
15077| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
15078| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
15079| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
15080| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
15081| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
15082| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
15083| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
15084| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
15085| 
15086| SecurityFocus - https://www.securityfocus.com/bid/:
15087| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
15088| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
15089| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
15090| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
15091| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
15092| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
15093| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
15094| [56285] Exim DKIM  DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
15095| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
15096| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
15097| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
15098| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
15099| [45308] Exim Crafted Header Remote Code Execution Vulnerability
15100| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
15101| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
15102| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
15103| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
15104| [17110] sa-exim Unauthorized File Access Vulnerability
15105| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
15106| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
15107| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
15108| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
15109| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
15110| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
15111| [6314] Exim Internet Mailer Format String Vulnerability
15112| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
15113| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
15114| [2828] Exim Format String Vulnerability
15115| [1859] Exim Buffer Overflow Vulnerability
15116| 
15117| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15118| [84758] Exim sender_address parameter command execution
15119| [84015] Exim command execution
15120| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
15121| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
15122| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
15123| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
15124| [67455] Exim DKIM processing code execution
15125| [67299] Exim dkim_exim_verify_finish() format string
15126| [65028] Exim open_log privilege escalation
15127| [63967] Exim config file privilege escalation
15128| [63960] Exim header buffer overflow
15129| [59043] Exim mail directory privilege escalation
15130| [59042] Exim MBX symlink
15131| [52922] ikiwiki teximg plugin information disclosure
15132| [34265] Exim spamd buffer overflow
15133| [25286] Sa-exim greylistclean.cron file deletion
15134| [22687] RHSA-2005:025 updates for exim not installed
15135| [18901] Exim dns_build_reverse buffer overflow
15136| [18764] Exim spa_base64_to_bits function buffer overflow
15137| [18763] Exim host_aton buffer overflow
15138| [16079] Exim require_verify buffer overflow
15139| [16077] Exim header_check_syntax buffer overflow
15140| [16075] Exim sender_verify buffer overflow
15141| [13067] Exim HELO or EHLO command heap overflow
15142| [10761] Exim daemon.c format string
15143| [8194] Exim configuration file -c command-line argument buffer overflow
15144| [7738] Exim allows attacker to hide commands in localhost names using pipes
15145| [6671] Exim &quot
15146| [1893] Exim MTA allows local users to gain root privileges
15147| 
15148| Exploit-DB - https://www.exploit-db.com:
15149| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
15150| [15725] Exim 4.63 Remote Root Exploit
15151| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
15152| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
15153| [796] Exim <= 4.42 Local Root Exploit
15154| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
15155| 
15156| OpenVAS (Nessus) - http://www.openvas.org:
15157| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
15158| 
15159| SecurityTracker - https://www.securitytracker.com:
15160| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
15161| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
15162| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
15163| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
15164| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
15165| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
15166| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
15167| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
15168| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
15169| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
15170| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
15171| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
15172| 
15173| OSVDB - http://www.osvdb.org:
15174| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
15175| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
15176| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
15177| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
15178| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
15179| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
15180| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
15181| [70696] Exim log.c open_log() Function Local Privilege Escalation
15182| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
15183| [69685] Exim string_format Function Remote Overflow
15184| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
15185| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
15186| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
15187| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
15188| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
15189| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
15190| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
15191| [12726] Exim -be Command Line Option host_aton Function Local Overflow
15192| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
15193| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
15194| [10032] libXpm CreateXImage Function Integer Overflow
15195| [7160] Exim .forward :include: Option Privilege Escalation
15196| [6479] Vexim COOKIE Authentication Credential Disclosure
15197| [6478] Vexim Multiple Parameter SQL Injection
15198| [5930] Exim Parenthesis File Name Filter Bypass
15199| [5897] Exim header_syntax Function Remote Overflow
15200| [5896] Exim sender_verify Function Remote Overflow
15201| [5530] Exim Localhost Name Arbitrary Command Execution
15202| [5330] Exim Configuration File Variable Overflow
15203| [1855] Exim Batched SMTP Mail Header Format String
15204|_
15205993/tcp  open  imaps?
15206995/tcp  open  pop3s?
152073306/tcp open  mysql    MySQL (unauthorized)
15208| vulscan: VulDB - https://vuldb.com:
15209| [141414] LibreNMS up to 1.47 inventory.inc.php mysqli_escape_real_string Parameter cross site scripting
15210| [140101] Yandex ClickHouse MySQL Client information disclosure
15211| [139468] cPanel up to 60.0.24 MySQL Upgrade File privilege escalation
15212| [139350] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
15213| [139349] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
15214| [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting
15215| [138305] SaltStack Salt 2018.3/2019.2 mysqluser_chpass sql injection
15216| [138102] Oracle MySQL Server up to 8.0.16 InnoDB unknown vulnerability
15217| [138101] Oracle MySQL Server up to 8.0.16 Privileges unknown vulnerability
15218| [138100] Oracle MySQL Server up to 5.6.44/5.7.18 Privileges unknown vulnerability
15219| [138099] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Compiling information disclosure
15220| [138098] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Plug-in unknown vulnerability
15221| [138097] Oracle MySQL Server up to 5.7.26/8.0.16 Client programs denial of service
15222| [138096] Oracle MySQL Server up to 8.0.16 Roles denial of service
15223| [138095] Oracle MySQL Server up to 8.0.16 Privileges denial of service
15224| [138094] Oracle MySQL Server up to 5.7.25/8.0.15 Replication denial of service
15225| [138093] Oracle MySQL Server up to 8.0.16 Options denial of service
15226| [138092] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15227| [138091] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15228| [138090] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15229| [138089] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15230| [138088] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15231| [138087] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15232| [138086] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15233| [138085] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
15234| [138084] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
15235| [138083] Oracle MySQL Server up to 8.0.12 GIS denial of service
15236| [138082] Oracle MySQL Server up to 8.0.16 FTS denial of service
15237| [138081] Oracle MySQL Server up to 8.0.16 DML denial of service
15238| [138080] Oracle MySQL Server up to 8.0.16 Components denial of service
15239| [138079] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Pluggable Auth denial of service
15240| [138078] Oracle MySQL Server up to 8.0.16 InnoDB denial of service
15241| [138077] Oracle MySQL Server up to 8.0.15 InnoDB denial of service
15242| [138076] Oracle MySQL Server up to 8.0.16 InnoDB denial of service
15243| [138074] Oracle MySQL Server up to 8.0.12 Roles denial of service
15244| [138073] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Log denial of service
15245| [138072] Oracle MySQL Server up to 5.7.26/8.0.16 Privileges unknown vulnerability
15246| [138071] Oracle MySQL Server up to 5.7.23 Replication unknown vulnerability
15247| [138070] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Audit unknown vulnerability
15248| [138069] Oracle MySQL Server up to 5.7.26/8.0.16 InnoDB unknown vulnerability
15249| [138068] Oracle MySQL Workbench up to 8.0.16 OpenSSL information disclosure
15250| [138067] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 XML denial of service
15251| [138066] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Parser denial of service
15252| [138065] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15253| [138064] Oracle MySQL Server up to 8.0.16 Optimizer denial of service
15254| [138063] Oracle MySQL Server up to 8.0.12 Data Dictionary denial of service
15255| [138062] Oracle MySQL Server up to 8.0.16 Charsets denial of service
15256| [138061] Oracle MySQL Server up to 8.0.16 Replication unknown vulnerability
15257| [138060] Oracle MySQL Server up to 8.0.16 InnoDB Cluster unknown vulnerability
15258| [138059] Oracle MySQL Enterprise Monitor up to 4.0.9/8.0.14 Spring Framework denial of service
15259| [138058] Oracle MySQL Server up to 5.7.26/8.0.15 cURL unknown vulnerability
15260| [133701] Oracle MySQL Server up to 8.0.15 Replication denial of service
15261| [133700] Oracle MySQL Server up to 8.0.15 Replication denial of service
15262| [133698] Oracle MySQL Server up to 8.0.15 Group Replication Plugin denial of service
15263| [133697] Oracle MySQL Server up to 8.0.15 Roles denial of service
15264| [133695] Oracle MySQL Server up to 8.0.15 Privileges denial of service
15265| [133691] Oracle MySQL Server up to 8.0.15 Replication denial of service
15266| [133687] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15267| [133686] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15268| [133685] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15269| [133684] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15270| [133683] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15271| [133682] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15272| [133681] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15273| [133680] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15274| [133677] Oracle MySQL Server up to 8.0.15 Information Schema denial of service
15275| [133676] Oracle MySQL Server up to 8.0.15 DDL denial of service
15276| [133675] Oracle MySQL Server up to 8.0.15 DDL denial of service
15277| [133672] Oracle MySQL Server up to 8.0.15 InnoDB denial of service
15278| [133668] Oracle MySQL Server up to 8.0.15 Replication denial of service
15279| [133666] Oracle MySQL Server up to 8.0.15 Options denial of service
15280| [133662] Oracle MySQL Connectors up to 8.0.15 Connector/J unknown vulnerability
15281| [133661] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15282| [133660] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15283| [133659] Oracle MySQL Server up to 8.0.15 Optimizer denial of service
15284| [129647] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
15285| [129646] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
15286| [129645] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication denial of service
15287| [129644] Oracle MySQL Server up to 5.7.24/8.0.13 Partition denial of service
15288| [129643] Oracle MySQL Server up to 8.0.13 Optimizer denial of service
15289| [129642] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
15290| [129641] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
15291| [129640] Oracle MySQL Server up to 5.7.24/8.0.13 Optimizer denial of service
15292| [129639] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 DDL denial of service
15293| [129638] Oracle MySQL Server up to 8.0.13 DDL denial of service
15294| [129637] Oracle MySQL Server up to 8.0.13 DDL denial of service
15295| [129636] Oracle MySQL Server up to 8.0.13 Connection denial of service
15296| [129635] Oracle MySQL Server up to 5.7.24/8.0.13 InnoDB denial of service
15297| [129634] Oracle MySQL Server up to 8.0.13 InnoDB denial of service
15298| [129631] Oracle MySQL Server up to 8.0.13 Replication denial of service
15299| [129630] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Connection Handling denial of service
15300| [129629] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Parser denial of service
15301| [129628] Oracle MySQL Server up to 5.7.24/8.0.13 Parser denial of service
15302| [129627] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 PS denial of service
15303| [129626] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
15304| [129625] Oracle MySQL Server up to 8.0.13 Privileges unknown vulnerability
15305| [129624] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication unknown vulnerability
15306| [129623] Oracle MySQL Workbench up to 8.0.13 OpenSSL denial of service
15307| [129622] Oracle MySQL Connectors up to 2.1.8/8.0.13 Connector/Python unknown vulnerability
15308| [129621] Oracle MySQL Workbench up to 8.0.13 unknown vulnerability
15309| [127905] Open Dental up to 18.3 MySQL Database Default Credentials weak authentication
15310| [127404] Drobo 5N2 NAS 4.0.5-13.28.96115 MySQL API Error Page cross site scripting
15311| [127403] Drobo 5N2 NAS 4.0.5-13.28.96115 /mysql/api/droboapp/data information disclosure
15312| [127400] Drobo 5N2 NAS 4.0.5-13.28.96115 Access Control /mysql/api/logfile.php Parameter information disclosure
15313| [127396] Drobo 5N2 NAS 4.0.5-13.28.96115 Access Control /mysql/api/drobo.php information disclosure
15314| [127395] Drobo 5N2 NAS 4.0.5-13.28.96115 Access Control /mysql/api/diags.php Parameter information disclosure
15315| [127350] Dell OpenManage Network Manager up to 6.4.x MySQL privilege escalation
15316| [126982] LAOBANCMS 2.0 install/mysql_hy.php directory traversal
15317| [126687] LAOBANCMS 2.0 mysql_hy.php privilege escalation
15318| [125937] mysql-binuuid-rails up to 1.1.0 Database Column sql injection
15319| [125825] ThinkPHP 3.2.4 Mysql.class.php parseKey Parameter sql injection
15320| [125568] Oracle MySQL Server up to 8.0.12 Privileges unknown vulnerability
15321| [125567] Oracle MySQL Server up to 5.7.23/8.0.12 Logging denial of service
15322| [125566] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
15323| [125565] Oracle MySQL Server up to 8.0.12 Windows denial of service
15324| [125564] Oracle MySQL Server up to 5.5.61/5.6.41/5.7.23/8.0.12 Storage Engines denial of service
15325| [125563] Oracle MySQL Server up to 8.0.12 Roles denial of service
15326| [125562] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 RBR denial of service
15327| [125561] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
15328| [125560] Oracle MySQL Server up to 8.0.12 Optimizer denial of service
15329| [125559] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Memcached denial of service
15330| [125558] Oracle MySQL Server up to 8.0.12 JSON denial of service
15331| [125557] Oracle MySQL Server up to 8.0.12 Information Schema denial of service
15332| [125556] Oracle MySQL Server up to 8.0.12 DDL denial of service
15333| [125555] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
15334| [125554] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
15335| [125553] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
15336| [125552] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
15337| [125551] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
15338| [125549] Oracle MySQL Server up to 5.7.23/8.0.12 Optimizer denial of service
15339| [125548] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Merge denial of service
15340| [125547] Oracle MySQL Server up to 8.0.12 DDL denial of service
15341| [125546] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
15342| [125545] Oracle MySQL Server up to 5.7.23/8.0.12 Audit denial of service
15343| [125544] Oracle MySQL Server up to 8.0.12 Parser denial of service
15344| [125543] Oracle MySQL Server up to 5.5.61/5.6.41/5.7.23/8.0.12 Parser denial of service
15345| [125542] Oracle MySQL Server up to 8.0.12 Optimizer denial of service
15346| [125541] Oracle MySQL Server up to 8.0.12 Optimizer denial of service
15347| [125540] Oracle MySQL Server up to 8.0.12 DML denial of service
15348| [125539] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
15349| [125538] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
15350| [125537] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
15351| [125536] Oracle MySQL Server up to 5.7.23/8.0.12 Parser denial of service
15352| [125535] Oracle MySQL Server up to 5.5.61/5.6.41/5.7.23/8.0.12 InnoDB unknown vulnerability
15353| [125534] Oracle MySQL Enterprise Monitor up to 3.4.9.4237/4.0.6.5281/8.0.2.8191 Monitoring unknown vulnerability
15354| [125533] Oracle MySQL Connectors up to 8.0.12 Connector/J unknown vulnerability
15355| [125532] Oracle MySQL Enterprise Monitor up to 3.4.9.4237/4.0.6.5281/8.0.2.8191 Monitoring unknown vulnerability
15356| [125531] Oracle MySQL Enterprise Monitor up to 3.4.9.4237/4.0.6.5281/8.0.2.8191 Monitoring unknown vulnerability
15357| [125415] Oracle Enterprise Manager for MySQL Database 13.2 EM Plugin unknown vulnerability
15358| [122549] PHP up to 7.1.5 mysqli_real_escape_string memory corruption
15359| [122201] mysql_user Module up to 2.2.0 on Ansible Password Change weak authentication
15360| [121802] Oracle MySQL Server up to 8.0.11 DDL unknown vulnerability
15361| [121800] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 Encryption weak encryption
15362| [121799] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 Options unknown vulnerability
15363| [121798] Oracle MySQL Workbench up to 6.3.10 Encryption weak encryption
15364| [121797] Oracle MySQL Server up to 5.7.22/8.0.11 Privileges unknown vulnerability
15365| [121796] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 MyISAM information disclosure
15366| [121795] Oracle MySQL Server up to 8.0.11 Privileges denial of service
15367| [121794] Oracle MySQL Server up to 5.5.60 Privileges denial of service
15368| [121793] Oracle MySQL Server up to 8.0.11 Replication denial of service
15369| [121792] Oracle MySQL Server up to 5.7.22 DML denial of service
15370| [121791] Oracle MySQL Server up to 8.0.11 DDL denial of service
15371| [121790] Oracle MySQL Server up to 8.0.11 DDL denial of service
15372| [121789] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
15373| [121788] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
15374| [121787] Oracle MySQL Server up to 8.0.11 InnoDB denial of service
15375| [121786] Oracle MySQL Server up to 5.7.22 Audit Log denial of service
15376| [121785] Oracle MySQL Client up to 5.5.60/5.6.40/5.7.22/8.0.11 Client Programs denial of service
15377| [121784] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Memcached denial of service
15378| [121783] Oracle MySQL Server up to 8.0.11 Roles denial of service
15379| [121782] Oracle MySQL Workbench up to 8.0.11 denial of service
15380| [121781] Oracle MySQL Server up to 8.0.11 Optimizer denial of service
15381| [121780] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Installing denial of service
15382| [121779] Oracle MySQL Server up to 5.7.22/8.0.11 DML denial of service
15383| [121778] Oracle MySQL Server up to 5.7.22/8.0.11 InnoDB denial of service
15384| [121777] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 Client mysqldump denial of service
15385| [121776] Oracle MySQL Enterprise Monitor up to 3.4.7.4297/4.0.4.5235/8.0.0.8131 Monitoring denial of service
15386| [121775] Oracle MySQL Connectors up to 5.3.10/8.0.11 Connector/ODBC denial of service
15387| [121774] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 InnoDB denial of service
15388| [121773] Oracle MySQL Workbench up to 8.0.11 unknown vulnerability
15389| [121772] Oracle MySQL Enterprise Monitor up to 3.4.7.4297/4.0.4.5235/8.0.0.8131 Service Manager unknown vulnerability
15390| [121613] Oracle Enterprise Manager for MySQL Database up to 13.2.2.0.0 EM Plugin unknown vulnerability
15391| [120277] query-mysql 0.0.0/0.0.1/0.0.2 on Node.js sql injection
15392| [118340] mysqljs on Node.js Backdoor privilege escalation
15393| [118305] MySQL Module up to v2.0.0-alpha7 on Node.js mysql.escape sql injection
15394| [117517] MySQL Multi-Master Replication Manager 2.2.1 on Solaris mmm_agentd send_arp MMM Protocol Message command injection
15395| [117516] MySQL Multi-Master Replication Manager 2.2.1 on FreeBSD mmm_agentd clear_ip MMM Protocol Message command injection
15396| [117515] MySQL Multi-Master Replication Manager 2.2.1 on Solaris mmm_agentd clear_ip MMM Protocol Message command injection
15397| [117514] MySQL Multi-Master Replication Manager 2.2.1 on Linux mmm_agentd clear_ip MMM Protocol Message command injection
15398| [117513] MySQL Multi-Master Replication Manager 2.2.1 on FreeBSD mmm_agentd add_ip MMM Protocol Message command injection
15399| [117512] MySQL Multi-Master Replication Manager 2.2.1 on Solaris mmm_agentd add_ip MMM Protocol Message command injection
15400| [117511] MySQL Multi-Master Replication Manager 2.2.1 on Linux mmm_agentd add_ip MMM Protocol Message command injection
15401| [117510] MySQL Multi-Master Replication Manager 2.2.1 mmm_agentd _execute MMM Protocol Message command injection
15402| [117387] CSP MySQL User Manager 2.3.1 Username sql injection
15403| [116762] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 DDL information disclosure
15404| [116761] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Locking denial of service
15405| [116759] Oracle MySQL Server up to 5.7.21 Group Replication GCS denial of service
15406| [116758] Oracle MySQL Server up to 5.7.21 Pluggable Auth denial of service
15407| [116757] Oracle MySQL Server up to 5.7.21 Performance Schema denial of service
15408| [116756] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
15409| [116755] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Optimizer denial of service
15410| [116754] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
15411| [116753] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
15412| [116752] Oracle MySQL Server up to 5.7.21 DML denial of service
15413| [116751] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Privileges denial of service
15414| [116750] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
15415| [116749] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
15416| [116748] Oracle MySQL Server up to 5.6.39/5.7.21 InnoDB denial of service
15417| [116747] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
15418| [116745] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
15419| [116744] Oracle MySQL Server up to 5.6.39/5.7.21 InnoDB denial of service
15420| [116743] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
15421| [116742] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Client programs denial of service
15422| [116741] Oracle MySQL Enterprise Monitor up to 3.3.7.3306/3.4.5.4248/4.0.2.5168 Monitoring: Agent (OpenSSL) information disclosure
15423| [116740] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
15424| [116739] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
15425| [116738] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 DDL denial of service
15426| [116737] Oracle MySQL Server up to 5.6.39/5.7.21 Privileges denial of service
15427| [116736] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 InnoDB denial of service
15428| [116735] Oracle MySQL Server up to 5.6.39/5.7.21 InnoDB denial of service
15429| [116734] Oracle MySQL Server up to 5.6.39/5.7.21 InnoDB denial of service
15430| [116733] Oracle MySQL Server up to 5.6.39 GIS Extension denial of service
15431| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
15432| [116620] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Spring Framework) unknown vulnerability
15433| [116619] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General unknown vulnerability
15434| [115836] Juniper Junos Space up to 13.3R1.7 MySQL Server Default Credentials weak authentication
15435| [115216] MySQL for PCF Tiles up to 1.7.9 AWS Access Key privilege escalation
15436| [114055] Couch up to 2.0 mysql2i.func.php Request information disclosure
15437| [112112] Oracle MySQL Server up to 5.6.38/5.7.20 Performance Schema information disclosure
15438| [112111] Oracle MySQL Server up to 5.6.38/5.7.20 Performance Schema denial of service
15439| [112110] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
15440| [112109] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
15441| [112108] Oracle MySQL Server up to 5.7.20 InnoDB denial of service
15442| [112107] Oracle MySQL Server up to 5.7.20 DML denial of service
15443| [112106] Oracle MySQL Server up to 5.7.20 DML denial of service
15444| [112105] Oracle MySQL Server up to 5.7.20 DML denial of service
15445| [112104] Oracle MySQL Server up to 5.6.38/5.7.19 Partition denial of service
15446| [112103] Oracle MySQL Server up to 5.6.38/5.7.20 Replication denial of service
15447| [112102] Oracle MySQL Server up to 5.6.38/5.7.20 Packaging information disclosure
15448| [112101] Oracle MySQL Enterprise Monitor up to 3.3.6.3293/3.4.4.4226/4.0.0.5135 Monitoring information disclosure
15449| [112100] Oracle MySQL Connectors up to 5.3.9 ODBC Connector information disclosure
15450| [112099] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 Optimizer denial of service
15451| [112098] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 Optimizer denial of service
15452| [112097] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 Optimizer denial of service
15453| [112096] Oracle MySQL Server up to 5.6.38/5.7.20 GIS denial of service
15454| [112095] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 DDL denial of service
15455| [112094] Oracle MySQL Server up to 5.6.38/5.7.20 Privileges denial of service
15456| [112093] Oracle MySQL Server up to 5.6.38/5.7.20 InnoDB denial of service
15457| [112092] Oracle MySQL Server up to 5.6.38/5.7.20 Stored Procedure denial of service
15458| [112091] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.19 Partition denial of service
15459| [112090] Oracle MySQL Server up to 5.6.38/5.7.20 Privileges denial of service
15460| [112089] Oracle MySQL Connectors up to 6.9.9/6.10.4 Connector/Net denial of service
15461| [112088] Oracle MySQL Enterprise Monitor up to 3.3.6.3293/3.4.4.4226/4.0.0.5135 Monitoring privilege escalation
15462| [110974] puppetlabs-mysql up to 3.6.0 Parameter weak authentication
15463| [108192] Oracle MySQL Server up to 5.7.18 InnoDB denial of service
15464| [108190] Oracle MySQL Server up to 5.6.37/5.7.19 InnoDB denial of service
15465| [108189] Oracle MySQL Server up to 5.7.18 Stored Procedure denial of service
15466| [108188] Oracle MySQL Server up to 5.7.19 Replication denial of service
15467| [108187] Oracle MySQL Server up to 5.6.37/5.7.19 Optimizer denial of service
15468| [108186] Oracle MySQL Server up to 5.6.36/5.7.18 Optimizer denial of service
15469| [108185] Oracle MySQL Server up to 5.6.37/5.7.19 Optimizer denial of service
15470| [108184] Oracle MySQL Server up to 5.6.37/5.7.19 Memcached denial of service
15471| [108183] Oracle MySQL Server up to 5.7.19 InnoDB denial of service
15472| [108182] Oracle MySQL Server up to 5.7.19 FTS denial of service
15473| [108181] Oracle MySQL Server up to 5.7.18 DML denial of service
15474| [108180] Oracle MySQL Server up to 5.7.19 Group Replication GCS denial of service
15475| [108179] Oracle MySQL Server up to 5.6.37/5.7.19 Performance Schema denial of service
15476| [108178] Oracle MySQL Connectors up to 6.9.9 Connector/Net denial of service
15477| [108177] Oracle MySQL Connectors up to 6.9.9 Connector/Net unknown vulnerability
15478| [108176] Oracle MySQL Server up to 5.5.57/5.6.37/5.7.11 Optimizer denial of service
15479| [108175] Oracle MySQL Server up to 5.7.19 Optimizer denial of service
15480| [108174] Oracle MySQL Server up to 5.6.37/5.7.19 FTS denial of service
15481| [108173] Oracle MySQL Server up to 5.5.57/5.6.37/5.7.19 DDL denial of service
15482| [108172] Oracle MySQL Server up to 5.5.57/5.6.37/5.7.19 Client programs information disclosure
15483| [108171] Oracle MySQL Server up to 5.6.35/5.7.18 OpenSSL denial of service
15484| [108170] Oracle MySQL Server up to 5.6.37/5.7.19 Pluggable Auth denial of service
15485| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
15486| [108168] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Web unknown vulnerability
15487| [104089] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 DDL unknown vulnerability
15488| [104088] Oracle MySQL Server up to 5.7.18 C API information disclosure
15489| [104087] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 DDL unknown vulnerability
15490| [104086] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 Client mysqldump unknown vulnerability
15491| [104085] Oracle MySQL Server up to 5.6.36/5.7.18 Replication denial of service
15492| [104084] Oracle MySQL Server up to 5.6.36/5.7.18 Replication denial of service
15493| [104083] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 Charsets denial of service
15494| [104082] Oracle MySQL Cluster up to 7.3.5 CLSTCONF memory corruption
15495| [104081] Oracle MySQL Server up to 5.7.16 X Plugin denial of service
15496| [104080] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
15497| [104079] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
15498| [104078] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
15499| [104077] Oracle MySQL Server up to 5.7.18 DML denial of service
15500| [104076] Oracle MySQL Server up to 5.7.18 DML denial of service
15501| [104075] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 DML denial of service
15502| [104074] Oracle MySQL Server up to 5.7.18 DML denial of service
15503| [104073] Oracle MySQL Server up to 5.7.18 DML denial of service
15504| [104072] Oracle MySQL Server up to 5.7.18 X Plugin denial of service
15505| [104071] Oracle MySQL Server up to 5.7.18 UDF denial of service
15506| [104069] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 C API denial of service
15507| [104068] Oracle MySQL Connectors up to 6.1.10 Connector/C denial of service
15508| [104067] Oracle MySQL Server up to 5.6.35/5.7.17 OpenSSL unknown vulnerability
15509| [104066] Oracle MySQL Connectors up to 5.3.7 OpenSSL unknown vulnerability
15510| [104065] Oracle MySQL Connectors up to 6.1.9 OpenSSL unknown vulnerability
15511| [104064] Oracle MySQL Server up to 5.6.36/5.7.18 DML denial of service
15512| [104063] Oracle MySQL Server up to 5.6.36/5.7.18 Memcached denial of service
15513| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
15514| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
15515| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
15516| [103583] phpMyAdmin 4.0/4.4/4.6 MySQL Database Connection privilege escalation
15517| [103578] MySQL Dumper 1.24 Stored cross site scripting
15518| [102980] DBD::mysql Module up to 4.043 on Perl SSL weak encryption
15519| [102979] DBD::mysql Module up to 4.043 on Perl Error Use-After-Free memory corruption
15520| [102618] KBVault Mysql Free Knowledge Base 0.16a File Upload Explorer.aspx privilege escalation
15521| [100915] Accellion FTA communication_p2p.php mysql_real_escape_string sql injection
15522| [100543] Oracle MySQL up to 5.1.40 Connector/J privilege escalation
15523| [100232] Oracle MySQL Server up to 5.7.17 Encryption weak encryption
15524| [100231] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Monitoring denial of service
15525| [100228] Oracle MySQL Workbench up to 6.3.8 Encryption information disclosure
15526| [100227] Oracle MySQL Server up to 5.7.17 C API information disclosure
15527| [100226] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
15528| [100225] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 DDL unknown vulnerability
15529| [100224] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Privileges denial of service
15530| [100223] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Privileges denial of service
15531| [100222] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Privileges denial of service
15532| [100221] Oracle MySQL Server up to 5.7.17 Optimizer denial of service
15533| [100220] Oracle MySQL Server up to 5.7.17 DML denial of service
15534| [100219] Oracle MySQL Server up to 5.7.17 DML denial of service
15535| [100218] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 DML denial of service
15536| [100217] Oracle MySQL Server up to 5.7.17 Audit Plug-in denial of service
15537| [100215] Oracle MySQL Server up to 5.5.54/5.6.35 C API information disclosure
15538| [100214] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
15539| [100213] Oracle MySQL Cluster up to 7.2.27/7.3.16/7.4.14/7.5.5 DD denial of service
15540| [100212] Oracle MySQL Server up to 5.7.17 InnoDB denial of service
15541| [100211] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 OpenSSL information disclosure
15542| [100210] Oracle MySQL Enterprise Backup up to 3.12.3/4.0.3 ENTRBACK information disclosure
15543| [100209] Oracle MySQL Connectors up to 5.1.41 Connector/J unknown vulnerability
15544| [100208] Oracle MySQL Server up to 5.6.35 Optimizer denial of service
15545| [100207] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Optimizer denial of service
15546| [100206] Oracle MySQL Server up to 5.7.17 DML denial of service
15547| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
15548| [100204] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Client mysqldump unknown vulnerability
15549| [100203] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Thread Pooling denial of service
15550| [100202] Oracle MySQL Server up to 5.6.35/5.7.17 Pluggable Auth Integer denial of service
15551| [100201] Oracle MySQL Server up to 5.6.35/5.7.17 Memcached denial of service
15552| [100200] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Optimizer denial of service
15553| [100199] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 DML denial of service
15554| [100198] Oracle MySQL Workbench up to 6.3.7 OpenSSL memory corruption
15555| [100197] Oracle MySQL Enterprise Backup up to 3.12.2/4.0.1 ENTRBACK memory corruption
15556| [100196] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Monitoring: Server denial of service
15557| [100195] Oracle MySQL Workbench up to 6.3.8 OpenSSL denial of service
15558| [100194] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Struts 2 privilege escalation
15559| [99815] ATutor 2.2.1 mysql_connect.inc.php searchFriends sql injection
15560| [97041] MySQL DBD::mysql up to 4.38 denial of service
15561| [96814] MariaDB up to 5.5.54/10.0.29/10.1.21/10.2.3 libmysqlclient.so denial of service
15562| [96808] Oracle MySQL up to 5.6.21/5.7.4 libmysqlclient.so denial of service
15563| [95832] Zabbix up to 2.0.17/2.2.12/3.0.2 Configuration Script userparameter_mysql.conf) privilege escalation
15564| [95730] Oracle MySQL Server up to 5.7.16 Encryption weak encryption
15565| [95729] Oracle MySQL Server up to 5.7.16 X Plugin unknown vulnerability
15566| [95728] Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12 Cluster NDBAPI denial of service
15567| [95727] Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12 denial of service
15568| [95726] Oracle MySQL Cluster 7.2.19/7.3.8/7.4.5 denial of service
15569| [95723] Oracle MySQL Server 5.6.34/5.7.16 Replication denial of service
15570| [95722] Oracle MySQL Server up to 5.5.53 Charsets denial of service
15571| [95720] Oracle MySQL Cluster 7.2.26/7.3.14/7.4.12 NDBAPI denial of service
15572| [95719] Oracle MySQL Server up to 5.7.16 Optimizer denial of service
15573| [95716] Oracle MySQL Server up to 5.7.16 Replication denial of service
15574| [95715] Oracle MySQL Server 5.5.53/5.6.34/5.7.16 Optimizer denial of service
15575| [95714] Oracle MySQL Server 5.6.34 5.7.16 InnoDB denial of service
15576| [95713] Oracle MySQL Server 5.5.53/5.6.34/5.7.16 DML denial of service
15577| [95712] Oracle MySQL Server 5.6.34/5.7.16 DDL denial of service
15578| [95711] Oracle MySQL Server 5.5.53/5.6.34/5.7.16 DDL denial of service
15579| [95709] Oracle MySQL Server 5.6.34/5.7.16 Encryption denial of service
15580| [95708] Oracle MySQL Enterprise Monitor 3.1.3.7856 Monitoring Agent memory corruption
15581| [95707] Oracle MySQL Enterprise Monitor 3.1.4.7895/3.2.4.1102/3.3.0.1098 Monitoring denial of service
15582| [95706] Oracle MySQL Enterprise Monitor 3.1.4.7895/3.2.1.1049 Monitoring memory corruption
15583| [95705] Oracle MySQL Enterprise Monitor 3.1.5.7958/3.2.1.1049, Monitoring privilege escalation
15584| [95704] Oracle MySQL Enterprise Monitor 3.1.4.7895/3.2.1.1049 Monitoring unknown vulnerability
15585| [93866] DBD-mysql up to 3.x/4.040 on Perl Use-After-Free memory corruption
15586| [92923] Oracle MySQL Server up to 5.6.33/5.7.15 Encryption denial of service
15587| [92911] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL weak encryption
15588| [92900] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 Optimizer denial of service
15589| [92899] Oracle MySQL Server up to 5.6.31/5.7.13 InnoDB denial of service
15590| [92898] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 GIS denial of service
15591| [92897] Oracle MySQL Server up to 5.5.51 DML denial of service
15592| [92896] Oracle MySQL Server up to 5.5.50/5.6.31/5.7.13 DML denial of service
15593| [92895] Oracle MySQL Server up to 5.6.31 5.7.13 DML denial of service
15594| [92874] Oracle MySQL Connector up to 2.1.3/2.0.4 Connector/Python unknown vulnerability
15595| [92850] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15596| [92835] Oracle MySQL Server up to 5.7.13 Audit denial of service
15597| [92834] Oracle MySQL Server up to 5.7.13 RBR denial of service
15598| [92833] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
15599| [92832] Oracle MySQL Server up to 5.7.14 Optimizer denial of service
15600| [92831] Oracle MySQL Server up to 5.7.13 Memcached denial of service
15601| [92830] Oracle MySQL Server up to 5.6.32/5.7.14 InnoDB denial of service
15602| [92829] Oracle MySQL Server up to 5.6.31 5.7.13 InnoDB denial of service
15603| [92828] Oracle MySQL Server up to 5.7.13 InnoDB denial of service
15604| [92827] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 Federated denial of service
15605| [92826] Oracle MySQL Server up to 5.7.13 DML denial of service
15606| [92821] Oracle MySQL Server up to 5.7.13 Replication denial of service
15607| [92820] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
15608| [92819] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15609| [92818] Oracle MySQL Server up to 5.5.52/5.6.33/5.7.15 Encryption information disclosure
15610| [92817] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 Types denial of service
15611| [92815] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15612| [92814] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15613| [92813] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15614| [92798] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15615| [92797] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 MySQL denial of service
15616| [92790] Oracle MySQL Server up to 5.7.14 Privileges information disclosure
15617| [92789] Oracle MySQL Server up to 5.6.30/5.7.12 InnoDB Plugin unknown vulnerability
15618| [92292] libdbd-mysql-perl 4.028 Error Message denial of service
15619| [91920] Open Dental up to 16.1 MySQL Server Default Credentials weak authentication
15620| [91625] PHP up to 5.6.25/7.0.10 mysqlnd Heap-based memory corruption
15621| [91505] Oracle MySQL up to 5.5.52/5.6.33/5.7.15 Logging my.cnf privilege escalation
15622| [90877] DBD::mysql up to 4.033 my_login memory corruption
15623| [90876] DBD::mysql up to 4.028 Use-After-Free memory corruption
15624| [90137] Oracle MySQL Server up to 5.5.48/5.6.29/5.7.10 Encryption information disclosure
15625| [90136] Oracle MySQL Server up to 5.5.48/5.6.29/5.7.11 Connection information disclosure
15626| [90134] Oracle MySQL Server up to 5.7.12 Encryption denial of service
15627| [90133] Oracle MySQL Server up to 5.7.12 Replication denial of service
15628| [90132] Oracle MySQL Server up to 5.5.49/5.6.30/5.7.12 RBR denial of service
15629| [90131] Oracle MySQL Server up to 5.6.30/5.7.12 Privileges denial of service
15630| [90130] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
15631| [90129] Oracle MySQL Server up to 5.7.12 Log denial of service
15632| [90128] Oracle MySQL Server up to 5.6.30/5.7.12 InnoDB denial of service
15633| [90127] Oracle MySQL Server up to 5.7.12 InnoDB denial of service
15634| [90126] Oracle MySQL Server up to 5.6.30/5.7.12 Encryption denial of service
15635| [90125] Oracle MySQL Server up to 5.5.49/5.6.30/5.7.12 DML denial of service
15636| [90124] Oracle MySQL Server up to 5.7.12 InnoDB memory corruption
15637| [90123] Oracle MySQL Server up to 5.5.49/5.6.30/5.7.12 Types denial of service
15638| [90122] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
15639| [90121] Oracle MySQL Server up to 5.6.30/5.7.12 Optimizer denial of service
15640| [90120] Oracle MySQL Server up to 5.6.30/5.7.12 FTS denial of service
15641| [90118] Oracle MySQL Server up to 5.6.30/5.7.12 Encryption denial of service
15642| [90117] Oracle MySQL Server up to 5.7.11 Optimizer denial of service
15643| [87408] PHP up to 5.4.42/5.5.26/5.6.10 SSL ext/mysqlnd/mysqlnd.c weak encryption
15644| [82687] Oracle MySQL Server up to 5.5.48/5.6.29/5.7.11 Connection Handling spoofing
15645| [82685] Oracle MySQL Enterprise Monitor up to 3.0.25/3.1.2 Monitoring unknown vulnerability
15646| [82684] Oracle MySQL Server up to 5.6.28/5.7.10 Encryption denial of service
15647| [82683] Oracle MySQL Server up to 5.6.29/5.7.11 Pluggable Authentication unknown vulnerability
15648| [82682] Oracle MySQL Server up to 5.6.29/5.7.11 Packaging memory corruption
15649| [80605] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Privileges denial of service
15650| [80604] Oracle MySQL Server up to 5.6.26 denial of service
15651| [80603] Oracle MySQL Server up to 5.5.45/5.6.26 Encryption information disclosure
15652| [80602] Oracle MySQL Server up to 5.6.27/5.7.9 Replication denial of service
15653| [80601] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 UDF denial of service
15654| [80600] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Encryption weak encryption
15655| [80599] Oracle MySQL Server 5.7.9 Partition denial of service
15656| [80598] Oracle MySQL Server 5.7.9 Optimizer denial of service
15657| [80597] Oracle MySQL Server up to 5.6.27 InnoDB denial of service
15658| [80596] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 InnoDB denial of service
15659| [80595] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 DML denial of service
15660| [80594] Oracle MySQL Server up to 5.5.46 Optimizer denial of service
15661| [80593] Oracle MySQL Server up to 5.6.27/5.7.9 Optimizer denial of service
15662| [80592] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Optimizer denial of service
15663| [80591] Oracle MySQL Server up to 5.5.31/5.6.11 Optimizer denial of service
15664| [80590] Oracle MySQL Server up to 5.5.46/5.6.27 DML denial of service
15665| [80589] Oracle MySQL Server up to 5.6.27/5.7.9 DML denial of service
15666| [80588] Oracle MySQL Server up to 5.6.27 DML denial of service
15667| [80587] Oracle MySQL Server up to 5.6.21 DML denial of service
15668| [80586] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Options unknown vulnerability
15669| [80585] Oracle MySQL Server up to 5.6.27/5.7.9 DML memory corruption
15670| [80184] Rename Plugin 1.0 on WordPress mysqldump_download.php directory traversal
15671| [78705] Oracle MySQL Server up to 5.5.45/5.6.26 Partition denial of service
15672| [78703] Oracle MySQL Server up to 5.6.26 Memcached denial of service
15673| [78702] Oracle MySQL Server up to 5.5.45/5.6.26 SP denial of service
15674| [78701] Oracle MySQL Server up to 5.5.43/5.6.24 Privileges information disclosure
15675| [78700] Oracle MySQL Server up to 5.6.26 Privileges denial of service
15676| [78699] Oracle MySQL Server up to 5.6.26 Replication denial of service
15677| [78698] Oracle MySQL Server up to 5.5.45/5.6.26 Query Cache denial of service
15678| [78697] Oracle MySQL Server up to 5.5.45/5.6.26 InnoDB denial of service
15679| [78696] Oracle MySQL Server up to 5.6.25 InnoDB denial of service
15680| [78695] Oracle MySQL Server up to 5.5.45/5.6.26 DML denial of service
15681| [78694] Oracle MySQL Server up to 5.6.25 libmysqld denial of service
15682| [78693] Oracle MySQL Server up to 5.5.45/5.6.26 Types unknown vulnerability
15683| [78692] Oracle MySQL Server up to 5.6.20 Types denial of service
15684| [78691] Oracle MySQL Server up to 5.5.45/5.6.26 Privileges unknown vulnerability
15685| [78690] Oracle MySQL Server up to 5.6.25 Partition denial of service
15686| [78689] Oracle MySQL Server up to 5.5.45/5.6.26 Partition denial of service
15687| [78688] Oracle MySQL Server up to 5.5.45/5.6.26 Parser denial of service
15688| [78687] Oracle MySQL Server up to 5.6.26 Optimizer denial of service
15689| [78686] Oracle MySQL Server up to 5.5.44 InnoDB denial of service
15690| [78685] Oracle MySQL Server up to 5.6.23 InnoDB denial of service
15691| [78684] Oracle MySQL Server up to 5.6.26 DML denial of service
15692| [78683] Oracle MySQL Server up to 5.5.45/5.6.26 DML denial of service
15693| [78682] Oracle MySQL Server up to 5.6.23 DML denial of service
15694| [78681] Oracle MySQL Server up to 5.5.45/5.6.26 DDL denial of service
15695| [78680] Oracle MySQL Server up to 5.5.44/5.6.25 DML unknown vulnerability
15696| [78679] Oracle MySQL Enterprise Monitor up to 2.3.20/3.0.20 C-Agent / Service Manager denial of service
15697| [78678] Oracle MySQL Server up to 5.6.25 Encryption spoofing
15698| [78676] Oracle MySQL Enterprise Monitor up to 2.3.20/3.0.22 C-Agent denial of service
15699| [77699] JSP/MySQL Administrador Web 1 sys/sys/listaBD2.jsp cross site scripting
15700| [77698] JSP/MySQL Administrador Web 1 sys/sys/listaBD2.jsp cross site request forgery
15701| [76704] Oracle MySQL Server up to 5.6.24 Partition denial of service
15702| [76703] Oracle MySQL Server up to 5.6.24 RBR denial of service
15703| [76701] Oracle MySQL Server up to 5.6.24 Firewall denial of service
15704| [76699] Oracle MySQL Server up to 5.6.24 Firewall denial of service
15705| [76695] Oracle MySQL Server up to 5.6.24 MemCached denial of service
15706| [76691] Oracle MySQL Server up to 5.5.42 Optimizer denial of service
15707| [76690] Oracle MySQL Server up to 5.6.22 InnoDB denial of service
15708| [76686] Oracle MySQL Server up to 5.5.43/5.6.24 denial of service
15709| [76671] Oracle MySQL Server up to 5.5.43/5.6.23 Pluggable Auth information disclosure
15710| [76634] Oracle MySQL Server up to 5.5.43/5.6.24 DML denial of service
15711| [76629] Oracle MySQL Server up to 5.5.43/5.6.24 Optimizer denial of service
15712| [76628] Oracle MySQL Server up to 5.6.24 denial of service
15713| [76626] Oracle MySQL Server up to 5.6.24 Firewall information disclosure
15714| [76608] Oracle MySQL Server up to 5.5.43/5.6.23 information disclosure
15715| [76605] Oracle MySQL Server up to 5.6.24 Partition information disclosure
15716| [76599] Oracle MySQL Server up to 5.6.24 DML information disclosure
15717| [76571] Oracle MySQL Server up to 5.5.43/5.6.24 GIS denial of service
15718| [76081] MySQL Lite Administrator Beta-1 tabella.php cross site scripting
15719| [75579] lighttpd 1.4.35 Log File mod_mysql_vhost.c privilege escalation
15720| [75159] Oracle MySQL up to 5.7.2 SSL Client weak encryption
15721| [74969] Oracle MySQL Server up to 5.6.23 Replication denial of service
15722| [74967] Oracle MySQL Server up to 5.6.23 SP denial of service
15723| [74966] Oracle MySQL Server up to 5.6.22 DML weak encryption
15724| [74965] Oracle MySQL Server up to 5.6.23 Privileges denial of service
15725| [74964] Oracle MySQL Server up to 5.6.23 Memcached denial of service
15726| [74963] Oracle MySQL Server up to 5.6.23 InnoDB denial of service
15727| [74962] Oracle MySQL Server up to 5.5.42/5.6.23 Federated unknown vulnerability
15728| [74961] Oracle MySQL Server up to 5.5.42/5.6.23 DDL unknown vulnerability
15729| [74960] Oracle MySQL Server up to 5.6.22 XA weak encryption
15730| [74959] Oracle MySQL Server up to 5.5.41/5.6.22 Encryption weak encryption
15731| [74958] Oracle MySQL Server up to 5.6.23 Partition denial of service
15732| [74957] Oracle MySQL Server up to 5.6.22 Partition weak encryption
15733| [74956] Oracle MySQL Server up to 5.5.42/5.6.23 Optimizer unknown vulnerability
15734| [74955] Oracle MySQL Server up to 5.6.22 Optimizer weak encryption
15735| [74954] Oracle MySQL Server up to 5.5.41/5.6.22 DML unknown vulnerability
15736| [74953] Oracle MySQL Server up to 5.6.23 InnoDB denial of service
15737| [74952] Oracle MySQL Server up to 5.6.22 InnoDB weak encryption
15738| [74951] Oracle MySQL Server up to 5.6.23 Information Schema denial of service
15739| [74950] Oracle MySQL Server up to 5.5.41/5.6.22 DDL unknown vulnerability
15740| [74949] Oracle MySQL Connectors up to 5.1.34 Connector/J unknown vulnerability
15741| [74948] Oracle MySQL Server up to 5.5.41/5.6.22 Privileges unknown vulnerability
15742| [74947] Oracle MySQL Server up to 5.6.22 Encryption s23_srvr.c ssl23_get_client_hello denial of service
15743| [74946] Oracle MySQL Server up to 5.5.42/5.6.23 Compiling unknown vulnerability
15744| [74945] Oracle MySQL Enterprise Monitor up to 2.3.19/3.0.18 Service Manager s:token/ cross site request forgery
15745| [74944] Oracle MySQL Enterprise Monitor up to 2.3.16/3.0.10 Service Manager memory corruption
15746| [68810] Oracle MySQL Server up to 5.5.40/5.6.21 Foreign Key information disclosure
15747| [68809] Oracle MySQL Server up to 5.6.21 Pluggable Auth denial of service
15748| [68808] Oracle MySQL Server up to 5.5.40/5.6.21 DML denial of service
15749| [68807] Oracle MySQL Server up to 5.6.21 Optimizer denial of service
15750| [68806] Oracle MySQL Server up to 5.5.40 Foreign Key denial of service
15751| [68805] Oracle MySQL Server up to 5.5.38/5.6.19 DDL denial of service
15752| [68804] Oracle MySQL Server up to 5.5.40/5.6.21 Replication denial of service
15753| [68803] Oracle MySQL Server up to 5.5.40/5.6.21 Replication denial of service
15754| [68802] Oracle MySQL Server up to 5.5.40/5.6.21 Encryption weak encryption
15755| [67988] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
15756| [67987] Oracle MySQL Server up to 5.6.19 denial of service
15757| [67986] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
15758| [67985] Oracle MySQL Server up to 5.6.19 denial of service
15759| [67984] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
15760| [67983] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
15761| [67982] Oracle MySQL Server up to 5.5.38 denial of service
15762| [67981] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
15763| [67979] Oracle MySQL Server up to 5.5.38/5.6.19 unknown vulnerability
15764| [67978] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
15765| [67977] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
15766| [67976] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
15767| [67975] Oracle MySQL Server up to 5.5.39/5.6.20 information disclosure
15768| [67974] Oracle MySQL Server up to 5.5.38/5.6.19 Messages Stack-Based sql injection
15769| [67973] Oracle MySQL Server up to 5.6.19 unknown vulnerability
15770| [67972] Oracle MySQL Server up to 5.5.39/5.6.20 unknown vulnerability
15771| [67971] Oracle MySQL Server up to 5.5.38/5.6.19 unknown vulnerability
15772| [67970] Oracle MySQL Server up to 5.6.19 Messages NULL Pointer Dereference denial of service
15773| [67969] Oracle MySQL Server up to 5.5.39/5.6.20 directory traversal
15774| [67968] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
15775| [67967] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
15776| [67966] Oracle MySQL Server up to 5.5.39/5.6.20 unknown vulnerability
15777| [68555] McAfee Network Data Loss Prevention 9.2.0 MySQL Database weak authentication
15778| [67245] phpMyAdmin up to 4.2.5 MySQL User List server_user_groups.php privilege escalation
15779| [67166] Oracle MySQL Server up to 5.5.35/5.6.15 denial of service
15780| [67165] Oracle MySQL Server up to 5.6.17 denial of service
15781| [67163] Oracle MySQL Server up to 5.6.17 denial of service
15782| [67162] Oracle MySQL Server up to 5.5.37 denial of service
15783| [67161] Oracle MySQL Server up to 5.6.17 denial of service
15784| [67160] Oracle MySQL Server up to 5.5.37 denial of service
15785| [67159] Oracle MySQL Server up to 5.5.37/5.6.17 unknown vulnerability
15786| [67158] Oracle MySQL Server up to 5.5.37/5.6.17 unknown vulnerability
15787| [67157] Oracle MySQL Server up to 5.6.17 unknown vulnerability
15788| [13065] Django up to 1.7 MySQL Typecast privilege escalation
15789| [12983] Oracle MySQL Server up to 5.5.36/5.6.16 Options denial of service
15790| [12982] Oracle MySQL Server up to 5.5.35/5.6.15 Federated denial of service
15791| [12981] Oracle MySQL Server up to 5.5.35/5.6.15 Replication denial of service
15792| [12980] Oracle MySQL Server up to 5.6.15 Privileges denial of service
15793| [12979] Oracle MySQL Server up to 5.5.36/5.6.16 Performance Schema denial of service
15794| [12978] Oracle MySQL Server up to 5.5.35/5.6.15 XML denial of service
15795| [12977] Oracle MySQL Server up to 5.5.35/5.6.15 Partition denial of service
15796| [12976] Oracle MySQL Server up to 5.6.15 Optimizer denial of service
15797| [12975] Oracle MySQL Server up to 5.6.15 MyISAM denial of service
15798| [12974] Oracle MySQL Server up to 5.6.16 InnoDB denial of service
15799| [12973] Oracle MySQL Server up to 5.6.15 DML denial of service
15800| [12972] Oracle MySQL Client up to 5.5.36/5.6.16 unknown vulnerability
15801| [12971] Oracle MySQL Server up to 5.5.36/5.6.16 RBR unknown vulnerability
15802| [12970] Oracle MySQL Server up to 5.6.15 InnoDB unknown vulnerability
15803| [12613] lighttpd up to 1.4.34 MySQL Virtual Hosting Module mod_mysql_vhost.c sql injection
15804| [12135] Oracle MySQL client/mysql.cc Server Version memory corruption
15805| [66191] Cisco Video Surveillance Operations Manager MySQL Database denial of service
15806| [66079] CSP MySQL User Manager 2.3 Login Page sql injection
15807| [11948] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 Error Handling Crash denial of service
15808| [11947] Oracle MySQL Server up to 5.5.34/5.6.14 Replication denial of service
15809| [11946] Oracle MySQL Server up to 5.6.13 Performance Schema Stored denial of service
15810| [11945] Oracle MySQL Server up to 5.1.71/5.5.33/5.6.13 InnoDB memory corruption
15811| [11944] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 Optimizer Crash denial of service
15812| [11943] Oracle MySQL Server up to 5.6.14 InnoDB Stored denial of service
15813| [11942] Oracle MySQL Server up to 5.6.13 FTS Stored denial of service
15814| [11941] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 Privileges Crash denial of service
15815| [11940] Oracle MySQL Server up to 5.5.33/5.6.13 Partition denial of service
15816| [11939] Oracle MySQL Server up to 5.1.71/5.5.33/5.6.13 Optimizer Crash denial of service
15817| [11938] Oracle MySQL Server up to 5.1.71/5.5.33/5.6.13 Locking Crash denial of service
15818| [11937] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 InnoDB Crash denial of service
15819| [11936] Oracle MySQL Server up to 5.6.14 InnoDB Stored denial of service
15820| [11935] Oracle MySQL Server up to 5.6.13 InnoDB Stored denial of service
15821| [11934] Oracle MySQL Server up to 5.6.13 Thread Pooling Stored denial of service
15822| [11933] Oracle MySQL Server up to 5.6.13 Stored Procedure denial of service
15823| [11932] Oracle MySQL Server up to 5.6.14 GIS Stored denial of service
15824| [11931] Oracle MySQL Enterprise Monitor up to 2.3.14/3.0.4 Service Manager unknown vulnerability
15825| [10822] Oracle MySQL Server up to 5.6.12 Locking unknown vulnerability
15826| [10821] Oracle MySQL Server up to 5.6.12 InnoDB unknown vulnerability
15827| [10820] Oracle MySQL Server up to 5.6.12 Optimizer unknown vulnerability
15828| [10819] Oracle MySQL Server up to 5.1.70/5.5.32/5.6.12 Optimizer memory corruption
15829| [10818] Oracle MySQL Server up to 5.1/5.5.22 Optimizer denial of service
15830| [10817] Oracle MySQL Server up to 5.6.12 InnoDB unknown vulnerability
15831| [10816] Oracle MySQL Server up to 5.5.32/5.6.12 Replication unknown vulnerability
15832| [10815] Oracle MySQL Enterprise Monitor up to 2.3.13 Service Manager privilege escalation
15833| [65143] MariaDB up to 5.5.28 MySQL privilege escalation
15834| [9672] Oracle MySQL Server up to 5.6.11 XA Transactions denial of service
15835| [9671] Oracle MySQL Server up to 5.5.31/5.6.11 Server Replication denial of service
15836| [9670] Oracle MySQL Server up to 5.6.11 InnoDB denial of service
15837| [9669] Oracle MySQL Server up to 5.6.11 Server Privileges unknown vulnerability
15838| [9668] Oracle MySQL Server up to 5.5.30/5.6.10 Server Partition Stored unknown vulnerability
15839| [9667] Oracle MySQL Server up to 5.5.31 Server Parser denial of service
15840| [9666] Oracle MySQL Server up to 5.5.30/5.6.10 Server Options Stored unknown vulnerability
15841| [9665] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Server Options denial of service
15842| [9664] Oracle MySQL Server up to 5.6.11 Server Optimizer unknown vulnerability
15843| [9663] Oracle MySQL Server up to 5.1.69/5.5.31/5.6.11 Server Optimizer denial of service
15844| [9662] Oracle MySQL Server up to 5.5.30/5.6.10 Prepared Statement Stored unknown vulnerability
15845| [9661] Oracle MySQL Server up to 5.6.11 InnoDB denial of service
15846| [9660] Oracle MySQL Server up to 5.1.69/5.5.31/5.6.11 Full Text Search denial of service
15847| [9659] Oracle MySQL Server up to 5.6.11 Data Manipulation Language unknown vulnerability
15848| [9658] Oracle MySQL Server up to 5.5.31/5.6.11 Data Manipulation Language denial of service
15849| [9657] Oracle MySQL Server up to 5.5.31/5.6.11 Audit Log information disclosure
15850| [9656] Oracle MySQL Server up to 5.6.11 MemCached unknown vulnerability
15851| [9655] Oracle MySQL Server up to 5.1.69/5.5.31/5.6.11 GIS Crash denial of service
15852| [64198] Wireshark up to 1.8.6 MySQL Dissector Integer denial of service
15853| [64010] Ruby on Rails 3.1.0 MySQL Database Stored unknown vulnerability
15854| [8418] Oracle MySQL Server up to 5.1.67/5.5.29/5.6.10 Server Locking unknown vulnerability
15855| [8416] Oracle MySQL Server up to 5.1.63 Server Types unknown vulnerability
15856| [8415] Oracle MySQL Server up to 5.6.10 Server Privileges denial of service
15857| [8414] Oracle MySQL Server up to 5.6.10 InnoDB denial of service
15858| [8413] Oracle MySQL Server up to 5.5.30/5.6.10 InnoDB unknown vulnerability
15859| [8412] Oracle MySQL Server up to 5.6.10 Data Manipulation Language denial of service
15860| [8411] Oracle MySQL Server up to 5.5.30/5.6.10 Stored Procedure unknown vulnerability
15861| [8410] Oracle MySQL Server up to 5.1.67/5.5.29 Server XML denial of service
15862| [8409] Oracle MySQL Server up to 5.5.29 Server Replication denial of service
15863| [8408] Oracle MySQL Server up to 5.1.67/5.5.29 Server Partition unknown vulnerability
15864| [8407] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Server Optimizer unknown vulnerability
15865| [8406] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 InnoDB unknown vulnerability
15866| [8405] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Information Schema unknown vulnerability
15867| [8404] Oracle MySQL Server up to 5.5.29 Data Manipulation Language denial of service
15868| [8403] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Data Manipulation Language unknown vulnerability
15869| [8402] Oracle MySQL Server up to 5.5.29/5.6.10 Server Optimizer denial of service
15870| [8401] Oracle MySQL Server up to 5.6.10 MemCached denial of service
15871| [8400] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Server Privileges unknown vulnerability
15872| [8399] Oracle MySQL Server up to 5.1.66/5.5.28 Server Privileges unknown vulnerability
15873| [8398] Oracle MySQL Server up to 5.1.67/5.5.29 unknown vulnerability
15874| [8397] Oracle MySQL Server up to 5.1.67/5.5.29/5.6.10 Information Schema unknown vulnerability
15875| [8396] Oracle MySQL Server up to 5.1.67/5.5.29 Server Locking unknown vulnerability
15876| [8395] Oracle MySQL Server up to 5.6.10 Data Manipulation Language denial of service
15877| [10871] Oracle MySQL 5.3.12/5.5.30/10.0.1 MyISAM Engine init_search SELECT Statement denial of service
15878| [8065] Oracle MySQL up to 5.5.27 yaSSL memory corruption
15879| [8064] Oracle MySQL up to 5.5.29 yaSSL memory corruption
15880| [8816] Wireshark up to 1.8.5 MySQL Dissector packet-mysql.c Packet denial of service
15881| [8019] Oracle MySQL 5.2.11 Representation Converter Eingabe Crash denial of service
15882| [7431] Oracle MySQL Server up to 5.5.28 Privileges denial of service
15883| [7430] Oracle MySQL Server up to 5.5.28 Partition denial of service
15884| [7429] Oracle MySQL Server up to 5.5.28 Optimizer denial of service
15885| [7428] Oracle MySQL Server up to 5.1.66/5.5.28 Optimizer unknown vulnerability
15886| [7427] Oracle MySQL Server up to 5.1.66/5.5.28 unknown vulnerability
15887| [7426] Oracle MySQL Server up to 5.5.28 MyISAM denial of service
15888| [7425] Oracle MySQL Server up to 5.1.66/5.5.28 InnoDB unknown vulnerability
15889| [7424] Oracle MySQL Server up to 5.5.28 InnoDB denial of service
15890| [7423] Oracle MySQL Server up to 5.1.66/5.5.28 Locking unknown vulnerability
15891| [7422] Oracle MySQL Server up to 5.1.66/5.5.28 unknown vulnerability
15892| [7421] Oracle MySQL Server up to 5.1.66/5.1.28 Replication unknown vulnerability
15893| [7419] Oracle MySQL Server up to 5.5.28 Stored Procedure denial of service
15894| [7418] Oracle MySQL Server up to 5.1.66/5.5.28 Server Optimizer unknown vulnerability
15895| [7417] Oracle MySQL Server up to 5.1.66/5.5.28 Information Schema unknown vulnerability
15896| [7416] Oracle MySQL Server up to 5.1.65/5.5.27 GIS Extension denial of service
15897| [7415] Oracle MySQL Server up to 5.1.66/5.5.28 Privileges Stack-based memory corruption
15898| [7414] Oracle MySQL Server up to 5.5.28 Parser Heap-based memory corruption
15899| [63111] Oracle MySQL 5.5.19 Installation denial of service
15900| [7068] Oracle MySQL Server up to 5.5.19 Authentication information disclosure
15901| [7067] Oracle MySQL Server up to 5.5.19 sql/sql_acl.cc acl_get memory corruption
15902| [7066] Oracle MySQL Server up to 5.5.19 SELECT Command Crash denial of service
15903| [7065] Oracle MySQL Server up to 5.5.19 Create Table MDL_key::mdl_key_init memory corruption
15904| [6795] Oracle MySQL Server up to 5.1.64/5.5.26 Server Replication denial of service
15905| [6794] Oracle MySQL Server up to 5.1.63/5.5.25 Server Full Text Search denial of service
15906| [6793] Oracle MySQL Server up to 5.5.25 unknown vulnerability
15907| [6792] Oracle MySQL Server up to 5.5.26 MySQL Client information disclosure
15908| [6791] Oracle MySQL Server up to 5.1.65/5.5.27 Server Optimizer denial of service
15909| [6790] Oracle MySQL Server up to 5.1.64/5.5.26 Server Optimizer denial of service
15910| [6789] Oracle MySQL Server up to 5.5.26 unknown vulnerability
15911| [6788] Oracle MySQL Server up to 5.1.63/5.5.25 InnoDB Plugin denial of service
15912| [6787] Oracle MySQL Server up to 5.1.63/5.5.25 InnoDB unknown vulnerability
15913| [6786] Oracle MySQL Server up to 5.5.26 MySQL Client sql injection
15914| [6785] Oracle MySQL Server up to 5.1.65/5.5.27 denial of service
15915| [6784] Oracle MySQL Server up to 5.1.64/5.5.26 Protocol unknown vulnerability
15916| [6783] Oracle MySQL Server up to 5.1.64/5.5.26 Information Schema memory corruption
15917| [62299] SilverStripe up to 2.4.5 MySQL Database sql injection
15918| [61672] MySQL unknown vulnerability
15919| [61567] MySQLDumper 1.24.4 Error Message information disclosure
15920| [61566] MySQLDumper 1.24.4 Restore information disclosure
15921| [61565] MySQLDumper 1.24.4 directory traversal
15922| [61564] MySQLDumper 1.24.4 deletehtaccess cross site request forgery
15923| [61563] MySQLDumper 1.24.4 index.php cross site scripting
15924| [5783] Oracle MySQL Server up to 5.1.62/5.5.22 Server Optimizer denial of service
15925| [5782] Oracle MySQL Server up to 5.1.62/5.5.23 Server Optimizer denial of service
15926| [5781] Oracle MySQL Server up to 5.5.23 denial of service
15927| [5780] Oracle MySQL Server up to 5.5.23 InnoDB denial of service
15928| [5779] Oracle MySQL Server up to 5.1.62/5.5.23 GIS Extension unknown vulnerability
15929| [5778] Oracle MySQL Server up to 5.5.23 Server Optimizer denial of service
15930| [5635] Oracle MySQL Server up to 5.5.25 on Linux InnoDB UPDATE denial of service
15931| [5503] Oracle MySQL up to 5.6.5 Password Authentication sql/password.c memcmp weak authentication
15932| [5168] Oracle MySQL Server Optimizer denial of service
15933| [5166] Oracle MySQL Server up to 5.5.21 Partition denial of service
15934| [5165] Oracle MySQL Server up to 5.5.19 Optimizer denial of service
15935| [5159] Oracle MySQL Server up to 5.1.61/5.5.21 Optimizer denial of service
15936| [5158] Oracle MySQL Server up to 5.1.61/5.5.21 DML denial of service
15937| [5151] Oracle MySQL Server up to 5.1.60/5.5.19 MyISAM denial of service
15938| [5981] Oracle MySQL Server 5.1.62/5.5.23 Sort Order Index Calculation denial of service
15939| [5072] Oracle MySQL Server up to 5.5.21 denial of service
15940| [4627] Oracle MySQL up to 5.5.20 memory corruption
15941| [60055] WordPress up to 1.2 MySQL Database denial of service
15942| [5236] Oracle MySQL Server 5.5.x unknown vulnerability
15943| [5235] Oracle MySQL Server 5.5.x denial of service
15944| [5233] Oracle MySQL Server 5.5.x denial of service
15945| [5232] Oracle MySQL Server 5.5.x denial of service
15946| [5231] Oracle MySQL Server 5.5.x denial of service
15947| [5230] Oracle MySQL Server 5.5.x denial of service
15948| [5229] Oracle MySQL Server 5.5.x denial of service
15949| [5228] Oracle MySQL Server 5.5.x denial of service
15950| [5227] Oracle MySQL Server 5.5.x unknown vulnerability
15951| [5226] Oracle MySQL Server 5.1.x/5.5.x denial of service
15952| [5225] Oracle MySQL Server 5.1.x/5.5.x denial of service
15953| [5224] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15954| [5223] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15955| [5222] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15956| [5221] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15957| [5220] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15958| [5219] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15959| [5218] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15960| [5217] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
15961| [5216] Oracle MySQL Server 5.0.x/5.1.x/5.5.x denial of service
15962| [5215] Oracle MySQL Server 5.0.x/5.1.x/5.5.x information disclosure
15963| [5213] Oracle MySQL Server 5.0.x/5.1.x/5.5.x unknown vulnerability
15964| [5212] Oracle MySQL Server 5.0.x/5.1.x denial of service
15965| [5211] Oracle MySQL Server 5.0.x/5.1.x denial of service
15966| [5210] Oracle MySQL Server 5.0.x/5.1.x denial of service
15967| [59882] MySQL 5.5.8 NULL Pointer Dereference denial of service
15968| [59384] Hiroyuki Oyama DBD::mysqlPP up to 0.04 MySQL sql injection
15969| [58706] Taskfreak! Multi-mysql 0.6 Error Message information disclosure
15970| [57356] Trustwave WebDefend 2.0/3.0/5.0 MySQL Database unknown vulnerability
15971| [56109] PHP 5.3.2/5.3.3 mysqli mysqli_fetch_assoc sql injection
15972| [56085] MySQL up to 5.1.25 init_from_wkb denial of service
15973| [56084] MySQL up to 5.1.25 Stored Procedure denial of service
15974| [56083] MySQL Crash denial of service
15975| [56082] MySQL Use-After-Free denial of service
15976| [56081] MySQL Optimizer Crash denial of service
15977| [56080] MySQL up to 5.1.25 Stored denial of service
15978| [56079] MySQL Crash denial of service
15979| [56078] MySQL Create Table Crash denial of service
15980| [56025] MySQL up to 5.1.25 Crash denial of service
15981| [56024] MySQL up to 5.1.25 store denial of service
15982| [56023] MySQL up to 5.1.25 Crash denial of service
15983| [56022] MySQL up to 5.1.25 Crash denial of service
15984| [56021] MySQL up to 5.1.25 Uninitialized Memory denial of service
15985| [56020] MySQL up to 5.1.25 Crash denial of service
15986| [56019] MySQL up to 5.1.25 Crash denial of service
15987| [56018] mysql up to 5.1.25 Configuration Parameter denial of service
15988| [60789] TYPO3 up to 4.4.4 MySQL Database escapeStrForLike information disclosure
15989| [62294] SilverStripe 2.4.0/2.4.1/2.4.2/2.4.3 MySQLDatabase.php unknown vulnerability
15990| [54434] PHP 5.3.0/5.3.1/5.3.2 php_mysqlnd_auth_write sql injection
15991| [54433] PHP 5.3.0/5.3.1/5.3.2 MySQL php_mysqlnd_read_error_from_line memory corruption
15992| [54432] PHP 5.3.0/5.3.1/5.3.2 mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read memory corruption
15993| [54026] MySQL up to 5.1.25 Crash denial of service
15994| [53483] MySQL up to 5.0.0.0 memory corruption
15995| [53482] MySQL up to 5.0.0.0 my_net_skip_rest denial of service
15996| [53481] MySQL up to 5.0.0.0 directory traversal
15997| [53212] mysql 5.1.45 mysql_uninstall_plugin unknown vulnerability
15998| [53118] Csphere ClanSphere up to 2009.0.3 MySQL Database generate.php cs_sql_select sql injection
15999| [53053] TaskFreak TaskFreak! up to 0.1.3 tzn_mysql.php loadByKey sql injection
16000| [52985] Oracle MySQLConnector NET up to 6.0.2 SSL Certificate spoofing
16001| [51369] mysql 5.0.51a CertDecoder::GetName memory corruption
16002| [51581] TYPO3 Kiddog Mysqldumper up to 0.0.3 information disclosure
16003| [50962] MySQL Certificates viosslfactories.c vio_verify_callback spoofing
16004| [50961] mysql GeomFromWKB denial of service
16005| [50960] MySQL up to 5.0.0.0 Access Restriction Symlink privilege escalation
16006| [50531] mysql-ocaml 1.0.4 MySQL mysql_real_escape_string unknown vulnerability
16007| [48981] MySQL up to 4.0.23 sql_parse.cc dispatch_command denial of service
16008| [48263] Surat Kabar phpWebNews 0.2 MySQL index.php sql injection
16009| [48262] Surat Kabar phpWebNews 0.1/0.2 MySQL bukutamu.php sql injection
16010| [47455] auth2db up to 0.2.6 MySQL mysql_real_escape_string sql injection
16011| [46983] MySQL up to 6.0.10-bzr ExtractValue denial of service
16012| [46798] Getmiro Broadcast Machine 0.1 MySQLController.php privilege escalation
16013| [46636] MyBlog MySQL Database Cleartext information disclosure
16014| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
16015| [46028] Joey Schulze Mod Auth Mysql 2.x mod_auth_mysql.c sql injection
16016| [45774] Constructr CMS up to 3.02.5 MySQL Database Cleartext information disclosure
16017| [45668] Nodstrum MySQL Calendar 1.1 index.php sql injection
16018| [45669] Nodstrum MySQL Calendar 1.1 unknown vulnerability
16019| [45016] Deeserver Panuwat PromoteWeb MySQL go.php sql injection
16020| [44358] MySQL up to 5.0.67 cross site scripting
16021| [44357] MySQL Quick Admin up to 1.5.5 index.php directory traversal
16022| [44356] MySQL Quick Admin 1.5.5 actions.php directory traversal
16023| [44131] NooMS 1.1 MySQL db.php information disclosure
16024| [44076] MySQL Create Table Symlink privilege escalation
16025| [44075] MySQL 5.0.51a Create Table Symlink privilege escalation
16026| [43987] MySQL Crash denial of service
16027| [43825] Aquagardensoft mysql-lists 1.2 cross site scripting
16028| [43819] Craftysyntax Crafty Syntax Live Help up to 1.7 MySQL Database Cleartext information disclosure
16029| [43625] Keld PHP-MySQL News Script 0.7.1 login.php sql injection
16030| [43123] BlognPlus 2.5.5 MySQL index.php sql injection
16031| [42939] Relative Real Estate Systems up to 3.0 MySQL Database Cleartext information disclosure
16032| [42912] AlstraSoft AskMe 2.1 MySQL Database Cleartext information disclosure
16033| [42868] BlognPlus 2.5.4 MySQL sql injection
16034| [42205] miniBB 2.2 MySQL setup_mysql.php sql injection
16035| [41891] Terong Advanced Web Photo Gallery 1.0 MySQL Database Cleartext information disclosure
16036| [40486] MySQL up to 1.7.5 handshake.cpp processoldclienthello memory corruption
16037| [40219] PHP MySQL Banner Exchange 2.2.1 inc/lib.inc unknown vulnerability
16038| [39993] MySQL denial of service
16039| [3499] Sun MySQL up to 6.0.3 System Table Information privilege escalation
16040| [40030] aurora framework 20071208 MySQL db_mysql.lib pack_var sql injection
16041| [3469] Sun MySQL 5.1.23 Bk InnoDB denial of service
16042| [39991] MySQL up to 6.0.4 denial of service
16043| [39292] Asterisk-Addons 1.2.7/1.4.3 MySQL sql injection
16044| [41090] MySQL Mysql Community Server up to 5.1.4 unknown vulnerability
16045| [38781] PHP 5.2.4 MySQL memory corruption
16046| [38618] PHP 4.4.7/5.2.3 mysqli sql injection
16047| [85747] InterWorx SiteWorx mysql.php cross site scripting
16048| [85735] InterWorx NodeWorx mysql.php cross site scripting
16049| [37818] MySQL Community Server up to 5.0.40 denial of service
16050| [39994] MySQL Federated Crash denial of service
16051| [37641] MySQLDumper htaccess privilege escalation
16052| [86077] NetClassifieds Mysql_db.php information disclosure
16053| [37816] MySQL Community Server up to 5.0.40 Crash denial of service
16054| [36814] MySQL up to 5.1.17 information disclosure
16055| [36669] MySQL 4.0.1 unknown vulnerability
16056| [36813] mysql up to 5.1.17 thd::db_access denial of service
16057| [36812] MySQL up to 5.1.17 unknown vulnerability
16058| [36502] Burnstone burnCMS 0.2 mysql.class.php privilege escalation
16059| [36364] GPL PHP Board unstable-2001.11.14-1 mysqli db.mysql.inc.php privilege escalation
16060| [36700] MySQL up to 5.0.39 item_cmpfunc.cc in_decimal::set denial of service
16061| [35917] Advanced Website Creator MySQL sql injection
16062| [35916] Eve-Nuke Forum 0.1 MySQL db/mysql.php privilege escalation
16063| [35605] bitesser MySQL Commander up to 2.7 ressourcen/dbopen.php privilege escalation
16064| [85480] Fantastico includes/mysqlconfig.php directory traversal
16065| [85141] ActiveCalendar data/mysqlevents.php cross site scripting
16066| [85212] WGS-PPC config/mysql_config.php privilege escalation
16067| [34894] MySQLNewsEngine MySQL affichearticles.php3 privilege escalation
16068| [34576] MyODBC MySQL Database denial of service
16069| [37817] MySQL Community Server up to 5.0.40 Create Table information disclosure
16070| [34117] The Address Book 1.04e MySQL Database export.php information disclosure
16071| [34223] MySQL 5.0.30/5.1.13 sql_select.cc denial of service
16072| [33690] Widcomm BTSaveMySql 1.2 MySQL information disclosure
16073| [33257] iWonder Designs Storystream 0.4.0.0 mysql.php sql injection
16074| [33092] Pentaho Business Intelligence Suite up to 1.1 MySQL sql injection
16075| [32736] MysqlDumper 1.21 B6 sql.php cross site scripting
16076| 
16077| MITRE CVE - https://cve.mitre.org:
16078| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
16079| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
16080| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
16081| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
16082| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
16083| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
16084| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
16085| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
16086| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16087| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
16088| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
16089| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
16090| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16091| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
16092| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
16093| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
16094| [CVE-2013-3783] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
16095| [CVE-2013-3561] Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
16096| [CVE-2013-3221] The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.
16097| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
16098| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16099| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
16100| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16101| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
16102| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
16103| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
16104| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
16105| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
16106| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
16107| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
16108| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16109| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
16110| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
16111| [CVE-2013-1548] Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
16112| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
16113| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
16114| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
16115| [CVE-2013-1526] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
16116| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
16117| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
16118| [CVE-2013-1512] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
16119| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16120| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
16121| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
16122| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
16123| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16124| [CVE-2013-0386] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
16125| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
16126| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
16127| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
16128| [CVE-2013-0375] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
16129| [CVE-2013-0371] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
16130| [CVE-2013-0368] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16131| [CVE-2013-0367] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
16132| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
16133| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
16134| [CVE-2012-5613] ** DISPUTED **  MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator.  NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.  NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
16135| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
16136| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
16137| [CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
16138| [CVE-2012-5096] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
16139| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
16140| [CVE-2012-4452] MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.  NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
16141| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
16142| [CVE-2012-4255] MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.
16143| [CVE-2012-4254] MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
16144| [CVE-2012-4253] Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
16145| [CVE-2012-4252] Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
16146| [CVE-2012-4251] Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
16147| [CVE-2012-3951] The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
16148| [CVE-2012-3441] The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.
16149| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
16150| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16151| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
16152| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
16153| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
16154| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16155| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
16156| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
16157| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
16158| [CVE-2012-3156] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
16159| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16160| [CVE-2012-3149] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
16161| [CVE-2012-3147] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
16162| [CVE-2012-3144] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
16163| [CVE-2012-2750] Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
16164| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
16165| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
16166| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
16167| [CVE-2012-1757] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16168| [CVE-2012-1756] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
16169| [CVE-2012-1735] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16170| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16171| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16172| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16173| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
16174| [CVE-2012-1697] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
16175| [CVE-2012-1696] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16176| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16177| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16178| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
16179| [CVE-2012-0937] ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898.  NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.
16180| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17.  NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.  NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
16181| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
16182| [CVE-2012-0578] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
16183| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
16184| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
16185| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
16186| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
16187| [CVE-2012-0496] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
16188| [CVE-2012-0495] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
16189| [CVE-2012-0494] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
16190| [CVE-2012-0493] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
16191| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
16192| [CVE-2012-0491] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
16193| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
16194| [CVE-2012-0489] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
16195| [CVE-2012-0488] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
16196| [CVE-2012-0487] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
16197| [CVE-2012-0486] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
16198| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
16199| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
16200| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
16201| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
16202| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
16203| [CVE-2012-0117] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
16204| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
16205| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
16206| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
16207| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
16208| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
16209| [CVE-2012-0102] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
16210| [CVE-2012-0101] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
16211| [CVE-2012-0087] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
16212| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
16213| [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
16214| [CVE-2011-4959] SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16215| [CVE-2011-4899] ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query.  NOTE: the vendor disputes the significance of this issue
16216| [CVE-2011-4898] ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters.  NOTE: the vendor disputes the significance of this issue
16217| [CVE-2011-3989] SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16218| [CVE-2011-3805] TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.
16219| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
16220| [CVE-2011-2531] Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.
16221| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
16222| [CVE-2011-1906] Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
16223| [CVE-2011-1513] Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
16224| [CVE-2011-0432] Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument.  NOTE: some of these details are obtained from third party information.
16225| [CVE-2010-5104] The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
16226| [CVE-2010-4822] core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
16227| [CVE-2010-4700] The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
16228| [CVE-2010-3840] The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
16229| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
16230| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
16231| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
16232| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
16233| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
16234| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
16235| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
16236| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
16237| [CVE-2010-3682] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
16238| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
16239| [CVE-2010-3680] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
16240| [CVE-2010-3679] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
16241| [CVE-2010-3678] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
16242| [CVE-2010-3677] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
16243| [CVE-2010-3676] storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
16244| [CVE-2010-3064] Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
16245| [CVE-2010-3063] The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
16246| [CVE-2010-3062] mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function
16247| [CVE-2010-3056] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
16248| [CVE-2010-2008] MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
16249| [CVE-2010-2003] Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter.
16250| [CVE-2010-1865] Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
16251| [CVE-2010-1850] Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
16252| [CVE-2010-1849] The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
16253| [CVE-2010-1848] Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
16254| [CVE-2010-1626] MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
16255| [CVE-2010-1621] The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
16256| [CVE-2010-1583] SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
16257| [CVE-2010-0336] Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
16258| [CVE-2010-0124] Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
16259| [CVE-2009-5026] The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
16260| [CVE-2009-4833] MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.
16261| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
16262| [CVE-2009-4030] MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
16263| [CVE-2009-4028] The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
16264| [CVE-2009-4019] mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
16265| [CVE-2009-3696] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.
16266| [CVE-2009-3102] The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.
16267| [CVE-2009-2942] The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
16268| [CVE-2009-2446] Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.  NOTE: some of these details are obtained from third party information.
16269| [CVE-2009-1246] Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php
16270| [CVE-2009-1208] SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
16271| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords.  NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
16272| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
16273| [CVE-2009-0617] Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.
16274| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
16275| [CVE-2008-7247] sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
16276| [CVE-2008-6992] GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
16277| [CVE-2008-6813] SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
16278| [CVE-2008-6812] SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
16279| [CVE-2008-6655] Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php
16280| [CVE-2008-6287] Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
16281| [CVE-2008-6193] Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
16282| [CVE-2008-5847] Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
16283| [CVE-2008-5738] Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1.  NOTE: some of these details are obtained from third party information.
16284| [CVE-2008-5737] SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
16285| [CVE-2008-5069] SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
16286| [CVE-2008-4456] Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document.  NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
16287| [CVE-2008-4455] Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.
16288| [CVE-2008-4454] Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php.  NOTE: the provenance of this information is unknown
16289| [CVE-2008-4180] Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability."
16290| [CVE-2008-4106] WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
16291| [CVE-2008-4098] MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
16292| [CVE-2008-4097] MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
16293| [CVE-2008-3963] MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
16294| [CVE-2008-3846] Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
16295| [CVE-2008-3840] Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
16296| [CVE-2008-3820] Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
16297| [CVE-2008-3582] SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
16298| [CVE-2008-3090] Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.
16299| [CVE-2008-2881] Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
16300| [CVE-2008-2857] AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
16301| [CVE-2008-2819] SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16302| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
16303| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
16304| [CVE-2008-2079] MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
16305| [CVE-2008-2029] Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
16306| [CVE-2008-1711] Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
16307| [CVE-2008-1567] phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
16308| [CVE-2008-1486] SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
16309| [CVE-2008-0249] PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails.  NOTE: this might only be an issue in limited environments.
16310| [CVE-2008-0227] yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
16311| [CVE-2008-0226] Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
16312| [CVE-2007-6512] PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
16313| [CVE-2007-6418] The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
16314| [CVE-2007-6345] SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib.  NOTE: some of these details are obtained from third party information.
16315| [CVE-2007-6313] MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
16316| [CVE-2007-6304] The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
16317| [CVE-2007-6303] MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
16318| [CVE-2007-6081] AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs.
16319| [CVE-2007-5970] MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
16320| [CVE-2007-5969] MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
16321| [CVE-2007-5925] The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
16322| [CVE-2007-5646] SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
16323| [CVE-2007-5626] make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
16324| [CVE-2007-5488] Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.
16325| [CVE-2007-4889] The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
16326| [CVE-2007-3997] The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
16327| [CVE-2007-3782] MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
16328| [CVE-2007-3781] MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
16329| [CVE-2007-3780] MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
16330| [CVE-2007-3567] MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.
16331| [CVE-2007-2857] PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.
16332| [CVE-2007-2766] lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.
16333| [CVE-2007-2693] MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
16334| [CVE-2007-2692] The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
16335| [CVE-2007-2691] MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
16336| [CVE-2007-2583] The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
16337| [CVE-2007-2554] Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.
16338| [CVE-2007-2429] ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments.  NOTE: the provenance of this information is unknown
16339| [CVE-2007-2364] Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/
16340| [CVE-2007-2204] Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.
16341| [CVE-2007-2016] Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
16342| [CVE-2007-1779] Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.
16343| [CVE-2007-1778] PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
16344| [CVE-2007-1548] SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.
16345| [CVE-2007-1455] Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
16346| [CVE-2007-1439] PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.
16347| [CVE-2007-1420] MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
16348| [CVE-2007-1167] inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
16349| [CVE-2007-1111] Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
16350| [CVE-2007-0926] The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.
16351| [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
16352| [CVE-2007-0828] PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
16353| [CVE-2007-0167] Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/
16354| [CVE-2007-0124] Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
16355| [CVE-2006-7232] sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
16356| [CVE-2006-7194] PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.
16357| [CVE-2006-6948] MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
16358| [CVE-2006-6457] tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
16359| [CVE-2006-6378] BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.
16360| [CVE-2006-6254] administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php.  NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability.
16361| [CVE-2006-5893] Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
16362| [CVE-2006-5702] Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
16363| [CVE-2006-5675] Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.
16364| [CVE-2006-5381] Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.
16365| [CVE-2006-5264] Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter.
16366| [CVE-2006-5127] Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
16367| [CVE-2006-5079] PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter.
16368| [CVE-2006-5065] PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter.
16369| [CVE-2006-5029] SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter.  NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
16370| [CVE-2006-5027] Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc
16371| [CVE-2006-5014] Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
16372| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
16373| [CVE-2006-4835] Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
16374| [CVE-2006-4578] export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.
16375| [CVE-2006-4380] MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
16376| [CVE-2006-4277] Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php.  NOTE: the provenance of this information is unknown
16377| [CVE-2006-4276] PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.
16378| [CVE-2006-4227] MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
16379| [CVE-2006-4226] MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
16380| [CVE-2006-4031] MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
16381| [CVE-2006-3965] Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
16382| [CVE-2006-3964] PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
16383| [CVE-2006-3963] Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
16384| [CVE-2006-3878] Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.
16385| [CVE-2006-3486] ** DISPUTED **  Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called.  NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon.  Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.
16386| [CVE-2006-3469] Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
16387| [CVE-2006-3330] Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.
16388| [CVE-2006-3329] SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.
16389| [CVE-2006-3081] mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
16390| [CVE-2006-2753] SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
16391| [CVE-2006-2750] Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message.
16392| [CVE-2006-2748] SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
16393| [CVE-2006-2742] SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.
16394| [CVE-2006-2543] Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.
16395| [CVE-2006-2329] AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensitive information via a direct request for (1) adodb-access.inc.php, (2) adodb-ado.inc.php, (3) adodb-ado_access.inc, (4) adodb-ado_mssql.inc.php, (5) adodb-borland_ibase, (6) adodb-csv.inc.php, (7) adodb-db2.inc.php, (8) adodb-fbsql.inc.php, (9) adodb-firebird.inc.php, (10) adodb-ibase.inc.php, (11) adodb-informix.inc.php, (12) adodb-informix72.inc, (13) adodb-mssql.inc.php, (14) adodb-mssqlpo.inc.php, (15) adodb-mysql.inc.php, (16) adodb-mysqlt.inc.php, (17) adodb-oci8.inc.php, (18) adodb-oci805.inc.php, (19) adodb-oci8po.inc.php, and (20) adodb-odbc.inc.php, which reveal the path in various error messages
16396| [CVE-2006-2042] Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
16397| [CVE-2006-1930] ** DISPUTED **  Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query...  If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)."  As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.
16398| [CVE-2006-1518] Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
16399| [CVE-2006-1517] sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
16400| [CVE-2006-1516] The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
16401| [CVE-2006-1451] MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
16402| [CVE-2006-1396] Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors.  NOTE: the provenance of this information is unknown
16403| [CVE-2006-1395] SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter.  NOTE: the provenance of this information is unknown
16404| [CVE-2006-1324] Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
16405| [CVE-2006-1211] IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions.  NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
16406| [CVE-2006-1210] The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source.  NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
16407| [CVE-2006-1112] Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.
16408| [CVE-2006-1111] Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection.
16409| [CVE-2006-0909] Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory
16410| [CVE-2006-0903] MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function.  NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
16411| [CVE-2006-0692] Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.
16412| [CVE-2006-0369] ** DISPUTED **  MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views
16413| [CVE-2006-0200] Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
16414| [CVE-2006-0146] The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
16415| [CVE-2006-0097] Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.
16416| [CVE-2006-0056] Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function.  NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.
16417| [CVE-2005-4713] Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.
16418| [CVE-2005-4661] The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.
16419| [CVE-2005-4626] The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request.
16420| [CVE-2005-4237] Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module.
16421| [CVE-2005-2865] Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php.
16422| [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
16423| [CVE-2005-2572] MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
16424| [CVE-2005-2571] FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.
16425| [CVE-2005-2558] Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
16426| [CVE-2005-2468] Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
16427| [CVE-2005-2467] Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
16428| [CVE-2005-2174] Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
16429| [CVE-2005-1944] xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
16430| [CVE-2005-1636] mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
16431| [CVE-2005-1274] Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
16432| [CVE-2005-1121] Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.
16433| [CVE-2005-0799] MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
16434| [CVE-2005-0711] MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
16435| [CVE-2005-0710] MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
16436| [CVE-2005-0709] MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
16437| [CVE-2005-0684] Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
16438| [CVE-2005-0646] SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.
16439| [CVE-2005-0544] phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
16440| [CVE-2005-0111] Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
16441| [CVE-2005-0083] MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.
16442| [CVE-2005-0082] The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.
16443| [CVE-2005-0081] MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.
16444| [CVE-2005-0004] The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
16445| [CVE-2004-2632] phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
16446| [CVE-2004-2398] Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
16447| [CVE-2004-2357] The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.
16448| [CVE-2004-2354] SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
16449| [CVE-2004-2149] Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.
16450| [CVE-2004-2138] Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Comments field.
16451| [CVE-2004-1228] The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
16452| [CVE-2004-0957] Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
16453| [CVE-2004-0956] MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
16454| [CVE-2004-0931] MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.
16455| [CVE-2004-0837] MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
16456| [CVE-2004-0836] Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
16457| [CVE-2004-0835] MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
16458| [CVE-2004-0628] Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
16459| [CVE-2004-0627] The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
16460| [CVE-2004-0457] The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
16461| [CVE-2004-0388] The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
16462| [CVE-2004-0381] mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
16463| [CVE-2003-1480] MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
16464| [CVE-2003-1421] Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors.
16465| [CVE-2003-1383] WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
16466| [CVE-2003-1331] Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
16467| [CVE-2003-0780] Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
16468| [CVE-2003-0515] SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
16469| [CVE-2003-0150] MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
16470| [CVE-2003-0073] Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
16471| [CVE-2002-2043] SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
16472| [CVE-2002-1952] phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.
16473| [CVE-2002-1923] The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
16474| [CVE-2002-1921] The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
16475| [CVE-2002-1809] The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
16476| [CVE-2002-1479] Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users modify databases as the Cacti user and possibly gain privileges.
16477| [CVE-2002-1376] libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
16478| [CVE-2002-1375] The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
16479| [CVE-2002-1374] The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
16480| [CVE-2002-1373] Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
16481| [CVE-2002-0969] Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
16482| [CVE-2002-0229] Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
16483| [CVE-2001-1454] Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
16484| [CVE-2001-1453] Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
16485| [CVE-2001-1275] MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
16486| [CVE-2001-1274] Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
16487| [CVE-2001-1255] WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
16488| [CVE-2001-1226] AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
16489| [CVE-2001-1044] Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
16490| [CVE-2001-0990] Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
16491| [CVE-2001-0645] Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
16492| [CVE-2001-0407] Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
16493| [CVE-2000-0981] MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
16494| [CVE-2000-0957] The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
16495| [CVE-2000-0707] PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
16496| [CVE-2000-0148] MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
16497| [CVE-2000-0045] MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
16498| [CVE-1999-1188] mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
16499| 
16500| SecurityFocus - https://www.securityfocus.com/bid/:
16501| [104370] MySQL Multi-Master Replication Manager Multiple Remote Command Injection Vulnerabilities
16502| [103954] Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
16503| [103876] Oracle MySQL Server CVE-2018-2769 Remote Security Vulnerability
16504| [103845] Oracle MySQL Server CVE-2018-2839 Remote Security Vulnerability
16505| [103838] Oracle MySQL Cluster CVE-2018-2877 Local Security Vulnerability
16506| [103836] Oracle MySQL Server CVE-2018-2812 Remote Security Vulnerability
16507| [103831] Oracle MySQL Server CVE-2018-2805 Remote Security Vulnerability
16508| [103830] Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
16509| [103828] Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
16510| [103825] Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
16511| [103824] Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
16512| [103820] Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
16513| [103818] Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
16514| [103814] Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
16515| [103811] Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
16516| [103807] Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
16517| [103805] Oracle MySQL Server CVE-2018-2766 Remote Security Vulnerability
16518| [103804] Oracle MySQL Server CVE-2018-2787 Remote Security Vulnerability
16519| [103802] Oracle MySQL Server CVE-2018-2758 Remote Security Vulnerability
16520| [103801] Oracle MySQL Server CVE-2018-2784 Remote Security Vulnerability
16521| [103799] Oracle MySQL Server CVE-2018-2782 Remote Security Vulnerability
16522| [103794] Oracle MySQL Server CVE-2018-2762 Remote Security Vulnerability
16523| [103791] Oracle MySQL Server CVE-2018-2776 Remote Security Vulnerability
16524| [103790] Oracle MySQL Server CVE-2018-2846 Remote Security Vulnerability
16525| [103789] Oracle MySQL Server CVE-2018-2816 Remote Security Vulnerability
16526| [103787] Oracle MySQL Server CVE-2018-2779 Remote Security Vulnerability
16527| [103785] Oracle MySQL Server CVE-2018-2778 Remote Security Vulnerability
16528| [103783] Oracle MySQL Server CVE-2018-2810 Remote Security Vulnerability
16529| [103781] Oracle MySQL Server CVE-2018-2777 Remote Security Vulnerability
16530| [103780] Oracle MySQL Server CVE-2018-2759 Remote Security Vulnerability
16531| [103779] Oracle MySQL Server CVE-2018-2786 Remote Security Vulnerability
16532| [103778] Oracle MySQL Server CVE-2018-2780 Remote Security Vulnerability
16533| [103777] Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
16534| [102714] Oracle MySQL Server CVE-2018-2591	Remote Security Vulnerability
16535| [102713] Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
16536| [102712] Oracle MySQL Server CVE-2018-2565	Remote Security Vulnerability
16537| [102711] Oracle MySQL Server CVE-2018-2647	Remote Security Vulnerability
16538| [102710] Oracle MySQL Server CVE-2018-2573	Remote Security Vulnerability
16539| [102709] Oracle MySQL Server CVE-2018-2612 Remote Security Vulnerability
16540| [102708] Oracle MySQL Server CVE-2018-2583	Remote Security Vulnerability
16541| [102706] Oracle MySQL Server CVE-2018-2622 Remote Security Vulnerability
16542| [102704] Oracle MySQL Server CVE-2018-2703 Remote Security Vulnerability
16543| [102703] Oracle MySQL Server CVE-2018-2646 Remote Security Vulnerability
16544| [102701] Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
16545| [102700] Oracle MySQL Server CVE-2018-2586 Remote Security Vulnerability
16546| [102698] Oracle MySQL Server CVE-2018-2645 Remote Security Vulnerability
16547| [102697] Oracle MySQL Server CVE-2018-2590 Remote Security Vulnerability
16548| [102696] Oracle MySQL Server CVE-2018-2600	Remote Security Vulnerability
16549| [102695] Oracle MySQL Server CVE-2018-2576 Remote Security Vulnerability
16550| [102685] Oracle MySQL Server CVE-2018-2667	Remote Security Vulnerability
16551| [102682] Oracle MySQL Server CVE-2018-2668	Remote Security Vulnerability
16552| [102681] Oracle MySQL Server CVE-2018-2665	Remote Security Vulnerability
16553| [102678] Oracle MySQL Server CVE-2018-2640 Remote Security Vulnerability
16554| [102674] Oracle MySQL Connectors CVE-2018-2585 Remote Security Vulnerability
16555| [101448] Oracle MySQL Server CVE-2017-10313 Remote Security Vulnerability
16556| [101446] Oracle MySQL Server CVE-2017-10311 Remote Security Vulnerability
16557| [101444] Oracle MySQL Server CVE-2017-10294 Remote Security Vulnerability
16558| [101441] Oracle MySQL Server CVE-2017-10276 Remote Security Vulnerability
16559| [101439] Oracle MySQL Connectors CVE-2017-10277 Remote Security Vulnerability
16560| [101433] Oracle MySQL Server CVE-2017-10167 Remote Security Vulnerability
16561| [101429] Oracle MySQL Server CVE-2017-10365 Remote Security Vulnerability
16562| [101424] Oracle MySQL Server CVE-2017-10165 Remote Security Vulnerability
16563| [101420] Oracle MySQL Server CVE-2017-10283 Remote Security Vulnerability
16564| [101415] Oracle MySQL Server CVE-2017-10379 Remote Security Vulnerability
16565| [101410] Oracle MySQL Server CVE-2017-10320 Remote Security Vulnerability
16566| [101406] Oracle MySQL Server CVE-2017-10384 Remote Security Vulnerability
16567| [101402] Oracle MySQL Server CVE-2017-10155 Remote Security Vulnerability
16568| [101397] Oracle MySQL Server CVE-2017-10286 Remote Security Vulnerability
16569| [101390] Oracle MySQL Server CVE-2017-10268 Local Security Vulnerability
16570| [101385] Oracle MySQL Server CVE-2017-10284 Remote Security Vulnerability
16571| [101381] Oracle MySQL Enterprise Monitor CVE-2017-10424 Remote Security Vulnerability
16572| [101375] Oracle MySQL Server CVE-2017-10378 Remote Security Vulnerability
16573| [101373] Oracle MySQL Server CVE-2017-10296 Remote Security Vulnerability
16574| [101337] Oracle MySQL Server CVE-2017-10227 Remote Security Vulnerability
16575| [101324] Oracle MySQL Connectors CVE-2017-10203 Remote Security Vulnerability
16576| [101316] Oracle MySQL Server CVE-2017-10279 Remote Security Vulnerability
16577| [101314] Oracle MySQL Server CVE-2017-10314 Remote Security Vulnerability
16578| [99810] Oracle MySQL Server CVE-2017-3653 Remote Security Vulnerability
16579| [99808] Oracle MySQL Server CVE-2017-3650 Remote Security Vulnerability
16580| [99805] Oracle MySQL Server CVE-2017-3652 Remote Security Vulnerability
16581| [99802] Oracle MySQL Server CVE-2017-3651 Remote Security Vulnerability
16582| [99799] Oracle MySQL Server CVE-2017-3649 Remote Security Vulnerability
16583| [99796] Oracle MySQL Server CVE-2017-3647 Remote Security Vulnerability
16584| [99789] Oracle MySQL Server CVE-2017-3648 Remote Security Vulnerability
16585| [99786] Oracle MySQL Server CVE-2017-3646 Remote Security Vulnerability
16586| [99783] Oracle MySQL Server CVE-2017-3645 Remote Security Vulnerability
16587| [99779] Oracle MySQL Server CVE-2017-3642 Remote Security Vulnerability
16588| [99778] Oracle MySQL Server CVE-2017-3638 Remote Security Vulnerability
16589| [99775] Oracle MySQL Server CVE-2017-3644 Remote Security Vulnerability
16590| [99772] Oracle MySQL Server CVE-2017-3643 Remote Security Vulnerability
16591| [99767] Oracle MySQL Server CVE-2017-3641 Remote Security Vulnerability
16592| [99765] Oracle MySQL Server CVE-2017-3640 Remote Security Vulnerability
16593| [99753] Oracle MySQL Server CVE-2017-3639 Remote Security Vulnerability
16594| [99748] Oracle MySQL Server CVE-2017-3637 Remote Security Vulnerability
16595| [99746] Oracle MySQL Server CVE-2017-3529 Remote Security Vulnerability
16596| [99736] Oracle MySQL Server CVE-2017-3636 Local Security Vulnerability
16597| [99730] Oracle MySQL Connectors/MySQL Server CVE-2017-3635 Remote Security Vulnerability
16598| [99729] Oracle MySQL Server CVE-2017-3634 Remote Security Vulnerability
16599| [99722] Oracle MySQL Server CVE-2017-3633 Remote Security Vulnerability
16600| [99374] Perl DBD::mysql Module CVE-2017-10788 Use After Free Denial of Service Vulnerability
16601| [99364] Perl DBD::mysql Module CVE-2017-10789 Man in the Middle Security Bypass Vulnerability
16602| [97982] Oracle MySQL Connectors CVE-2017-3523 Remote Security Vulnerability
16603| [97960] MySQL-GUI-tools CVE-2010-4178 Local Information Disclosure Vulnerability
16604| [97959] MySQL-GUI-tools CVE-2010-4177 Local Information Disclosure Vulnerability
16605| [97851] Oracle MySQL Server CVE-2017-3462 Remote Security Vulnerability
16606| [97849] Oracle MySQL Server CVE-2017-3463 Remote Security Vulnerability
16607| [97848] Oracle MySQL Server CVE-2017-3468 Remote Security Vulnerability
16608| [97847] Oracle MySQL Server CVE-2017-3459 Remote Security Vulnerability
16609| [97845] Oracle MySQL Server CVE-2017-3457 Remote Security Vulnerability
16610| [97844] Oracle MySQL Enterprise Monitor CVE-2017-3307 Remote Security Vulnerability
16611| [97840] Oracle MySQL Connectors CVE-2017-3590 Local Security Vulnerability
16612| [97837] Oracle MySQL Server CVE-2017-3458 Remote Security Vulnerability
16613| [97836] Oracle MySQL Connectors CVE-2017-3589 Local Security Vulnerability
16614| [97833] Oracle MySQL Workbench CVE-2017-3469 Remote Security Vulnerability
16615| [97831] Oracle MySQL Server CVE-2017-3456 Remote Security Vulnerability
16616| [97826] Oracle MySQL Server CVE-2017-3460 Remote Security Vulnerability
16617| [97825] Oracle MySQL Server CVE-2017-3467 Remote Security Vulnerability
16618| [97822] Oracle MySQL Server CVE-2017-3465 Remote Security Vulnerability
16619| [97820] Oracle MySQL Server CVE-2017-3455 Remote Security Vulnerability
16620| [97818] Oracle MySQL Server CVE-2017-3464 Remote Security Vulnerability
16621| [97815] Oracle MySQL Cluster CVE-2017-3304 Remote Security Vulnerability
16622| [97812] Oracle MySQL Server CVE-2017-3461 Remote Security Vulnerability
16623| [97791] Oracle MySQL Server CVE-2017-3454 Remote Security Vulnerability
16624| [97784] Oracle MySQL Connectors CVE-2017-3586 Remote Security Vulnerability
16625| [97779] Oracle MySQL Server CVE-2017-3452 Remote Security Vulnerability
16626| [97776] Oracle MySQL Server CVE-2017-3453 Remote Security Vulnerability
16627| [97772] Oracle MySQL Server CVE-2017-3331 Remote Security Vulnerability
16628| [97765] Oracle MySQL Server CVE-2017-3600 Remote Security Vulnerability
16629| [97763] Oracle MySQL Server CVE-2017-3329 Remote Security Vulnerability
16630| [97754] Oracle MySQL Server CVE-2017-3599 Remote Security Vulnerability
16631| [97747] Oracle MySQL Server CVE-2017-3450 Remote Security Vulnerability
16632| [97742] Oracle MySQL Server CVE-2017-3309 Remote Security Vulnerability
16633| [97725] Oracle MySQL Server CVE-2017-3308 Remote Security Vulnerability
16634| [97724] Oracle MySQL Enterprise Monitor CVE-2017-3306 Remote Security Vulnerability
16635| [97023] MySQL CVE-2017-3305 Man in the Middle Security Bypass Vulnerability
16636| [96300] PHP 'ext/mysqli/mysqli.c' Denial of Service Vulnerability
16637| [96162] MariaDB and MySQL CVE-2017-3302 Denial of Service Vulnerability
16638| [95592] Oracle MySQL Cluster CVE-2016-5541 Remote Security Vulnerability
16639| [95589] Oracle MySQL Server CVE-2017-3257 Remote Security Vulnerability
16640| [95588] Oracle MySQL Server CVE-2017-3318 Local Security Vulnerability
16641| [95585] Oracle MySQL Server CVE-2017-3317 Local Security Vulnerability
16642| [95583] Oracle MySQL Server CVE-2017-3273 Remote Security Vulnerability
16643| [95580] Oracle MySQL Server CVE-2016-8318 Remote Security Vulnerability
16644| [95575] Oracle MySQL Cluster CVE-2017-3323 Remote Security Vulnerability
16645| [95574] Oracle MySQL Cluster CVE-2017-3322 Remote Security Vulnerability
16646| [95571] Oracle MySQL Server CVE-2017-3238 Remote Security Vulnerability
16647| [95565] Oracle MySQL Server CVE-2017-3244 Remote Security Vulnerability
16648| [95562] Oracle MySQL Cluster CVE-2017-3321 Remote Security Vulnerability
16649| [95560] Oracle MySQL Server CVE-2017-3258 Remote Security Vulnerability
16650| [95542] Oracle MySQL Enterprise Monitor CVE-2016-5590 Remote Security Vulnerability
16651| [95538] Oracle MySQL Server CVE-2017-3243 Remote Security Vulnerability
16652| [95527] Oracle MySQL Server CVE-2017-3313 Local Security Vulnerability
16653| [95520] Oracle MySQL Server CVE-2017-3265 Local Security Vulnerability
16654| [95501] Oracle MySQL Server CVE-2017-3291 Local Security Vulnerability
16655| [95491] Oracle MySQL Server CVE-2017-3312 Local Security Vulnerability
16656| [95486] Oracle MySQL Server CVE-2017-3256 Remote Security Vulnerability
16657| [95482] Oracle MySQL Server CVE-2017-3251 Remote Security Vulnerability
16658| [95479] Oracle MySQL Server CVE-2017-3319 Remote Security Vulnerability
16659| [95470] Oracle MySQL Server CVE-2017-3320 Remote Security Vulnerability
16660| [95146] Pivotal MySQL for PCF CVE-2016-0898 Information Disclosure Vulnerability
16661| [94350] DBD::mysql CVE-2016-1249 Out-Of-Bounds Read Information Disclosure Vulnerability
16662| [93755] Oracle MySQL CVE-2016-8284 Local Security Vulnerability
16663| [93745] Oracle MySQL CVE-2016-8286 Remote Security Vulnerability
16664| [93740] Oracle MySQL CVE-2016-8288 Remote Security Vulnerability
16665| [93737] Oracle MySQL CVE-2016-8283 Remote Security Vulnerability
16666| [93735] Oracle MySQL CVE-2016-5584 Remote Security Vulnerability
16667| [93733] Oracle MySQL CVE-2016-8290 Remote Security Vulnerability
16668| [93727] Oracle MySQL CVE-2016-8287 Remote Security Vulnerability
16669| [93720] Oracle MySQL CVE-2016-8289 Local Security Vulnerability
16670| [93715] Oracle MySQL CVE-2016-5635 Remote Security Vulnerability
16671| [93709] Oracle MySQL CVE-2016-5634 Remote Security Vulnerability
16672| [93702] Oracle MySQL CVE-2016-5633 Remote Security Vulnerability
16673| [93693] Oracle MySQL CVE-2016-5632 Remote Security Vulnerability
16674| [93684] Oracle MySQL CVE-2016-5631 Remote Security Vulnerability
16675| [93678] Oracle MySQL CVE-2016-5507 Remote Security Vulnerability
16676| [93674] Oracle MySQL CVE-2016-5630 Remote Security Vulnerability
16677| [93670] Oracle MySQL CVE-2016-3495 Remote Security Vulnerability
16678| [93668] Oracle MySQL CVE-2016-5629 Remote Security Vulnerability
16679| [93662] Oracle MySQL CVE-2016-5628 Remote Security Vulnerability
16680| [93659] Oracle MySQL CVE-2016-7440 Local Security Vulnerability
16681| [93653] Oracle MySQL Connector CVE-2016-5598 Remote Security Vulnerability
16682| [93650] Oracle MySQL CVE-2016-3492 Remote Security Vulnerability
16683| [93642] Oracle MySQL CVE-2016-5627 Remote Security Vulnerability
16684| [93638] Oracle MySQL CVE-2016-5626 Remote Security Vulnerability
16685| [93635] Oracle MySQL CVE-2016-5624 Remote Security Vulnerability
16686| [93630] Oracle MySQL CVE-2016-5612 Remote Security Vulnerability
16687| [93622] Oracle MySQL CVE-2016-5609 Remote Security Vulnerability
16688| [93617] Oracle MySQL CVE-2016-5625 Local Security Vulnerability
16689| [93614] RETIRED: Oracle MySQL CVE-2016-5616 Local Security Vulnerability
16690| [93612] Oracle MySQL CVE-2016-6664 Local Security Vulnerability
16691| [93480] Pivotal Cloud Foundry cf-mysql CVE-2016-6653 Information Disclosure Vulnerability
16692| [93337] perl-DBD-MySQL CVE-2016-1246 Remote Buffer Overflow Vulnerability
16693| [92912] Oracle MySQL CVE-2016-6662 Remote Code Execution Vulnerability
16694| [92911] Oracle MySQL CVE-2016-6663 Unspecified Security Vulnerability
16695| [92149] DBD::mysql CVE-2014-9906 Incomplete Fix  Use After Free Remote Code Execution Vulnerability
16696| [92118] DBD::mysql 'my_login()' Function Use After Free Remote Code Execution Vulnerability
16697| [91999] Oracle MySQL CVE-2016-3452 Remote Security Vulnerability
16698| [91992] Oracle MySQL CVE-2016-3614 Remote Security Vulnerability
16699| [91987] Oracle MySQL CVE-2016-5444 Remote Security Vulnerability
16700| [91983] Oracle MySQL CVE-2016-3588 Remote Security Vulnerability
16701| [91980] Oracle MySQL CVE-2016-3486 Remote Security Vulnerability
16702| [91976] Oracle MySQL CVE-2016-3424 Remote Security Vulnerability
16703| [91974] Oracle MySQL CVE-2016-5442 Remote Security Vulnerability
16704| [91969] Oracle MySQL CVE-2016-5439 Remote Security Vulnerability
16705| [91967] Oracle MySQL CVE-2016-3518 Remote Security Vulnerability
16706| [91963] Oracle MySQL CVE-2016-5443 Local Security Vulnerability
16707| [91960] Oracle MySQL CVE-2016-3615 Remote Security Vulnerability
16708| [91953] Oracle MySQL CVE-2016-5440 Remote Security Vulnerability
16709| [91949] Oracle MySQL CVE-2016-3501 Remote Security Vulnerability
16710| [91943] Oracle MySQL CVE-2016-3459 Remote Security Vulnerability
16711| [91932] Oracle MySQL CVE-2016-3521 Remote Security Vulnerability
16712| [91917] Oracle MySQL CVE-2016-5437 Remote Security Vulnerability
16713| [91915] Oracle MySQL CVE-2016-5441 Remote Security Vulnerability
16714| [91913] Oracle MySQL CVE-2016-3471 Local Security Vulnerability
16715| [91910] Oracle MySQL CVE-2016-3440 Remote Security Vulnerability
16716| [91906] Oracle MySQL CVE-2016-5436 Remote Security Vulnerability
16717| [91902] Oracle MySQL CVE-2016-3477 Local Security Vulnerability
16718| [90165] MySQL CVE-2005-0799 Denial-Of-Service Vulnerability
16719| [89812] xMySQLadmin CVE-2005-1944 Local Security Vulnerability
16720| [89412] MySQL CVE-2005-2573 Directory Traversal Vulnerability
16721| [88627] MySQL CVE-1999-1188 Local Security Vulnerability
16722| [88032] MySQL CVE-2001-1275 Local Security Vulnerability
16723| [87310] Btsavemysql CVE-2006-6378 Remote Security Vulnerability
16724| [86999] MySQL CVE-2001-1274 Denial-Of-Service Vulnerability
16725| [86513] Oracle MySQL CVE-2016-0665 Remote Security Vulnerability
16726| [86511] Oracle MySQL CVE-2016-0661 Remote Security Vulnerability
16727| [86509] Oracle MySQL CVE-2016-0666 Remote Security Vulnerability
16728| [86506] Oracle MySQL CVE-2016-0662 Remote Security Vulnerability
16729| [86504] Oracle MySQL CVE-2016-0654 Remote Security Vulnerability
16730| [86501] Oracle MySQL CVE-2016-0651 Remote Security Vulnerability
16731| [86498] Oracle MySQL CVE-2016-0649 Remote Security Vulnerability
16732| [86496] Oracle MySQL CVE-2016-0650 Remote Security Vulnerability
16733| [86495] Oracle MySQL CVE-2016-0647 Remote Security Vulnerability
16734| [86493] Oracle MySQL CVE-2016-0659 Remote Security Vulnerability
16735| [86489] Oracle MySQL CVE-2016-3461 Remote Security Vulnerability
16736| [86486] Oracle MySQL CVE-2016-0643 Remote Security Vulnerability
16737| [86484] Oracle MySQL CVE-2016-0667 Remote Security Vulnerability
16738| [86470] Oracle MySQL CVE-2016-0641 Remote Security Vulnerability
16739| [86467] Oracle MySQL CVE-2016-0668 Remote Security Vulnerability
16740| [86463] Oracle MySQL CVE-2016-0658 Remote Security Vulnerability
16741| [86457] Oracle MySQL CVE-2016-0648 Remote Security Vulnerability
16742| [86454] Oracle MySQL CVE-2016-0652 Remote Security Vulnerability
16743| [86451] Oracle MySQL CVE-2016-0663 Remote Security Vulnerability
16744| [86445] Oracle MySQL CVE-2016-0642 Remote Security Vulnerability
16745| [86442] Oracle MySQL CVE-2016-0644 Remote Security Vulnerability
16746| [86439] Oracle MySQL CVE-2016-0653 Remote Security Vulnerability
16747| [86436] Oracle MySQL CVE-2016-0646 Remote Security Vulnerability
16748| [86433] Oracle MySQL CVE-2016-0657 Remote Security Vulnerability
16749| [86431] Oracle MySQL CVE-2016-0656 Remote Security Vulnerability
16750| [86427] Oracle MySQL CVE-2016-0640 Remote Security Vulnerability
16751| [86424] Oracle MySQL CVE-2016-0655 Remote Security Vulnerability
16752| [86418] Oracle MySQL CVE-2016-0639 Remote Security Vulnerability
16753| [85985] MariaDB and MySQL CVE-2015-5969 Local Information Disclosure Vulnerability
16754| [85262] MySQL CVE-2007-5970 Remote Security Vulnerability
16755| [85246] Mysql Community Server CVE-2007-6313 Remote Security Vulnerability
16756| [85215] Mysql Banner Exchange CVE-2007-6512 Denial-Of-Service Vulnerability
16757| [83639] MySQLDumper CVE-2006-5264 Cross-Site Scripting Vulnerability
16758| [83232] MySQL Connector/Net CVE-2006-4227 Remote Security Vulnerability
16759| [83194] MySQL CVE-2004-0628 Denial Of Service Vulnerability
16760| [82913] MySQL CVE-2001-1453 Remote Security Vulnerability
16761| [82911] MySQL CVE-2001-1454 Remote Security Vulnerability
16762| [81810] MariaDB/MySQL/Percona Server CVE-2016-2047 SSL Certificate Validation Security Bypass Vulnerability
16763| [81258] Oracle MySQL CVE-2016-0609 Remote Security Vulnerability
16764| [81253] Oracle MySQL CVE-2016-0605 Remote Security Vulnerability
16765| [81245] Oracle MySQL CVE-2015-7744 Remote Security Vulnerability
16766| [81238] Oracle MySQL CVE-2016-0607 Remote Security Vulnerability
16767| [81226] Oracle MySQL CVE-2016-0608 Remote Security Vulnerability
16768| [81211] Oracle MySQL CVE-2016-0601 Remote Security Vulnerability
16769| [81203] Oracle MySQL CVE-2016-0599 Remote Security Vulnerability
16770| [81198] Oracle MySQL CVE-2016-0610 Remote Security Vulnerability
16771| [81188] Oracle MySQL CVE-2016-0600 Remote Security Vulnerability
16772| [81182] Oracle MySQL CVE-2016-0598 Remote Security Vulnerability
16773| [81176] Oracle MySQL CVE-2016-0616 Remote Security Vulnerability
16774| [81164] Oracle MySQL CVE-2016-0611 Remote Security Vulnerability
16775| [81151] Oracle MySQL CVE-2016-0597 Remote Security Vulnerability
16776| [81136] Oracle MySQL CVE-2016-0502 Remote Security Vulnerability
16777| [81130] Oracle MySQL CVE-2016-0596 Remote Security Vulnerability
16778| [81126] Oracle MySQL CVE-2016-0503 Remote Security Vulnerability
16779| [81121] Oracle MySQL CVE-2016-0595 Remote Security Vulnerability
16780| [81108] Oracle MySQL CVE-2016-0594 Remote Security Vulnerability
16781| [81088] Oracle MySQL CVE-2016-0505 Remote Security Vulnerability
16782| [81077] Oracle MySQL CVE-2016-0504 Remote Security Vulnerability
16783| [81066] Oracle MySQL CVE-2016-0546 Local Security Vulnerability
16784| [79408] Mysql-Ocaml CVE-2009-2942 Remote Security Vulnerability
16785| [79044] kiddog_mysqldumper CVE-2010-0336 Information Disclosure Vulnerability
16786| [78373] MySQL CVE-2011-5049 Denial-Of-Service Vulnerability
16787| [77237] Oracle MySQL Server CVE-2015-4826 Remote Security Vulnerability
16788| [77234] Oracle MySQL Server CVE-2015-4910 Remote Security Vulnerability
16789| [77232] Oracle MySQL Server CVE-2015-4766 Local Security Vulnerability
16790| [77231] Oracle MySQL Server CVE-2015-4890 Remote Security Vulnerability
16791| [77228] Oracle MySQL Server CVE-2015-4830 Remote Security Vulnerability
16792| [77222] Oracle MySQL Server CVE-2015-4815 Remote Security Vulnerability
16793| [77219] Oracle MySQL Server CVE-2015-4904 Remote Security Vulnerability
16794| [77216] Oracle MySQL Server CVE-2015-4800 Remote Security Vulnerability
16795| [77213] Oracle MySQL Server CVE-2015-4791 Remote Security Vulnerability
16796| [77208] Oracle MySQL Server CVE-2015-4870 Remote Security Vulnerability
16797| [77205] Oracle MySQL Server CVE-2015-4807 Remote Security Vulnerability
16798| [77199] Oracle MySQL Server CVE-2015-4730 Remote Security Vulnerability
16799| [77196] Oracle MySQL Server CVE-2015-4819 Local Security Vulnerability
16800| [77190] Oracle MySQL Server CVE-2015-4836 Remote Security Vulnerability
16801| [77187] Oracle MySQL Server CVE-2015-4864 Remote Security Vulnerability
16802| [77171] Oracle MySQL Server CVE-2015-4792 Remote Security Vulnerability
16803| [77170] Oracle MySQL Server CVE-2015-4833 Remote Security Vulnerability
16804| [77165] Oracle MySQL Server CVE-2015-4802 Remote Security Vulnerability
16805| [77153] Oracle MySQL Server CVE-2015-4913 Remote Security Vulnerability
16806| [77147] Oracle MySQL Server CVE-2015-4862 Remote Security Vulnerability
16807| [77145] Oracle MySQL Server CVE-2015-4858 Remote Security Vulnerability
16808| [77143] Oracle MySQL Server CVE-2015-4905 Remote Security Vulnerability
16809| [77140] Oracle MySQL Server CVE-2015-4879 Remote Security Vulnerability
16810| [77137] Oracle MySQL Server CVE-2015-4861 Remote Security Vulnerability
16811| [77136] Oracle MySQL Server CVE-2015-4895 Remote Security Vulnerability
16812| [77134] Oracle MySQL Server CVE-2015-4816 Remote Security Vulnerability
16813| [77132] Oracle MySQL Server CVE-2015-4866 Remote Security Vulnerability
16814| [77015] Oracle MySQL Multiple Buffer Overflow Vulnerabilities
16815| [75849] Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
16816| [75844] Oracle MySQL Server CVE-2015-4767 Remote Security Vulnerability
16817| [75837] Oracle MySQL Server CVE-2015-2620 Remote Security Vulnerability
16818| [75835] Oracle MySQL Server CVE-2015-4771 Remote Security Vulnerability
16819| [75830] Oracle MySQL Server CVE-2015-2643 Remote Security Vulnerability
16820| [75822] Oracle MySQL Server CVE-2015-2648 Remote Security Vulnerability
16821| [75815] Oracle MySQL Server CVE-2015-2641 Remote Security Vulnerability
16822| [75813] Oracle MySQL Server CVE-2015-2661 Local Security Server Vulnerability
16823| [75802] Oracle MySQL Server CVE-2015-4737 Remote Security Vulnerability
16824| [75785] Oracle MySQL Server CVE-2015-4756 Remote Security Vulnerability
16825| [75781] Oracle MySQL Server CVE-2015-4772 Remote Security Vulnerability
16826| [75774] Oracle MySQL Server CVE-2015-2617 Remote Security Vulnerability
16827| [75770] Oracle MySQL Server CVE-2015-4761 Remote Security Vulnerability
16828| [75762] Oracle MySQL Server CVE-2015-2611 Remote Security Vulnerability
16829| [75760] Oracle MySQL Server CVE-2015-2639 Remote Security Vulnerability
16830| [75759] Oracle MySQL Server CVE-2015-4757 Remote Security Vulnerability
16831| [75753] Oracle MySQL Server CVE-2015-4769 Remote Security Vulnerability
16832| [75751] Oracle MySQL Server CVE-2015-2582  Remote Security Vulnerability
16833| [75397] MySql Lite Administrator Multiple Cross Site Scripting Vulnerabilities
16834| [75394] WordPress wp-instance-rename Plugin 'mysqldump_download.php' Arbitrary File Download Vulnerability
16835| [74695] Tiny MySQL 'tinymy.php' Cross Site Scripting Vulnerability
16836| [74398] Oracle MySQL CVE-2015-3152 SSL Certificate Validation Security Bypass Vulnerability
16837| [74137] Oracle MySQL Utilities CVE-2015-2576 Local Security Vulnerability
16838| [74133] Oracle MySQL Server CVE-2015-0498 Remote Security Vulnerability
16839| [74130] Oracle MySQL Server CVE-2015-0511 Remote Security Vulnerability
16840| [74126] Oracle MySQL Server CVE-2015-2566 Remote Security Vulnerability
16841| [74123] Oracle MySQL Server CVE-2015-2567 Remote Security Vulnerability
16842| [74121] Oracle MySQL Server CVE-2015-0507 Remote Security Vulnerability
16843| [74120] Oracle MySQL Server CVE-2015-0506 Remote Security Vulnerability
16844| [74115] Oracle MySQL Server CVE-2015-0499 Remote Security Vulnerability
16845| [74112] Oracle MySQL Server CVE-2015-0505 Remote Security Vulnerability
16846| [74110] Oracle MySQL Server CVE-2015-0405 Remote Security Vulnerability
16847| [74103] Oracle MySQL Server CVE-2015-0441 Remote Security Vulnerability
16848| [74102] Oracle MySQL Server CVE-2015-0503 Remote Security Vulnerability
16849| [74098] Oracle MySQL Server CVE-2015-0438 Remote Security Vulnerability
16850| [74095] Oracle MySQL Server CVE-2015-2571 Remote Security Vulnerability
16851| [74091] Oracle MySQL Server CVE-2015-0423 Remote Security Vulnerability
16852| [74089] Oracle MySQL Server CVE-2015-0433 Remote Security Vulnerability
16853| [74086] Oracle MySQL Server CVE-2015-0508 Remote Security Vulnerability
16854| [74085] Oracle MySQL Server CVE-2015-0439 Remote Security Vulnerability
16855| [74081] Oracle MySQL Server CVE-2015-0500 Remote Security Vulnerability
16856| [74078] Oracle MySQL Server CVE-2015-2573 Remote Security Vulnerability
16857| [74075] Oracle MySQL Connectors CVE-2015-2575 Remote Security Vulnerability
16858| [74073] Oracle MySQL Server CVE-2015-2568 Remote Security Vulnerability
16859| [74070] Oracle MySQL Server CVE-2015-0501 Remote Security Vulnerability
16860| [72728] RubyGems xaviershay-dm-rails 'storage.rb' MySQL Credential Information Disclosure Vulnerability
16861| [72229] Oracle MySQL Server CVE-2015-0385 Remote Security Vulnerability
16862| [72227] Oracle MySQL Server CVE-2015-0374 Remote Security Vulnerability
16863| [72223] Oracle MySQL Server CVE-2015-0409 Remote Security Vulnerability
16864| [72217] Oracle MySQL Server CVE-2015-0432 Remote Security Vulnerability
16865| [72214] Oracle MySQL Server CVE-2015-0381 Remote Security Vulnerability
16866| [72210] Oracle MySQL Server CVE-2014-6568 Remote Security Vulnerability
16867| [72205] Oracle MySQL Server CVE-2015-0391 Remote Security Vulnerability
16868| [72200] Oracle MySQL Server CVE-2015-0382 Remote Security Vulnerability
16869| [72191] Oracle MySQL Server CVE-2015-0411 Remote Security Vulnerability
16870| [70550] Oracle MySQL Server CVE-2014-6507 Remote Security Vulnerability
16871| [70540] RETIRED: Oracle MySQL Server CVE-2012-5615 Remote Security Vulnerability
16872| [70532] Oracle MySQL Server CVE-2014-6463 Remote Security Vulnerability
16873| [70530] Oracle MySQL Server CVE-2014-6555 Remote Security Vulnerability
16874| [70525] Oracle MySQL Server CVE-2014-6489 Remote Security Vulnerability
16875| [70517] Oracle MySQL Server CVE-2014-4287 Remote Security Vulnerability
16876| [70516] Oracle MySQL Server CVE-2014-6505 Remote Security Vulnerability
16877| [70511] Oracle MySQL Server CVE-2014-6564 Remote Security Vulnerability
16878| [70510] Oracle MySQL Server CVE-2014-6520 Remote Security Vulnerability
16879| [70497] Oracle MySQL Server CVE-2014-6494 Remote Security Vulnerability
16880| [70496] Oracle MySQL Server CVE-2014-6495 Remote Security Vulnerability
16881| [70489] Oracle MySQL Server CVE-2014-6478 Remote Security Vulnerability
16882| [70487] Oracle MySQL Server CVE-2014-6559 Remote Security Vulnerability
16883| [70486] Oracle MySQL Server CVE-2014-6530 Remote Security Vulnerability
16884| [70478] Oracle MySQL Server CVE-2014-6500 Remote Security Vulnerability
16885| [70469] Oracle MySQL Server CVE-2014-6496 Remote Security Vulnerability
16886| [70462] Oracle MySQL Server CVE-2014-6551 Local Security Vulnerability
16887| [70455] Oracle MySQL Server CVE-2014-6484 Remote Security Vulnerability
16888| [70451] Oracle MySQL Server CVE-2014-6464 Remote Security Vulnerability
16889| [70448] Oracle MySQL Server CVE-2014-6474 Remote Security Vulnerability
16890| [70446] Oracle MySQL Server CVE-2014-6469 Remote Security Vulnerability
16891| [70444] Oracle MySQL Server CVE-2014-6491 Remote Security Vulnerability
16892| [69743] Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
16893| [69732] MySQL MyISAM Insecure Temporary File Creation Vulnerability
16894| [68736] RubyGems lean-ruport MySQL Credential Local Information Disclosure Vulnerability
16895| [68607] Oracle MySQL Server CVE-2014-4214 Remote Security Vulnerability
16896| [68602] Oracle MySQL Server CVE-2014-4240 Local Security Vulnerability
16897| [68598] Oracle MySQL Server CVE-2014-4233 Remote Security Vulnerability
16898| [68593] Oracle MySQL Server CVE-2014-4207 Remote Security Vulnerability
16899| [68587] Oracle MySQL Server CVE-2014-4238 Remote Security Vulnerability
16900| [68579] Oracle MySQL Server CVE-2014-2494 Remote Security Vulnerability
16901| [68573] Oracle MySQL Server CVE-2014-4260 Remote Security Vulnerability
16902| [68564] Oracle MySQL Server CVE-2014-4258 Remote Security Vulnerability
16903| [66896] Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability
16904| [66890] Oracle MySQL Server CVE-2014-2431 Remote Security Vulnerability
16905| [66885] Oracle MySQL Server CVE-2014-2444 Remote Security Vulnerability
16906| [66880] Oracle MySQL Server CVE-2014-2419 Remote Security Vulnerability
16907| [66872] Oracle MySQL Server CVE-2014-2434 Remote Security Vulnerability
16908| [66863] Oracle MySQL Server CVE-2014-2450 Remote Security Vulnerability
16909| [66858] Oracle MySQL Server CVE-2014-2430 Remote Security Vulnerability
16910| [66853] Oracle MySQL Server CVE-2014-2435 Remote Security Vulnerability
16911| [66850] Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability
16912| [66846] Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability
16913| [66835] Oracle MySQL Server CVE-2014-0384 Remote Security Vulnerability
16914| [66828] Oracle MySQL Server CVE-2014-2451 Remote Security Vulnerability
16915| [66823] Oracle MySQL Server CVE-2014-2442 Remote Security Vulnerability
16916| [66153] lighttpd 'mod_mysql_vhost.c' SQL Injection Vulnerability
16917| [65890] InterWorx MySQL Password Information Disclosure Vulnerability
16918| [65621] Percona Toolkit for MySQL Automatic Version Check Information Disclosure Vulnerability
16919| [65298] Oracle MySQL Client 'main()' Function Buffer Overflow Vulnerability
16920| [64908] Oracle MySQL Server CVE-2014-0402 Remote Security Vulnerability
16921| [64904] Oracle MySQL Server CVE-2014-0386 Remote Security Vulnerability
16922| [64898] Oracle MySQL Server CVE-2014-0401 Remote Security Vulnerability
16923| [64897] Oracle MySQL Server CVE-2014-0431 Remote Security Vulnerability
16924| [64896] Oracle MySQL Server CVE-2013-5908 Remote Security Vulnerability
16925| [64895] Oracle MySQL Server CVE-2014-0433 Remote Security Vulnerability
16926| [64893] Oracle MySQL Server CVE-2014-0430 Remote Security Vulnerability
16927| [64891] Oracle MySQL Server CVE-2013-5891 Remote Security Vulnerability
16928| [64888] Oracle MySQL Server CVE-2014-0420 Remote Security Vulnerability
16929| [64885] Oracle MySQL Server CVE-2013-5881 Remote Security Vulnerability
16930| [64880] Oracle MySQL Server CVE-2014-0412 Remote Security Vulnerability
16931| [64877] Oracle MySQL Server CVE-2014-0393 Remote Security Vulnerability
16932| [64873] Oracle MySQL Server CVE-2013-5894 Remote Security Vulnerability
16933| [64868] Oracle MySQL Server CVE-2014-0427 Remote Security Vulnerability
16934| [64864] Oracle MySQL Server CVE-2013-5860 Remote Security Vulnerability
16935| [64854] Oracle MySQL Server CVE-2013-5882 Remote Security Vulnerability
16936| [64849] Oracle MySQL Server CVE-2014-0437 Remote Security Vulnerability
16937| [64731] CSP MySQL User Manager 'login.php' Script SQL Injection Vulnerability
16938| [64630] Zen Cart 'mysql_zencart.sql' Information Disclosure Vulnerability
16939| [63125] Oracle MySQL Server CVE-2012-2750 Remote Security Vulnerability
16940| [63119] Oracle MySQL Server CVE-2013-5770 Remote Security Vulnerability
16941| [63116] Oracle MySQL Server CVE-2013-5793 Remote Security Vulnerability
16942| [63113] Oracle MySQL Server CVE-2013-5767 Remote Security Vulnerability
16943| [63109] Oracle MySQL Server CVE-2013-3839 Remote Security Vulnerability
16944| [63107] Oracle MySQL Server CVE-2013-5786 Remote Security Vulnerability
16945| [63105] Oracle MySQL Server CVE-2013-5807 Remote Security Vulnerability
16946| [62358] Oracle MySQL CVE-2005-2572 Remote Code Execution Vulnerability
16947| [61274] Oracle MySQL Server CVE-2013-3798 Remote Security Vulnerability
16948| [61272] Oracle MySQL Server CVE-2013-3809 Remote Security Vulnerability
16949| [61269] Oracle MySQL Server CVE-2013-3801 Remote Security Vulnerability
16950| [61264] Oracle MySQL Server CVE-2013-3793 Remote Security Vulnerability
16951| [61260] Oracle MySQL Server CVE-2013-3804 Remote Security Vulnerability
16952| [61256] Oracle MySQL Server CVE-2013-3805 Remote Security Vulnerability
16953| [61252] Oracle MySQL Server CVE-2013-3811 Remote Security Vulnerability
16954| [61249] Oracle MySQL Server CVE-2013-3812 Remote Security Vulnerability
16955| [61244] Oracle MySQL Server CVE-2013-3802 Remote Security Vulnerability
16956| [61241] Oracle MySQL Server CVE-2013-3795 Remote Security Vulnerability
16957| [61238] Oracle MySQL Server CVE-2013-3807 Remote Security Vulnerability
16958| [61235] Oracle MySQL Server CVE-2013-3806 Remote Security Vulnerability
16959| [61233] Oracle MySQL Server CVE-2013-3796 Remote Security Vulnerability
16960| [61227] Oracle MySQL Server CVE-2013-3808 Remote Security Vulnerability
16961| [61222] Oracle MySQL Server CVE-2013-3794 Remote Security Vulnerability
16962| [61214] Oracle MySQL Server CVE-2013-3810 Remote Security Vulnerability
16963| [61210] Oracle MySQL Server CVE-2013-3783 Remote Security Vulnerability
16964| [60424] Debian mysql-server CVE-2013-2162 Insecure File Creation Vulnerability
16965| [60001] Wireshark MySQL Dissector Denial of Service Vulnerability
16966| [59242] Oracle MySQL CVE-2013-2391 Local MySQL Server Vulnerability
16967| [59239] Oracle MySQL CVE-2013-1502 Local MySQL Server Vulnerability
16968| [59237] Oracle MySQL CVE-2013-1506 Remote MySQL Server Vulnerability
16969| [59232] Oracle MySQL CVE-2013-1567 Remote MySQL Server Vulnerability
16970| [59229] Oracle MySQL Server CVE-2013-1544 Remote Security Vulnerability
16971| [59227] Oracle MySQL CVE-2013-2376 Remote MySQL Server Vulnerability
16972| [59225] Oracle MySQL CVE-2013-1523 Remote MySQL Server Vulnerability
16973| [59224] Oracle MySQL Server CVE-2013-2392 Remote Security Vulnerability
16974| [59223] Oracle MySQL Server CVE-2013-1548 Remote Security Vulnerability
16975| [59222] RETIRED: Oracle MySQL CVE-2012-5614 Remote MySQL Server Vulnerability
16976| [59218] Oracle MySQL Server CVE-2013-1512 Remote Security Vulnerability
16977| [59217] Oracle MySQL CVE-2013-1526 Remote MySQL Server Vulnerability
16978| [59216] Oracle MySQL CVE-2013-1570 Remote MySQL Server Vulnerability
16979| [59215] Oracle MySQL Server CVE-2013-2381 Remote Security Vulnerability
16980| [59211] Oracle MySQL Server CVE-2013-1532 Remote Security Vulnerability
16981| [59210] Oracle MySQL CVE-2013-1555 Remote MySQL Server Vulnerability
16982| [59209] Oracle MySQL CVE-2013-2375 Remote MySQL Server Vulnerability
16983| [59207] Oracle MySQL Server CVE-2013-2389 Remote Security Vulnerability
16984| [59205] Oracle MySQL Server CVE-2013-1566 Remote Security Vulnerability
16985| [59202] Oracle MySQL CVE-2013-1531 Remote MySQL Server Vulnerability
16986| [59201] Oracle MySQL Server CVE-2013-1511 Remote Security Vulnerability
16987| [59196] Oracle MySQL CVE-2013-1552 Remote MySQL Server Vulnerability
16988| [59188] Oracle MySQL CVE-2013-2378 Remote MySQL Server Vulnerability
16989| [59180] Oracle MySQL CVE-2013-1521 Remote MySQL Server Vulnerability
16990| [59173] Oracle MySQL CVE-2013-2395 Remote MySQL Server Vulnerability
16991| [58511] MySQL and MariaDB Geometry Query Denial Of Service Vulnerability
16992| [57418] Oracle MySQL Server CVE-2013-0386 Remote Security Vulnerability
16993| [57417] Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability
16994| [57416] Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
16995| [57415] Oracle MySQL Server CVE-2013-0371 Remote Security Vulnerability
16996| [57414] Oracle MySQL Server CVE-2012-0574 Remote Security Vulnerability
16997| [57412] Oracle MySQL Server CVE-2013-0385 Local Security Vulnerability
16998| [57411] Oracle MySQL Server CVE-2012-5060 Remote Security Vulnerability
16999| [57410] Oracle MySQL Server CVE-2012-1705 Remote Security Vulnerability
17000| [57408] Oracle MySQL Server CVE-2013-0367 Remote Security Vulnerability
17001| [57405] Oracle MySQL Server CVE-2013-0383 Remote Security Vulnerability
17002| [57400] Oracle MySQL Server CVE-2012-5096 Remote Security Vulnerability
17003| [57397] Oracle MySQL Server CVE-2013-0368 Remote Security Vulnerability
17004| [57391] Oracle MySQL Server CVE-2013-0375 Remote Security Vulnerability
17005| [57388] Oracle MySQL Server CVE-2012-1702 Remote Security Vulnerability
17006| [57385] Oracle MySQL Server CVE-2012-0572 Remote Security Vulnerability
17007| [57334] Oracle MySQL Server CVE-2012-0578 Remote Security Vulnerability
17008| [56837] Oracle MySQL and MariaDB CVE-2012-5627 Insecure Salt Generation Security Bypass Weakness
17009| [56791] Oracle MySQL Remote Code Execution Vulnerability
17010| [56776] Oracle MySQL CVE-2012-5614 Denial of Service Vulnerability
17011| [56772] Oracle MySQL Remote Code Execution Vulnerability
17012| [56771] Oracle MySQL Server Privilege Escalation Vulnerability
17013| [56769] Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
17014| [56768] Oracle MySQL Server Heap Overflow Vulnerability
17015| [56766] Oracle MySQL Server Username Enumeration Weakness
17016| [56041] Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability
17017| [56036] Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability
17018| [56028] Oracle MySQL Server CVE-2012-3166 Remote Security Vulnerability
17019| [56027] Oracle MySQL Server CVE-2012-3160 Local Security Vulnerability
17020| [56022] Oracle MySQL Server CVE-2012-3147 Remote Security Vulnerability
17021| [56021] Oracle MySQL Server CVE-2012-3197 Remote Security Vulnerability
17022| [56018] Oracle MySQL Server CVE-2012-3167 Remote Security Vulnerability
17023| [56017] Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
17024| [56013] Oracle MySQL Server CVE-2012-3156 Remote Security Vulnerability
17025| [56008] Oracle MySQL Server CVE-2012-3144 Remote Security Vulnerability
17026| [56006] Oracle MySQL Server CVE-2012-3149 Remote Security Vulnerability
17027| [56005] Oracle MySQL Server CVE-2012-3177 Remote Security Vulnerability
17028| [56003] Oracle MySQL Server CVE-2012-3180 Remote Security Vulnerability
17029| [55990] Oracle MySQL Server CVE-2012-3150 Remote Security Vulnerability
17030| [55715] MySQL MyISAM Table Symbolic Link CVE-2012-4452 Local Privilege Escalation Vulnerability
17031| [55120] Oracle MySQL CVE-2012-2749 Denial Of Service Vulnerability
17032| [54551] Oracle MySQL Server CVE-2012-0540 Remote Security Vulnerability
17033| [54549] Oracle MySQL Server CVE-2012-1735 Remote Security Vulnerability
17034| [54547] Oracle MySQL Server CVE-2012-1689 Remote Security Vulnerability
17035| [54540] Oracle MySQL Server CVE-2012-1734 Remote Security Vulnerability
17036| [54526] Oracle MySQL Server CVE-2012-1757 Remote Security Vulnerability
17037| [54524] Oracle MySQL Server CVE-2012-1756 Remote Security Vulnerability
17038| [53922] RETIRED: MySQL and MariaDB 'sql/password.c' Authentication Bypass Vulnerability
17039| [53911] Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
17040| [53310] MySQLDumper 'menu.php' Remote PHP Code Execution Vulnerability
17041| [53306] MySQLDumper Multiple Security Vulnerabilities
17042| [53074] Oracle MySQL CVE-2012-1690 Remote MySQL Server Vulnerability
17043| [53071] Oracle MySQL CVE-2012-1696 Remote MySQL Server Vulnerability
17044| [53067] Oracle MySQL CVE-2012-1688 Remote MySQL Server Vulnerability
17045| [53064] Oracle MySQL CVE-2012-1697 Remote MySQL Server Vulnerability
17046| [53061] Oracle MySQL CVE-2012-0583 Remote MySQL Server Vulnerability
17047| [53058] Oracle MySQL CVE-2012-1703 Remote MySQL Server Vulnerability
17048| [52931] Oracle MySQL Server Multiple Unspecified Security Vulnerabilities
17049| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
17050| [51925] MySQL Unspecified Remote Code Execution Vulnerability
17051| [51526] Oracle MySQL CVE-2012-0075 Remote MySQL Server Vulnerability
17052| [51525] Oracle MySQL CVE-2012-0493 Remote Vulnerability
17053| [51524] Oracle MySQL Server CVE-2012-0490 Remote Security Vulnerability
17054| [51523] Oracle MySQL Server CVE-2012-0494 Local Security Vulnerability
17055| [51522] Oracle MySQL Server CVE-2012-0495 Remote Security Vulnerability
17056| [51521] Oracle MySQL Server CVE-2012-0117 Remote MySQL Server Vulnerability
17057| [51520] Oracle MySQL Server CVE-2012-0114 Local Security Vulnerability
17058| [51519] Oracle MySQL Server CVE-2012-0112 Remote MySQL Server Vulnerability
17059| [51518] Oracle MySQL Server CVE-2012-0491 Remote Security Vulnerability
17060| [51517] Oracle MySQL CVE-2012-0120 Remote Vulnerability
17061| [51516] Oracle MySQL Server CVE-2012-0492 Remote MySQL Server Vulnerability
17062| [51515] Oracle MySQL Server CVE-2012-0484 Remote Security Vulnerability
17063| [51514] Oracle MySQL Server CVE-2012-0486 Remote Security Vulnerability
17064| [51513] Oracle MySQL Server CVE-2012-0485 Remote Security Vulnerability
17065| [51512] Oracle MySQL CVE-2012-0119 Remote Vulnerability
17066| [51511] Oracle MySQL CVE-2012-0118 Remote MySQL Server Vulnerability
17067| [51510] Oracle MySQL Server CVE-2012-0489 Remote MySQL Server Vulnerability
17068| [51509] Oracle MySQL Server CVE-2012-0087 Remote Security Vulnerability
17069| [51508] Oracle MySQL CVE-2012-0116 Remote MySQL Server Vulnerability
17070| [51507] Oracle MySQL Server CVE-2012-0496 Remote Security Vulnerability
17071| [51506] Oracle MySQL Server CVE-2012-0488 Remote MySQL Server Vulnerability
17072| [51505] Oracle MySQL Server CVE-2012-0101 Remote Security Vulnerability
17073| [51504] Oracle MySQL CVE-2012-0115 Remote Vulnerability
17074| [51503] Oracle MySQL Server CVE-2012-0487 Remote MySQL Server Vulnerability
17075| [51502] Oracle MySQL Server CVE-2012-0102 Remote Security Vulnerability
17076| [51493] Oracle MySQL CVE-2011-2262 Remote MySQL Server Vulnerability
17077| [51488] Oracle MySQL CVE-2012-0113 Remote MySQL Server Vulnerability
17078| [50139] DBD::mysqlPP Unspecified SQL Injection Vulnerability
17079| [48466] MySQLDriverCS SQL Injection Vulnerability
17080| [47919] Zend Framework 'PDO_MySql' Security Bypass Vulnerability
17081| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
17082| [47693] DirectAdmin 'mysql_backup' Folder Permissions Information Disclosure Vulnerability
17083| [46655] pywebdav MySQL Authentication Module SQL Injection Vulnerability
17084| [46456] MySQL Eventum 'full_name' Field HTML Injection Vulnerability
17085| [46380] MySQL Eventum Multiple HTML Injection Vulnerabilities
17086| [46056] PHP MySQLi Extension 'set_magic_quotes_runtime' Function Security-Bypass Weakness
17087| [43884] phpFK - PHP Forum Script ohne MySQL 'page_bottom.php' Local File Include Vulnerability
17088| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
17089| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
17090| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
17091| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
17092| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
17093| [42633] Oracle MySQL 'HANDLER' interface Denial Of Service Vulnerability
17094| [42625] Oracle MySQL 'LOAD DATA INFILE' Denial Of Service Vulnerability
17095| [42599] Oracle MySQL 'EXPLAIN' Denial Of Service Vulnerability
17096| [42598] Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability
17097| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
17098| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
17099| [42417] Zmanda Recovery Manager for MySQL Multiple Local Privilege Escalation Vulnerabilities
17100| [41440] phpFK - PHP Forum Script ohne MySQL 'upload.php' Arbitrary File Upload Vulnerability
17101| [41198] Oracle MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability
17102| [40537] MySQL Enterprise Monitor Multiple Unspecified Cross Site Request Forgery Vulnerabilities
17103| [40506] RETIRED: phpGraphy 'mysql_cleanup.php' Remote File Include Vulnerability
17104| [40461] PHP Mysqlnd Extension Information Disclosure and Multiple Buffer Overflow Vulnerabilities
17105| [40257] Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass Vulnerability
17106| [40109] Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
17107| [40106] Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
17108| [40100] Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
17109| [40045] Advanced Poll 'mysql_host' Parameter Cross Site Scripting Vulnerability
17110| [39918] FlexAppsStore Flex MySQL Connector Unauthorized Access Vulnerability
17111| [39543] MySQL UNINSTALL PLUGIN Security Bypass Vulnerability
17112| [38642] Timeclock Software 'mysqldump' Local Information Disclosure Vulnerability
17113| [38043] MySQL 'sql/sql_table.cc' CREATE TABLE Security Bypass Vulnerability
17114| [37943] MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Vulnerability
17115| [37770] TYPO3 kiddog_mysqldumper Unspecified Information Disclosure Vulnerability
17116| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
17117| [37297] MySQL Multiple Remote Denial Of Service Vulnerabilities
17118| [37076] MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
17119| [37075] MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
17120| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
17121| [35858] MySQL Connector/J Unicode Character String SQL Injection Vulnerability
17122| [35609] MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
17123| [35514] MySQL Connector/Net SSL Certificate Validation Security Bypass Vulnerability
17124| [33972] MySQL XPath Expression Remote Denial Of Service Vulnerability
17125| [33392] 'mod_auth_mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
17126| [32978] MySQL Calendar 'username' Parameter SQL Injection Vulnerability
17127| [32914] MySQL Calendar Cookie Authentication Bypass Vulnerability
17128| [32157] MySQL Quick Admin 'actions.php' Local File Include Vulnerability
17129| [32000] Agora 'MysqlfinderAdmin.php' Remote File Include Vulnerability
17130| [31517] MySQL Quick Admin 'index.php' Local File Include Vulnerability
17131| [31486] MySQL Command Line Client HTML Special Characters HTML Injection Vulnerability
17132| [31425] PromoteWeb MySQL 'go.php' SQL Injection Vulnerability
17133| [31081] MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
17134| [30835] mysql-lists Unspecified Cross Site Scripting Vulnerability
17135| [30529] Keld PHP-MySQL News Script 'login.php' SQL Injection Vulnerability
17136| [30383] phpwebnews-mysql Multiple SQL Injection Vulnerabilities
17137| [29106] MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
17138| [29048] GEDCOM_to_MySQL2 Multiple Cross-Site Scripting Vulnerabilities
17139| [28351] MySQL INFORMATION_SCHEMA Remote Denial Of Service Vulnerability
17140| [27938] DSPAM Debian 'libdspam7-drv-mysql' Cron Job MySQL Calls Local Information Disclosure Vulnerability
17141| [27202] PHP Webquest MySQL Credentials Information Disclosure Vulnerability
17142| [27032] PHP MySQL Open Source Help Desk 'form.php' Code Injection Vulnerability
17143| [26947] MySQL Server Unspecified Remote Arbitrary Command Execution Vulnerability
17144| [26832] MySQL Server Privilege Escalation And Denial Of Service Vulnerabilities
17145| [26829] aurora framework Db_mysql.LIB SQL Injection Vulnerability
17146| [26765] MySQL Server RENAME TABLE System Table Overwrite Vulnerability
17147| [26353] MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
17148| [26304] AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
17149| [26156] Bacula MySQL Password Information Disclosure Vulnerability
17150| [26095] Asterisk 'asterisk-addons' CDR_ADDON_MYSQL Module SQL Injection Vulnerability
17151| [25017] MySQL Access Validation and Denial of Service Vulnerabilities
17152| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
17153| [24016] MySQL Rename Table Function Access Validation Vulnerability
17154| [24011] MySQL Security Invoker Privilege Escalation Vulnerability
17155| [24008] MySQL Alter Table Function Information Disclosure Vulnerability
17156| [23911] MySQL IF Query Handling Remote Denial Of Service Vulnerability
17157| [23176] Eve-Nuke Forums MySQL.PHP Remote File Include Vulnerability
17158| [22941] MySQL Commander Remote File Include Vulnerability
17159| [22900] MySQL Single Row SubSelect Remote Denial Of Service Vulnerability
17160| [22474] CPanel PassWDMySQL Cross-Site Scripting Vulnerability
17161| [22431] MySQLNewsEngine Affichearticles.PHP3 Remote File Include Vulnerability
17162| [20460] MySQLDumper SQL.PHP Cross-Site Scripting Vulnerability
17163| [20222] PABugs Class.MySQL.PHP Remote File Include Vulnerability
17164| [20165] ZoomStats MySQL.PHP Remote File Include Vulnerability
17165| [19794] MySQL Multiupdate and Subselects Denial Of Service Vulnerability
17166| [19559] MySQL Privilege Elevation and Security Bypass Vulnerabilities
17167| [19279] MySQL MERGE Privilege Revoke Bypass Vulnerability
17168| [19240] Banex PHP MySQL Banner Exchange Multiple Remote Vulnerabilities
17169| [19032] MySQL Server Date_Format Denial Of Service Vulnerability
17170| [18717] PHP/MySQL Classifieds AddAsset1.PHP Multiple HTML Injection Vulnerabilities
17171| [18439] MySQL Server Str_To_Date Remote Denial Of Service Vulnerability
17172| [18219] MySQL Mysql_real_escape Function SQL Injection Vulnerability
17173| [17780] MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
17174| [17224] Cholod MySQL Based Message Board Mb.CGI SQL Injection Vulnerability
17175| [17223] Cholod MySQL Based Message Board Multiple HTML Injection Vulnerabilities
17176| [17147] Woltlab Burning Board Class_DB_MySQL.PHP Cross-Site Scripting Vulnerability
17177| [16850] MySQL Query Logging Bypass Vulnerability
17178| [16620] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities
17179| [16564] PAM-MySQL Code Execution And Denial Of Service Vulnerabilities
17180| [16219] PHP MySQLI Error Logging Remote Format String Vulnerability
17181| [16145] PHP MySQL_Connect Remote Buffer Overflow Vulnerability
17182| [15852] MySQL Auction Search Module Cross-Site Scripting Vulnerability
17183| [14509] MySQL User-Defined Function Buffer Overflow Vulnerability
17184| [14437] MySQL Eventum Multiple SQL Injection Vulnerabilities
17185| [14436] MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
17186| [13913] xMySQLadmin  Insecure Temporary File Creation Vulnerability
17187| [13660] MySQL mysql_install_db Insecure Temporary File Creation Vulnerability
17188| [13378] MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulnerability
17189| [13369] MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnerability
17190| [13368] MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerability
17191| [12805] MySQL MaxDB WebAgent Input Validation Multiple Remote Denial Of Service Vulnerabilities
17192| [12781] MySQL AB MySQL Multiple Remote Vulnerabilities
17193| [12313] MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
17194| [12277] MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
17195| [12265] MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
17196| [12133] MySQL Eventum Multiple Input Validation Vulnerabilities
17197| [11844] MySQL MaxDB WebDav Handler Overwrite Header Remote Buffer Overflow Vulnerability
17198| [11843] MySQL MaxDB WAHTTP Server Remote Denial Of Service Vulnerability
17199| [11435] MySQL Database Unauthorized GRANT Privilege Vulnerability
17200| [11432] MySQL Remote FULLTEXT Search Denial Of Service Vulnerability
17201| [11357] MySQL Multiple Local Vulnerabilities
17202| [11346] MySQL MaxDB WebDBM Server Name Denial of Service Vulnerability
17203| [11291] MySQL Unspecified Insecure Temporary File Creation Vulnerability
17204| [11261] MySQL Bounded Parameter Statement Execution Remote Buffer Overflow Vulnerability
17205| [11234] AllWebScripts MySQLGuest HTML Injection Vulnerability
17206| [10986] Ben Yacoub Hatem MySQL Backup Pro Undisclosed 'getbackup()' Vulnerability
17207| [10981] MySQL Mysql_real_connect Function Potential Remote Buffer Overflow Vulnerability
17208| [10969] MySQL Mysqlhotcopy Script Insecure Temporary File Creation Vulnerability
17209| [10655] MySQL Password Length Remote Buffer Overflow Vulnerability
17210| [10654] MySQL Authentication Bypass Vulnerability
17211| [10142] MySQL MYSQLD_Multi Insecure Temporary File Creation Vulnerability
17212| [9976] MySQL Aborted Bug Report Insecure Temporary File Creation Vulnerability
17213| [8796] MySQL Multiple  Vulnerabilities
17214| [8590] MySQL Password Handler Buffer Overflow Vulnerability
17215| [8245] MySQL AB ODBC Driver Plain Text Password Vulnerability
17216| [7887] MySQL libmysqlclient Library mysql_real_connect() Buffer Overrun Vulnerability
17217| [7500] MySQL Weak Password Encryption Vulnerability
17218| [7052] MySQL mysqld Privilege Escalation Vulnerability
17219| [7041] MySQL Control Center Insecure Default File Permission Vulnerability
17220| [6718] MySQL Double Free Heap Corruption Vulnerability
17221| [6375] MySQL COM_CHANGE_USER Password Memory Corruption Vulnerability
17222| [6374] MySQL libmysqlclient Library Read_One_Row Buffer Overflow Vulnerability
17223| [6373] MySQL COM_CHANGE_USER Password Length Account Compromise Vulnerability
17224| [6370] MySQL libmysqlclient Library Read_Rows Buffer Overflow Vulnerability
17225| [6368] MySQL COM_TABLE_DUMP Memory Corruption Vulnerability
17226| [5948] PHPRank MySQL Error Unauthorized Access Vulnerability
17227| [5853] MySQL DataDir Parameter Local Buffer Overflow Vulnerability
17228| [5513] MySQL Logging Not Enabled Weak Default Configuration Vulnerability
17229| [5511] MySQL Bind Address Not Enabled Weak Default Configuration Vulnerability
17230| [5503] MySQL Null Root Password Weak Default Configuration Vulnerability
17231| [4409] Cyrus SASL LDAP+MySQL Authentication Patch SQL Command Execution Vulnerability
17232| [4026] PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
17233| [3907] Conectiva Linux MySQL World Readable Log File Vulnerability
17234| [3381] WinMySQLadmin Plain Text Password Storage Vulnerability
17235| [3284] Inter7 vpopmail MySQL Authentication Data Recovery Vulnerability
17236| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
17237| [2522] MySQL Root Operation Symbolic Link File Overwriting Vulnerability
17238| [2380] MySQL SHOW GRANTS Pasword Hash Disclosure Vulnerability
17239| [2262] Mysql Local Buffer Overflow Vulnerability
17240| [1850] pam_mysql Authentication Input Validation Vulnerability
17241| [1826] MySQL Authentication Algorithm Vulnerability
17242| [1557] PCCS Mysql Database Admin Tool Username/Password Exposure Vulnerability
17243| [975] MySQL Unauthenticated Remote Access Vulnerability
17244| [926] MySQL GRANT Global Password Changing Vulnerability
17245| 
17246| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17247| [85724] Oracle MySQL Server XA Transactions denial of service
17248| [85723] Oracle MySQL Server Server Replication denial of service
17249| [85722] Oracle MySQL Server InnoDB denial of service
17250| [85721] Oracle MySQL Server Server Privileges unspecified
17251| [85720] Oracle MySQL Server Server Partition denial of service
17252| [85719] Oracle MySQL Server Server Parser denial of service
17253| [85718] Oracle MySQL Server Server Options denial of service
17254| [85717] Oracle MySQL Server Server Options denial of service
17255| [85716] Oracle MySQL Server Server Optimizer denial of service
17256| [85715] Oracle MySQL Server Server Optimizer denial of service
17257| [85714] Oracle MySQL Server Prepared Statements denial of service
17258| [85713] Oracle MySQL Server InnoDB denial of service
17259| [85712] Oracle MySQL Server Full Text Search denial of service
17260| [85711] Oracle MySQL Server Data Manipulation Language denial of service
17261| [85710] Oracle MySQL Server Data Manipulation Language denial of service
17262| [85709] Oracle MySQL Server Audit Log unspecified
17263| [85708] Oracle MySQL Server MemCached unspecified
17264| [84846] Debian mysql-server package information disclosure
17265| [84375] Wireshark MySQL dissector denial of service
17266| [83554] Oracle MySQL Server Server Partition denial of service
17267| [83553] Oracle MySQL Server Server Locking denial of service
17268| [83552] Oracle MySQL Server Server Install unspecified
17269| [83551] Oracle MySQL Server Server Types denial of service
17270| [83550] Oracle MySQL Server Server Privileges unspecified
17271| [83549] Oracle MySQL Server InnoDB denial of service
17272| [83548] Oracle MySQL Server InnoDB denial of service
17273| [83547] Oracle MySQL Server Data Manipulation Language denial of service
17274| [83546] Oracle MySQL Server Stored Procedure denial of service
17275| [83545] Oracle MySQL Server Server Replication denial of service
17276| [83544] Oracle MySQL Server Server Partition denial of service
17277| [83543] Oracle MySQL Server Server Optimizer denial of service
17278| [83542] Oracle MySQL Server InnoDB denial of service
17279| [83541] Oracle MySQL Server Information Schema denial of service
17280| [83540] Oracle MySQL Server Data Manipulation Language denial of service
17281| [83539] Oracle MySQL Server Data Manipulation Language denial of service
17282| [83538] Oracle MySQL Server Server Optimizer unspecified
17283| [83537] Oracle MySQL Server MemCached denial of service
17284| [83536] Oracle MySQL Server Server Privileges unspecified
17285| [83535] Oracle MySQL Server Server Privileges unspecified
17286| [83534] Oracle MySQL Server Server unspecified
17287| [83533] Oracle MySQL Server Information Schema unspecified
17288| [83532] Oracle MySQL Server Server Locking unspecified
17289| [83531] Oracle MySQL Server Data Manipulation Language denial of service
17290| [83388] MySQL administrative login attempt detected
17291| [82963] Mambo MySQL database information disclosure
17292| [82946] Oracle MySQL buffer overflow
17293| [82945] Oracle MySQL buffer overflow
17294| [82895] Oracle MySQL and MariaDB geometry queries denial of service
17295| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
17296| [81325] Oracle MySQL Server Server Privileges denial of service
17297| [81324] Oracle MySQL Server Server Partition denial of service
17298| [81323] Oracle MySQL Server Server Optimizer denial of service
17299| [81322] Oracle MySQL Server Server Optimizer denial of service
17300| [81321] Oracle MySQL Server Server denial of service
17301| [81320] Oracle MySQL Server MyISAM denial of service
17302| [81319] Oracle MySQL Server InnoDB denial of service
17303| [81318] Oracle MySQL Server InnoDB denial of service
17304| [81317] Oracle MySQL Server Server Locking denial of service
17305| [81316] Oracle MySQL Server Server denial of service
17306| [81315] Oracle MySQL Server Server Replication unspecified
17307| [81314] Oracle MySQL Server Server Replication unspecified
17308| [81313] Oracle MySQL Server Stored Procedure denial of service
17309| [81312] Oracle MySQL Server Server Optimizer denial of service
17310| [81311] Oracle MySQL Server Information Schema denial of service
17311| [81310] Oracle MySQL Server GIS Extension denial of service
17312| [80790] Oracle MySQL yaSSL buffer overflow
17313| [80553] Oracle MySQL and MariaDB salt security bypass
17314| [80443] Oracle MySQL Server unspecified code execution
17315| [80442] Oracle MySQL Server acl_get() buffer overflow
17316| [80440] Oracle MySQL Server table buffer overflow
17317| [80435] Oracle MySQL Server database privilege escalation
17318| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
17319| [80433] Oracle MySQL Server Stuxnet privilege escalation
17320| [80432] Oracle MySQL Server authentication information disclosure
17321| [79394] Oracle MySQL Server Server Installation information disclosure
17322| [79393] Oracle MySQL Server Server Replication denial of service
17323| [79392] Oracle MySQL Server Server Full Text Search denial of service
17324| [79391] Oracle MySQL Server Server denial of service
17325| [79390] Oracle MySQL Server Client information disclosure
17326| [79389] Oracle MySQL Server Server Optimizer denial of service
17327| [79388] Oracle MySQL Server Server Optimizer denial of service
17328| [79387] Oracle MySQL Server Server denial of service
17329| [79386] Oracle MySQL Server InnoDB Plugin denial of service
17330| [79385] Oracle MySQL Server InnoDB denial of service
17331| [79384] Oracle MySQL Server Client unspecified
17332| [79383] Oracle MySQL Server Server denial of service
17333| [79382] Oracle MySQL Server Protocol unspecified
17334| [79381] Oracle MySQL Server Information Schema unspecified
17335| [78954] SilverStripe MySQLDatabase.php information disclosure
17336| [78948] MySQL MyISAM table symlink
17337| [77865] MySQL unknown vuln
17338| [77864] MySQL sort order denial of service
17339| [77768] MySQLDumper refresh_dblist.php information disclosure
17340| [77177] MySQL Squid Access Report unspecified cross-site scripting
17341| [77065] Oracle MySQL Server Optimizer denial of service
17342| [77064] Oracle MySQL Server Optimizer denial of service
17343| [77063] Oracle MySQL Server denial of service
17344| [77062] Oracle MySQL InnoDB denial of service
17345| [77061] Oracle MySQL GIS Extension denial of service
17346| [77060] Oracle MySQL Server Optimizer denial of service
17347| [76189] MySQL unspecified error
17348| [76188] MySQL attempts security bypass
17349| [75287] MySQLDumper restore.php information disclosure
17350| [75286] MySQLDumper filemanagement.php directory traversal
17351| [75285] MySQLDumper main.php cross-site request forgery
17352| [75284] MySQLDumper install.php cross-site scripting
17353| [75283] MySQLDumper install.php file include
17354| [75282] MySQLDumper menu.php code execution
17355| [75022] Oracle MySQL Server Server Optimizer denial of service
17356| [75021] Oracle MySQL Server Server Optimizer denial of service
17357| [75020] Oracle MySQL Server Server DML denial of service
17358| [75019] Oracle MySQL Server Partition denial of service
17359| [75018] Oracle MySQL Server MyISAM denial of service
17360| [75017] Oracle MySQL Server Server Optimizer denial of service
17361| [74672] Oracle MySQL Server multiple unspecified
17362| [73092] MySQL unspecified code execution
17363| [72540] Oracle MySQL Server denial of service
17364| [72539] Oracle MySQL Server unspecified
17365| [72538] Oracle MySQL Server denial of service
17366| [72537] Oracle MySQL Server denial of service
17367| [72536] Oracle MySQL Server unspecified
17368| [72535] Oracle MySQL Server denial of service
17369| [72534] Oracle MySQL Server denial of service
17370| [72533] Oracle MySQL Server denial of service
17371| [72532] Oracle MySQL Server denial of service
17372| [72531] Oracle MySQL Server denial of service
17373| [72530] Oracle MySQL Server denial of service
17374| [72529] Oracle MySQL Server denial of service
17375| [72528] Oracle MySQL Server denial of service
17376| [72527] Oracle MySQL Server denial of service
17377| [72526] Oracle MySQL Server denial of service
17378| [72525] Oracle MySQL Server information disclosure
17379| [72524] Oracle MySQL Server denial of service
17380| [72523] Oracle MySQL Server denial of service
17381| [72522] Oracle MySQL Server denial of service
17382| [72521] Oracle MySQL Server denial of service
17383| [72520] Oracle MySQL Server denial of service
17384| [72519] Oracle MySQL Server denial of service
17385| [72518] Oracle MySQL Server unspecified
17386| [72517] Oracle MySQL Server unspecified
17387| [72516] Oracle MySQL Server unspecified
17388| [72515] Oracle MySQL Server denial of service
17389| [72514] Oracle MySQL Server unspecified
17390| [71965] MySQL port denial of service
17391| [70680] DBD::mysqlPP unspecified SQL injection
17392| [70370] TaskFreak! multi-mysql unspecified path disclosure
17393| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
17394| [68294] MySQLDriverCS statement.cs sql injection
17395| [68175] Prosody MySQL denial of service
17396| [67539] Zend Framework MySQL PDO security bypass
17397| [67254] DirectAdmin MySQL information disclosure
17398| [66567] Xoops mysql.sql information disclosure
17399| [65871] PyWebDAV MySQLAuthHandler class SQL injection
17400| [65543] MySQL Select Arbitrary data into a File
17401| [65529] MySQL Eventum full_name field cross-site scripting
17402| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
17403| [65379] Oracle MySQL Eventum list.php cross-site scripting
17404| [65266] Accellion File Transfer Appliance MySQL default password
17405| [64878] MySQL Geometry denial of service
17406| [64877] MySQL EXPLAIN EXTENDED denial of service
17407| [64876] MySQL prepared statement denial of service
17408| [64845] MySQL extreme-value denial of service
17409| [64844] MySQL Gis_line_string::init_from_wkb denial of service
17410| [64843] MySQL user-variable denial of service
17411| [64842] MySQL view preparation denial of service
17412| [64841] MySQL prepared statement denial of service
17413| [64840] MySQL LONGBLOB denial of service
17414| [64839] MySQL invocations denial of service
17415| [64838] MySQL Gis_line_string::init_from_wkb denial of service
17416| [64689] MySQL dict0crea.c denial of service
17417| [64688] MySQL SET column denial of service
17418| [64687] MySQL BINLOG command denial of service
17419| [64686] MySQL InnoDB denial of service
17420| [64685] MySQL HANDLER interface denial of service
17421| [64684] MySQL Item_singlerow_subselect::store denial of service
17422| [64683] MySQL OK packet denial of service
17423| [63518] MySQL Query Browser GUI Tools information disclosure
17424| [63517] MySQL Administrator GUI Tools information disclosure
17425| [62272] MySQL PolyFromWKB() denial of service
17426| [62269] MySQL LIKE predicates denial of service
17427| [62268] MySQL joins denial of service
17428| [62267] MySQL GREATEST() or LEAST() denial of service
17429| [62266] MySQL GROUP_CONCAT() denial of service
17430| [62265] MySQL expression values denial of service
17431| [62264] MySQL temporary table denial of service
17432| [62263] MySQL LEAST() or GREATEST() denial of service
17433| [62262] MySQL replication privilege escalation
17434| [61739] MySQL WITH ROLLUP denial of service
17435| [61343] MySQL LOAD DATA INFILE denial of service
17436| [61342] MySQL EXPLAIN denial of service
17437| [61341] MySQL HANDLER denial of service
17438| [61340] MySQL BINLOG denial of service
17439| [61339] MySQL IN() or CASE denial of service
17440| [61338] MySQL SET denial of service
17441| [61337] MySQL DDL denial of service
17442| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
17443| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
17444| [61316] PHP php_mysqlnd_auth_write buffer overflow
17445| [61274] MySQL TEMPORARY InnoDB denial of service
17446| [59905] MySQL ALTER DATABASE denial of service
17447| [59841] CMySQLite updateUser.php cross-site request forgery
17448| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
17449| [59075] PHP php_mysqlnd_auth_write() buffer overflow
17450| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
17451| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
17452| [59072] PHP php_mysqlnd_ok_read() information disclosure
17453| [58842] MySQL DROP TABLE file deletion
17454| [58676] Template Shares MySQL information disclosure
17455| [58531] MySQL COM_FIELD_LIST buffer overflow
17456| [58530] MySQL packet denial of service
17457| [58529] MySQL COM_FIELD_LIST security bypass
17458| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
17459| [57925] MySQL UNINSTALL PLUGIN security bypass
17460| [57006] Quicksilver Forums mysqldump information disclosure
17461| [56800] Employee Timeclock Software mysqldump information disclosure
17462| [56200] Flex MySQL Connector ActionScript SQL injection
17463| [55877] MySQL yaSSL buffer overflow
17464| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
17465| [55416] MySQL unspecified buffer overflow
17466| [55382] Ublog UblogMySQL.sql information disclosure
17467| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
17468| [54597] MySQL sql_table.cc security bypass
17469| [54596] MySQL mysqld denial of service
17470| [54365] MySQL OpenSSL security bypass
17471| [54364] MySQL MyISAM table symlink
17472| [53950] The mysql-ocaml mysql_real_escape_string weak security
17473| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
17474| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
17475| [52660] iScouter PHP Web Portal MySQL Password Retrieval
17476| [52220] aa33code mysql.inc information disclosure
17477| [52122] MySQL Connector/J unicode SQL injection
17478| [51614] MySQL dispatch_command() denial of service
17479| [51406] MySQL Connector/NET SSL spoofing
17480| [49202] MySQL UDF command execution
17481| [49050] MySQL XPath denial of service
17482| [48919] Cisco Application Networking Manager MySQL default account password
17483| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
17484| [47544] MySQL Calendar index.php SQL injection
17485| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
17486| [45649] MySQL MyISAM symlink security bypass
17487| [45648] MySQL MyISAM symlinks security bypass
17488| [45607] MySQL Quick Admin actions.php file include
17489| [45606] MySQL Quick Admin index.php file include
17490| [45590] MySQL command-line client cross-site scripting
17491| [45436] PromoteWeb MySQL go.php SQL injection
17492| [45042] MySQL empty bit-string literal denial of service
17493| [44662] mysql-lists unspecified cross-site scripting
17494| [42267] MySQL MyISAM security bypass
17495| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
17496| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
17497| [40920] MySQL sql_select.cc denial of service
17498| [40734] MySQL Server BINLOG privilege escalation
17499| [40350] MySQL password information disclosure
17500| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
17501| [39402] PHP LOCAL INFILE and MySQL extension security bypass
17502| [38999] aurora framework db_mysql.lib SQL injection
17503| [38990] MySQL federated engine denial of service
17504| [38989] MySQL DEFINER value privilege escalation
17505| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
17506| [38964] MySQL RENAME TABLE symlink
17507| [38733] ManageEngine EventLog Analyzer MySQL default password
17508| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
17509| [38189] MySQL default root password
17510| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
17511| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
17512| [36555] PHP MySQL extension multiple functions security bypass
17513| [35960] MySQL view privilege escalation
17514| [35959] MySQL CREATE TABLE LIKE information disclosure
17515| [35958] MySQL connection protocol denial of service
17516| [35291] MySQLDumper main.php security bypass
17517| [34811] MySQL udf_init and mysql_create_function command execution
17518| [34809] MySQL mysql_update privilege escalation
17519| [34349] MySQL ALTER information disclosure
17520| [34348] MySQL mysql_change_db privilege escalation
17521| [34347] MySQL RENAME TABLE weak security
17522| [34232] MySQL IF clause denial of service
17523| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
17524| [33285] Eve-Nuke mysql.php file include
17525| [32957] MySQL Commander dbopen.php file include
17526| [32933] cPanel load_language.php and mysqlconfig.php file include
17527| [32911] MySQL filesort function denial of service
17528| [32462] cPanel passwdmysql cross-site scripting
17529| [32288] RHSA-2006:0544 updates for mysql not installed
17530| [32266] MySQLNewsEngine affichearticles.php3 file include
17531| [31244] The Address Book MySQL export.php password information disclosure
17532| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
17533| [30760] BTSaveMySql URL file disclosure
17534| [30191] StoryStream mysql.php and mysqli.php file include
17535| [30085] MySQL MS-DOS device name denial of service
17536| [30031] Agora MysqlfinderAdmin.php file include
17537| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
17538| [29179] paBugs class.mysql.php file include
17539| [29120] ZoomStats MySQL file include
17540| [28448] MySQL case sensitive database name privilege escalation
17541| [28442] MySQL GRANT EXECUTE privilege escalation
17542| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
17543| [28202] MySQL multiupdate subselect query denial of service
17544| [28180] MySQL MERGE table security bypass
17545| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
17546| [27995] Opsware Network Automation System MySQL plaintext password
17547| [27904] MySQL date_format() format string
17548| [27635] MySQL Instance Manager denial of service
17549| [27212] MySQL SELECT str_to_date denial of service
17550| [26875] MySQL ASCII escaping SQL injection
17551| [26420] Apple Mac OS X MySQL Manager blank password
17552| [26236] MySQL login packet information disclosure
17553| [26232] MySQL COM_TABLE_DUMP buffer overflow
17554| [26228] MySQL sql_parce.cc information disclosure
17555| [26042] MySQL running
17556| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
17557| [24966] MySQL mysql_real_query logging bypass
17558| [24653] PAM-MySQL logging function denial of service
17559| [24652] PAM-MySQL authentication double free code execution
17560| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
17561| [24095] PHP ext/mysqli exception handling format string
17562| [23990] PHP mysql_connect() buffer overflow
17563| [23596] MySQL Auction search module could allow cross-site scripting
17564| [22642] RHSA-2005:334 updates for mysql not installed
17565| [21757] MySQL UDF library functions command execution
17566| [21756] MySQL LoadLibraryEx function denial of service
17567| [21738] MySQL UDF mysql_create_function function directory traversal
17568| [21737] MySQL user defined function buffer overflow
17569| [21640] MySQL Eventum multiple class SQL injection
17570| [21638] MySQL Eventum multiple scripts cross-site scripting
17571| [20984] xmysqladmin temporary file symlink
17572| [20656] MySQL mysql_install_db script symlink
17573| [20333] Plans MySQL password information disclosure
17574| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
17575| [19658] MySQL udf_init function gain access
17576| [19576] auraCMS mysql_fetch_row function path disclosure
17577| [18922] MySQL mysqlaccess script symlink attack
17578| [18824] MySQL UDF root privileges
17579| [18464] mysql_auth unspecified vulnerability
17580| [18449] Sugar Sales plaintext MySQL password
17581| [17783] MySQL underscore allows elevated privileges
17582| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
17583| [17667] MySQL UNION change denial of service
17584| [17666] MySQL ALTER TABLE RENAME bypass restriction
17585| [17493] MySQL libmysqlclient bulk inserts buffer overflow
17586| [17462] MySQLGuest AWSguest.php script cross-site scripting
17587| [17047] MySQL mysql_real_connect buffer overflow
17588| [17030] MySQL mysqlhotcopy insecure temporary file
17589| [16612] MySQL my_rnd buffer overflow
17590| [16604] MySQL check_scramble_323 function allows unauthorized access
17591| [15883] MySQL mysqld_multi script symlink attack
17592| [15617] MySQL mysqlbug script symlink attack
17593| [15417] Confixx db_mysql_loeschen2.php SQL injection
17594| [15280] Proofpoint Protection Server MySQL allows unauthorized access
17595| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
17596| [13153] MySQL long password buffer overflow
17597| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
17598| [12540] Teapop PostSQL and MySQL modules SQL injection
17599| [12337] MySQL mysql_real_connect function buffer overflow
17600| [11510] MySQL datadir/my.cnf modification could allow root privileges
17601| [11493] mysqlcc configuration and connection files are world writable
17602| [11340] SuckBot mod_mysql_logger denial of service
17603| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
17604| [10850] MySQL libmysql client read_one_row buffer overflow
17605| [10849] MySQL libmysql client read_rows buffer overflow
17606| [10848] MySQL COM_CHANGE_USER password buffer overflow
17607| [10847] MySQL COM_CHANGE_USER command password authentication bypass
17608| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
17609| [10483] Bugzilla stores passwords in plain text in the MySQL database
17610| [10455] gBook MySQL could allow administrative access
17611| [10243] MySQL my.ini &quot
17612| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
17613| [9909] MySQL logging disabled by default on Windows
17614| [9908] MySQL binding to the loopback adapter is disabled
17615| [9902] MySQL default root password could allow unauthorized access
17616| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
17617| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
17618| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
17619| [7206] WinMySQLadmin stores MySQL password in plain text
17620| [6617] MySQL &quot
17621| [6419] MySQL drop database command buffer overflow
17622| [6418] MySQL libmysqlclient.so buffer overflow
17623| [5969] MySQL select buffer overflow
17624| [5447] pam_mysql authentication input
17625| [5409] MySQL authentication algorithm obtain password hash
17626| [5057] PCCS MySQL Database Admin Tool could reveal username and password
17627| [4228] MySQL unauthenticated remote access
17628| [3849] MySQL default test account could allow any user to connect to the database
17629| [1568] MySQL creates readable log files
17630| 
17631| Exploit-DB - https://www.exploit-db.com:
17632| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
17633| [30677] Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module SQL Injection Vulnerability
17634| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
17635| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
17636| [29653] Active Calendar 1.2 data/mysqlevents.php css Parameter XSS
17637| [29572] CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
17638| [29569] MySQLNewsEngine Affichearticles.PHP3 Remote File Include Vulnerability
17639| [28783] MySQLDumper 1.21 SQL.PHP Cross-Site Scripting Vulnerability
17640| [28398] MySQL 4/5 SUID Routine Miscalculation Arbitrary DML Statement Execution
17641| [28308] Banex PHP MySQL Banner Exchange 2.21 members.php cfg_root Parameter Remote File Inclusion
17642| [28307] Banex PHP MySQL Banner Exchange 2.21 admin.php Multiple Parameter SQL Injection
17643| [28306] Banex PHP MySQL Banner Exchange 2.21 signup.php site_name Parameter SQL Injection
17644| [28234] MySQL 4.x/5.x Server Date_Format Denial of Service Vulnerability
17645| [28026] MySQL Server 4/5 Str_To_Date Remote Denial of Service Vulnerability
17646| [27464] Cholod MySQL Based Message Board Mb.CGI SQL Injection Vulnerability
17647| [27444] Woltlab Burning Board 2.3.4 Class_DB_MySQL.PHP Cross-Site Scripting Vulnerability
17648| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
17649| [26058] MySQL AB Eventum 1.x get_jsrs_data.php F Parameter XSS
17650| [26057] MySQL AB Eventum 1.x list.php release Parameter XSS
17651| [26056] MySQL AB Eventum 1.x view.php id Parameter XSS
17652| [25211] MySQL 4.x CREATE TEMPORARY TABLE Symlink Privilege Escalation
17653| [25210] MySQL 4.x CREATE FUNCTION mysql.func Table Arbitrary Library Injection
17654| [25209] MySQL 4.x CREATE FUNCTION Arbitrary libc Code Execution
17655| [24805] MySQL MaxDB 7.5 WAHTTP Server Remote Denial of Service Vulnerability
17656| [24669] MySQL 3.x/4.x ALTER TABLE/RENAME Forces Old Permission Checks
17657| [24250] MySQL 4.1/5.0 Authentication Bypass Vulnerability
17658| [23179] Oracle MySQL for Microsoft Windows MOF Execution
17659| [23138] MySQL 3.23.x/4.0.x Password Handler Buffer Overflow Vulnerability
17660| [23083] MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day
17661| [23081] MySQL Remote Preauth User Enumeration Zeroday
17662| [23078] MySQL Denial of Service Zeroday PoC
17663| [23077] MySQL (Linux) Database Privilege Elevation Zeroday Exploit
17664| [23076] MySQL (Linux) Heap Based Overrun PoC Zeroday
17665| [23075] MySQL (Linux) Stack Based Buffer Overrun PoC Zeroday
17666| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
17667| [22946] MySQL AB ODBC Driver 3.51 Plain Text Password Vulnerability
17668| [22565] MySQL 3.x/4.0.x Weak Password Encryption Vulnerability
17669| [22340] MySQL 3.23.x mysqld Privilege Escalation Vulnerability
17670| [22085] MySQL 3.23.x/4.0.x COM_CHANGE_USER Password Memory Corruption Vulnerability
17671| [22084] MySQL 3.23.x/4.0.x COM_CHANGE_USER Password Length Account Compromise Vulnerability
17672| [21726] MySQL 3.20.32/3.22.x/3.23.x Null Root Password Weak Default Configuration Vulnerability (2)
17673| [21725] MySQL 3.20.32/3.22.x/3.23.x Null Root Password Weak Default Configuration Vulnerability (1)
17674| [21266] PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (3)
17675| [21265] PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (2)
17676| [21264] PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (1)
17677| [20718] MySQL 3.20.32 a/3.23.34 Root Operation Symbolic Link File Overwriting Vulnerability
17678| [20581] Mysql 3.22.x/3.23.x Local Buffer Overflow Vulnerability
17679| [20355] Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
17680| [20055] MySQL Squid Access Report 2.1.4 HTML Injection
17681| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
17682| [19721] MySQL 3.22.27/3.22.29/3.23.8 GRANT Global Password Changing Vulnerability
17683| [19092] MySQL Remote Root Authentication Bypass
17684| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
17685| [16957] Oracle MySQL for Microsoft Windows Payload Execution
17686| [16850] MySQL yaSSL CertDecoder::GetName Buffer Overflow
17687| [16849] MySQL yaSSL SSL Hello Message Buffer Overflow
17688| [16701] MySQL yaSSL SSL Hello Message Buffer Overflow
17689| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
17690| [14654] CMSQLite <= 1.2 & CMySQLite <= 1.3.1 - Remote Code Execution Exploit
17691| [14537] Oracle MySQL 'ALTER DATABASE' Remote Denial of Service Vulnerability
17692| [14096] CMSQlite & CMySQLite CSRF Vulnerability
17693| [10876] PHP-MySQL-Quiz SQL Injection Vulnerability
17694| [10450] Linkster PHP/MySQL SQL Injection Vulnerability
17695| [10260] Robert Zimmerman PHP / MYSQL Scripts Admin Bypass
17696| [9953] MySQL <= 6.0 yaSSL <= 1.7.5 Hello Message Buffer Overflow
17697| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
17698| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
17699| [7856] MySQL 4/5/6 UDF for Command Execution
17700| [7020] MySQL Quick Admin 1.5.5 - Local File Inclusion Vulnerability
17701| [6641] MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability
17702| [6577] PromoteWeb MySQL (go.php id) Remote SQL Injection Vulnerability
17703| [6136] phpWebNews 0.2 MySQL Edition (SQL) Insecure Cookie Handling Vuln
17704| [5999] phpWebNews 0.2 MySQL Edition (det) SQL Injection Vulnerability
17705| [5998] phpWebNews 0.2 MySQL Edition (id_kat) SQL Injection Vulnerability
17706| [5913] MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities
17707| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
17708| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
17709| [3685] MyBlog: PHP and MySQL Blog/CMS software RFI Vulnerability
17710| [3591] PHP-Nuke Module Eve-Nuke 0.1 (mysql.php) RFI Vulnerability
17711| [3468] MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability
17712| [3450] NukeSentinel <= 2.5.06 (MySQL => 4.0.24) - Remote SQL Injection Exploit
17713| [3344] PHP-Nuke <= 8.0 Final (INSERT) Blind SQL Injection Exploit (mysql)
17714| [3274] MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)
17715| [2969] Php/Mysql Site Builder 0.0.2 (htm2php.php) File Disclosure Vulnerability
17716| [2726] Agora 1.4 RC1 (MysqlfinderAdmin.php) Remote File Include Vulnerability
17717| [2554] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
17718| [2466] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
17719| [2437] paBugs <= 2.0 Beta 3 (class.mysql.php) Remote File Include Exploit
17720| [2420] ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability
17721| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
17722| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
17723| [1518] MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit
17724| [1406] PHP <= 4.4.0 (mysql_connect function) Local Buffer Overflow Exploit
17725| [1181] MySQL 4.0.17 UDF Dynamic Library Exploit
17726| [1134] MySQL Eventum <= 1.5.5 (login.php) SQL Injection Exploit
17727| [960] MySQL MaxDB Webtool <= 7.5.00.23 Remote Stack Overflow Exploit
17728| [311] MySQL 4.1/5.0 zero-length password Auth. Bypass Exploit
17729| [98] MySQL 3.23.x/4.0.x Remote Exploit
17730| 
17731| OpenVAS (Nessus) - http://www.openvas.org:
17732| [902675] MySQLDumper Multiple Vulnerabilities
17733| [881549] CentOS Update for mysql CESA-2012:1551 centos6 
17734| [881538] CentOS Update for mysql CESA-2012:1462 centos6 
17735| [881225] CentOS Update for mysql CESA-2012:0105 centos6 
17736| [881185] CentOS Update for mysql CESA-2012:0127 centos5 
17737| [881061] CentOS Update for mysql CESA-2012:0874 centos6 
17738| [880760] CentOS Update for mysql CESA-2009:1289 centos5 i386
17739| [880613] CentOS Update for mysql CESA-2010:0109 centos5 i386
17740| [880577] CentOS Update for mysql CESA-2010:0442 centos5 i386
17741| [880452] CentOS Update for mysql CESA-2010:0824 centos4 i386
17742| [880366] CentOS Update for mysql CESA-2010:0110 centos4 i386
17743| [880329] CentOS Update for mysql CESA-2007:1155 centos4 x86_64
17744| [880324] CentOS Update for mysql CESA-2007:1155 centos4 i386
17745| [870870] RedHat Update for mysql RHSA-2012:1551-01
17746| [870861] RedHat Update for mysql RHSA-2012:1462-01
17747| [870778] RedHat Update for mysql RHSA-2012:0874-04
17748| [870736] RedHat Update for mysql RHSA-2011:0164-01
17749| [870647] RedHat Update for mysql RHSA-2012:0105-01
17750| [870547] RedHat Update for mysql RHSA-2012:0127-01
17751| [870357] RedHat Update for mysql RHSA-2010:0824-01
17752| [870356] RedHat Update for mysql RHSA-2010:0825-01
17753| [870272] RedHat Update for mysql RHSA-2010:0442-01
17754| [870218] RedHat Update for mysql RHSA-2010:0110-01
17755| [870216] RedHat Update for mysql RHSA-2010:0109-01
17756| [870195] RedHat Update for mysql RHSA-2007:1155-01
17757| [870069] RedHat Update for mysql RHSA-2008:0364-01
17758| [870033] RedHat Update for mysql RHSA-2008:0768-01
17759| [864951] Fedora Update for mysql FEDORA-2012-19823
17760| [864945] Fedora Update for mysql FEDORA-2012-19833
17761| [864504] Fedora Update for mysql FEDORA-2012-9324
17762| [864474] Fedora Update for mysql FEDORA-2012-9308
17763| [863910] Fedora Update for mysql FEDORA-2012-0972
17764| [863725] Fedora Update for mysql FEDORA-2012-0987
17765| [862844] Fedora Update for mod_auth_mysql FEDORA-2011-0100
17766| [862840] Fedora Update for mod_auth_mysql FEDORA-2011-0114
17767| [862676] Fedora Update for mysql FEDORA-2010-15147
17768| [862444] Fedora Update for mysql FEDORA-2010-15166
17769| [862300] Fedora Update for mysql FEDORA-2010-11126
17770| [862290] Fedora Update for mysql FEDORA-2010-11135
17771| [862149] Fedora Update for mysql FEDORA-2010-9053
17772| [862148] Fedora Update for mysql FEDORA-2010-9061
17773| [862136] Fedora Update for mysql FEDORA-2010-9016
17774| [861948] Fedora Update for mysql FEDORA-2010-7355
17775| [861936] Fedora Update for mysql FEDORA-2010-7414
17776| [861707] Fedora Update for mysql FEDORA-2010-1300
17777| [861651] Fedora Update for mysql FEDORA-2010-1348
17778| [861544] Fedora Update for php-pear-MDB2-Driver-mysql FEDORA-2007-3369
17779| [861392] Fedora Update for mysql FEDORA-2007-4471
17780| [861180] Fedora Update for php-pear-MDB2-Driver-mysqli FEDORA-2007-3369
17781| [861162] Fedora Update for php-pear-MDB2-Driver-mysql FEDORA-2007-3376
17782| [861108] Fedora Update for php-pear-MDB2-Driver-mysqli FEDORA-2007-3376
17783| [861033] Fedora Update for mysql FEDORA-2007-4465
17784| [855481] Solaris Update for mysql 120292-02
17785| [855333] Solaris Update for mysql 120293-02
17786| [850182] SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql)
17787| [841248] Ubuntu Update for mysql-5.5 USN-1658-1
17788| [841207] Ubuntu Update for mysql-5.5 USN-1621-1
17789| [841039] Ubuntu Update for mysql-5.5 USN-1467-1
17790| [840989] Ubuntu Update for mysql-5.1 USN-1427-1
17791| [840944] Ubuntu Update for mysql-5.1 USN-1397-1
17792| [840533] Ubuntu Update for MySQL vulnerabilities USN-1017-1
17793| [840442] Ubuntu Update for MySQL vulnerabilities USN-950-1
17794| [840384] Ubuntu Update for MySQL vulnerabilities USN-897-1
17795| [840292] Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1
17796| [840240] Ubuntu Update for mysql-dfsg-5.0 regression USN-588-2
17797| [840219] Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1
17798| [840106] Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1
17799| [840042] Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1
17800| [840012] Ubuntu Update for mysql-dfsg-5.0 vulnerability USN-440-1
17801| [835096] HP-UX Update for on HP 9000 Servers Running MySQL HPSBUX00287
17802| [831755] Mandriva Update for mysql MDVSA-2012:178 (mysql)
17803| [831684] Mandriva Update for mysql MDVA-2012:049 (mysql)
17804| [831547] Mandriva Update for mysql MDVA-2012:022 (mysql)
17805| [831532] Mandriva Update for mysql MDVA-2012:005 (mysql)
17806| [831519] Mandriva Update for mysql MDVA-2011:099 (mysql)
17807| [831425] Mandriva Update for mysql MDVA-2011:025 (mysql)
17808| [831327] Mandriva Update for mysql MDVA-2011:005 (mysql)
17809| [831315] Mandriva Update for mysql MDVSA-2011:012 (mysql)
17810| [831295] Mandriva Update for mysql MDVA-2010:240 (mysql)
17811| [831244] Mandriva Update for mysql MDVSA-2010:155-1 (mysql)
17812| [831243] Mandriva Update for mysql MDVSA-2010:222 (mysql)
17813| [831237] Mandriva Update for mysql MDVSA-2010:223 (mysql)
17814| [831202] Mandriva Update for mysql MDVA-2010:210 (mysql)
17815| [831134] Mandriva Update for mysql MDVSA-2010:155 (mysql)
17816| [831049] Mandriva Update for mysql MDVSA-2010:107 (mysql)
17817| [831048] Mandriva Update for mysql MDVSA-2010:101 (mysql)
17818| [831034] Mandriva Update for mysql MDVA-2010:146 (mysql)
17819| [831033] Mandriva Update for mysql MDVSA-2010:093 (mysql)
17820| [830902] Mandriva Update for mysql MDVSA-2010:044 (mysql)
17821| [830821] Mandriva Update for mysql MDVSA-2010:011 (mysql)
17822| [830806] Mandriva Update for mysql MDVSA-2010:012 (mysql)
17823| [830772] Mandriva Update for mysql MDVSA-2008:150 (mysql)
17824| [830664] Mandriva Update for mysql MDVA-2008:018 (mysql)
17825| [830659] Mandriva Update for mysql MDVSA-2008:017 (mysql)
17826| [830513] Mandriva Update for mysql MDVSA-2008:028 (mysql)
17827| [830421] Mandriva Update for mysql MDVSA-2008:149 (mysql)
17828| [830297] Mandriva Update for MySQL MDKSA-2007:177 (MySQL)
17829| [830223] Mandriva Update for perl-DBD-mysql MDKA-2007:066 (perl-DBD-mysql)
17830| [830063] Mandriva Update for MySQL MDKSA-2007:139 (MySQL)
17831| [830032] Mandriva Update for MySQL MDKSA-2007:243 (MySQL)
17832| [801593] Oracle MySQL Eventum Multiple Cross Site Scripting Vulnerabilities
17833| [801205] MySQL Connector/Net SSL Certificate Validation Security Bypass Vulnerability
17834| [103051] PHP MySQLi Extension 'set_magic_quotes_runtime' Function Security-Bypass Weakness
17835| [100662] PHP Mysqlnd Extension Information Disclosure and Multiple Buffer Overflow Vulnerabilities
17836| [71475] Debian Security Advisory DSA 2496-1 (mysql-5.1)
17837| [71233] Debian Security Advisory DSA 2429-1 (mysql-5.1)
17838| [70803] Gentoo Security Advisory GLSA 201201-02 (MySQL)
17839| [70586] FreeBSD Ports: proftpd, proftpd-mysql
17840| [67541] Debian Security Advisory DSA 2057-1 (mysql-dfsg-5.0)
17841| [66577] Fedora Core 11 FEDORA-2009-13504 (mysql)
17842| [66573] Fedora Core 12 FEDORA-2009-13466 (mysql)
17843| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
17844| [66508] Fedora Core 10 FEDORA-2009-12180 (mysql)
17845| [66425] Mandriva Security Advisory MDVSA-2009:326 (mysql)
17846| [66256] Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)
17847| [66251] Fedora Core 10 FEDORA-2009-10582 (ocaml-mysql)
17848| [66056] Debian Security Advisory DSA 1910-1 (mysql-ocaml)
17849| [66035] Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)
17850| [65937] SLES10: Security update for MySQL
17851| [65884] SLES10: Security update for MySQL
17852| [65827] SLES10: Security update for MySQL
17853| [65710] SLES11: Security update for MySQL
17854| [65610] SLES9: Security update for MySQL
17855| [65566] SLES9: Security update for MySQL
17856| [65507] SLES9: Security update for MySQL
17857| [65502] SLES9: Security update for mysql
17858| [65426] SLES9: Security update for MySQL
17859| [65385] SLES9: Security update for mysql
17860| [65341] SLES9: Security update for MySQL
17861| [65181] SLES9: Security update for MySQL
17862| [65176] SLES9: Security update for MySQL
17863| [64932] CentOS Security Advisory CESA-2009:1289 (mysql)
17864| [64820] Debian Security Advisory DSA 1877-1 (mysql-dfsg-5.0)
17865| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
17866| [64522] Mandrake Security Advisory MDVSA-2009:179 (mysql)
17867| [64461] Mandrake Security Advisory MDVSA-2009:159 (mysql)
17868| [63872] Mandrake Security Advisory MDVSA-2009:094 (mysql)
17869| [63630] FreeBSD Ports: proftpd, proftpd-mysql
17870| [63171] FreeBSD Ports: mysql-server
17871| [63170] FreeBSD Ports: mysql-server
17872| [63169] FreeBSD Ports: mysql-server
17873| [63168] FreeBSD Ports: mysql-server
17874| [63095] FreeBSD Ports: mysql-server
17875| [61852] Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0)
17876| [61699] FreeBSD Ports: mysql-client
17877| [61656] FreeBSD Ports: proftpd, proftpd-mysql
17878| [61618] FreeBSD Ports: mysql-server
17879| [61599] Gentoo Security Advisory GLSA 200809-04 (mysql)
17880| [61283] Debian Security Advisory DSA 1608-1 (mysql-dfsg-5.0)
17881| [60804] Gentoo Security Advisory GLSA 200804-04 (mysql)
17882| [60271] Debian Security Advisory DSA 1478-1 (mysql-dfsg-5.0)
17883| [60106] Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0)
17884| [60017] Slackware Advisory SSA:2007-348-01 mysql 
17885| [59638] Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1)
17886| [59245] Gentoo Security Advisory GLSA 200711-25 (mysql)
17887| [58863] FreeBSD Ports: freeradius, freeradius-mysql
17888| [58545] Gentoo Security Advisory GLSA 200708-10 (mysql)
17889| [58261] Gentoo Security Advisory GLSA 200705-11 (MySQL)
17890| [57859] Gentoo Security Advisory GLSA 200608-09 (mysql)
17891| [57725] FreeBSD Ports: proftpd, proftpd-mysql
17892| [57576] FreeBSD Ports: proftpd, proftpd-mysql
17893| [57527] FreeBSD Ports: mysql-server
17894| [57526] FreeBSD Ports: mysql-server
17895| [57337] Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)
17896| [57257] FreeBSD Ports: mysql-server
17897| [57167] Slackware Advisory SSA:2006-211-01 mysql 
17898| [57109] Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)
17899| [56964] Gentoo Security Advisory GLSA 200606-18 (pam_mysql)
17900| [56940] Gentoo Security Advisory GLSA 200606-13 (MySQL)
17901| [56924] Debian Security Advisory DSA 1092-1 (mysql-dfsg-4.1)
17902| [56861] Slackware Advisory SSA:2006-155-01 mysql 
17903| [56850] FreeBSD Ports: mysql-server
17904| [56849] FreeBSD Ports: mysql-server
17905| [56833] Debian Security Advisory DSA 1079-1 (mysql-dfsg)
17906| [56789] Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)
17907| [56788] Debian Security Advisory DSA 1071-1 (mysql)
17908| [56730] Slackware Advisory SSA:2006-129-02 mysql 
17909| [56728] Gentoo Security Advisory GLSA 200605-13 (MySQL)
17910| [56714] FreeBSD Ports: mysql-server
17911| [55520] Debian Security Advisory DSA 833-2 (mysql-dfsg-4.1)
17912| [55514] Debian Security Advisory DSA 833-1 (mysql-dfsg-4.1)
17913| [55493] Debian Security Advisory DSA 829-1 (mysql)
17914| [55492] Debian Security Advisory DSA 831-1 (mysql-dfsg)
17915| [55164] Debian Security Advisory DSA 783-1 (mysql-dfsg-4.1)
17916| [54884] Gentoo Security Advisory GLSA 200503-19 (mysql)
17917| [54819] Gentoo Security Advisory GLSA 200501-33 (mysql)
17918| [54713] Gentoo Security Advisory GLSA 200410-22 (MySQL)
17919| [54659] Gentoo Security Advisory GLSA 200409-02 (MySQL)
17920| [54580] Gentoo Security Advisory GLSA 200405-20 (MySQL)
17921| [54483] FreeBSD Ports: proftpd, proftpd-mysql
17922| [54201] FreeBSD Ports: mysql-server
17923| [53776] Debian Security Advisory DSA 013-1 (mysql)
17924| [53755] Debian Security Advisory DSA 483-1 (mysql)
17925| [53750] Debian Security Advisory DSA 707-1 (mysql)
17926| [53666] Debian Security Advisory DSA 381-1 (mysql)
17927| [53595] Debian Security Advisory DSA 303-1 (mysql)
17928| [53585] Debian Security Advisory DSA 212-1 (mysql)
17929| [53481] Debian Security Advisory DSA 647-1 (mysql)
17930| [53251] Debian Security Advisory DSA 562-1 (mysql)
17931| [53230] Debian Security Advisory DSA 540-1 (mysql)
17932| [52466] FreeBSD Ports: exim, exim-ldap2, exim-mysql, exim-postgresql
17933| [52459] FreeBSD Ports: mysql-client
17934| [52419] FreeBSD Ports: mysql-scripts
17935| [52406] FreeBSD Ports: mysql-server
17936| [52375] FreeBSD Ports: mysql-server, mysql-client
17937| [52274] FreeBSD Ports: mysql-server
17938| [52273] FreeBSD Ports: mysql-server
17939| [52272] FreeBSD Ports: mysql-server
17940| [52271] FreeBSD Ports: mysql-server
17941| [52270] FreeBSD Ports: mysql-server
17942| [52233] FreeBSD Ports: mysql-scripts
17943| [52158] FreeBSD Ports: mysql-server
17944| [16093] MySQL Eventum Multiple flaws
17945| [12639] MySQL Authentication bypass through a zero-length password
17946| [10783] PCCS-Mysql User/Password Exposure
17947| 
17948| SecurityTracker - https://www.securitytracker.com:
17949| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
17950| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
17951| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
17952| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
17953| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
17954| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
17955| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
17956| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
17957| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
17958| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
17959| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
17960| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
17961| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
17962| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
17963| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
17964| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
17965| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
17966| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
17967| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
17968| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
17969| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
17970| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
17971| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
17972| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
17973| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
17974| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
17975| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
17976| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
17977| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
17978| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
17979| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
17980| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
17981| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
17982| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
17983| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
17984| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
17985| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
17986| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
17987| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
17988| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
17989| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
17990| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
17991| [1016790] MySQL Replication Error Lets Local Users Deny Service
17992| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
17993| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
17994| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
17995| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
17996| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
17997| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
17998| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
17999| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
18000| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
18001| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
18002| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
18003| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
18004| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
18005| [1014172] xMySQLadmin Lets Local Users Delete Files
18006| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
18007| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
18008| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
18009| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
18010| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
18011| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
18012| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
18013| [1012500] mysql_auth Memory Leak Has Unspecified Impact
18014| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
18015| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
18016| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
18017| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
18018| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
18019| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
18020| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
18021| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
18022| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
18023| [1007979] MySQL  mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
18024| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
18025| [1007518] DWebPro Discloses MySQL Database Password to Local Users
18026| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
18027| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
18028| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
18029| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
18030| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
18031| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
18032| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
18033| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
18034| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
18035| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
18036| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
18037| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
18038| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
18039| 
18040| OSVDB - http://www.osvdb.org:
18041| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
18042| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
18043| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18044| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
18045| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
18046| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
18047| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
18048| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
18049| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
18050| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
18051| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
18052| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18053| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
18054| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
18055| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
18056| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
18057| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
18058| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
18059| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
18060| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
18061| [93174] MySQL Crafted Derived Table Handling DoS
18062| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
18063| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
18064| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
18065| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
18066| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
18067| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
18068| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
18069| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
18070| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
18071| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
18072| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
18073| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
18074| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
18075| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
18076| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
18077| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
18078| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
18079| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
18080| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
18081| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
18082| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
18083| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
18084| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
18085| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
18086| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
18087| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
18088| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
18089| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
18090| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
18091| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
18092| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
18093| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
18094| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
18095| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
18096| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
18097| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
18098| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
18099| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
18100| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
18101| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
18102| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
18103| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
18104| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
18105| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
18106| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
18107| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
18108| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
18109| [89042] ViciBox Server MySQL cron Service Default Credentials
18110| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
18111| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
18112| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
18113| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
18114| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
18115| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
18116| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
18117| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
18118| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
18119| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
18120| [87480] MySQL Malformed XML Comment Handling DoS
18121| [87466] MySQL SSL Certificate Revocation Weakness
18122| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
18123| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
18124| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
18125| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
18126| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
18127| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
18128| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
18129| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
18130| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
18131| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
18132| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
18133| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
18134| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18135| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
18136| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
18137| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
18138| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
18139| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
18140| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
18141| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
18142| [84719] MySQLDumper index.php page Parameter XSS
18143| [84680] MySQL Squid Access Report access.log File Path XSS
18144| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
18145| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
18146| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
18147| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18148| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
18149| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
18150| [83661] Oracle MySQL Unspecified Issue (59533)
18151| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
18152| [82803] Oracle MySQL Unspecified Issue (59387)
18153| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
18154| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
18155| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
18156| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
18157| [81614] MySQLDumper File Upload PHP Code Execution
18158| [81613] MySQLDumper main.php Multiple Function CSRF
18159| [81612] MySQLDumper restore.php filename Parameter XSS
18160| [81611] MySQLDumper sql.php Multiple Parameter XSS
18161| [81610] MySQLDumper install.php Multiple Parameter XSS
18162| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
18163| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
18164| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
18165| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
18166| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
18167| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
18168| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
18169| [81059] Oracle MySQL Server Multiple Unspecified Issues
18170| [79038] Webmin Process Listing MySQL Password Local Disclosure
18171| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
18172| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
18173| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
18174| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
18175| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
18176| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
18177| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
18178| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
18179| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
18180| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
18181| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
18182| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
18183| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
18184| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
18185| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
18186| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
18187| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
18188| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
18189| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
18190| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
18191| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
18192| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
18193| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
18194| [78375] Oracle MySQL Server Unspecified Local DoS
18195| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
18196| [78373] Oracle MySQL Server Unspecified Local Issue
18197| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
18198| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
18199| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
18200| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
18201| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
18202| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
18203| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
18204| [77040] DBD::mysqlPP Unspecified SQL Injection
18205| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
18206| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
18207| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
18208| [73387] Zend Framework PDO_MySql Character Set Security Bypass
18209| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
18210| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
18211| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
18212| [71368] Accellion File Transfer Appliance Weak MySQL root Password
18213| [70967] MySQL Eventum Admin User Creation CSRF
18214| [70966] MySQL Eventum preferences.php full_name Parameter XSS
18215| [70961] MySQL Eventum list.php Multiple Parameter XSS
18216| [70960] MySQL Eventum forgot_password.php URI XSS
18217| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
18218| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
18219| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
18220| [69395] MySQL Derived Table Grouping DoS
18221| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
18222| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
18223| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
18224| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
18225| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
18226| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
18227| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
18228| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
18229| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
18230| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
18231| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
18232| [68996] MySQL EXPLAIN EXTENDED Statement DoS
18233| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
18234| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
18235| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
18236| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
18237| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
18238| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
18239| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
18240| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
18241| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
18242| [67381] MySQL InnoDB Temporary Table Handling DoS
18243| [67380] MySQL BINLOG Statement Unspecified Argument DoS
18244| [67379] MySQL Multiple Operation NULL Argument Handling DoS
18245| [67378] MySQL Unique SET Column Join Statement Remote DoS
18246| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
18247| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
18248| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
18249| [66731] PHP Bundled MySQL Library Unspecified Issue
18250| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
18251| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
18252| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
18253| [65085] MySQL Enterprise Monitor Unspecified CSRF
18254| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
18255| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
18256| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
18257| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
18258| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
18259| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
18260| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
18261| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
18262| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
18263| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
18264| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
18265| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
18266| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
18267| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
18268| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
18269| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
18270| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
18271| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
18272| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
18273| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
18274| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
18275| [59907] MySQL on Windows bind-address Remote Connection Weakness
18276| [59906] MySQL on Windows Default Configuration Logging Weakness
18277| [59616] MySQL Hashed Password Weakness
18278| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
18279| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
18280| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
18281| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
18282| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
18283| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
18284| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
18285| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
18286| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
18287| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
18288| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
18289| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
18290| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
18291| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
18292| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
18293| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
18294| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
18295| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
18296| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
18297| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
18298| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
18299| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
18300| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
18301| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
18302| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
18303| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
18304| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
18305| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
18306| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
18307| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
18308| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
18309| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
18310| [52464] MySQL charset Column Truncation Weakness
18311| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
18312| [52378] Cisco ANM MySQL root Account Default Password
18313| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
18314| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
18315| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
18316| [50892] MySQL Calendar index.php username Parameter SQL Injection
18317| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
18318| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
18319| [48710] MySQL Command Line Client HTML Output XSS
18320| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
18321| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
18322| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
18323| [47789] mysql-lists Unspecified XSS
18324| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
18325| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
18326| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
18327| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
18328| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
18329| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
18330| [43179] MySQL Server BINLOG Statement Rights Checking Failure
18331| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
18332| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
18333| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
18334| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
18335| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
18336| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
18337| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
18338| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
18339| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
18340| [39279] PHP mysql_error() Function XSS
18341| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
18342| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
18343| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
18344| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
18345| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
18346| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
18347| [37782] MySQL Community Server External Table View Privilege Escalation
18348| [37781] MySQL ALTER TABLE Information Disclosure
18349| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
18350| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
18351| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
18352| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
18353| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
18354| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
18355| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
18356| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
18357| [36251] Associated Press (AP) Newspower Default MySQL root Password
18358| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
18359| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
18360| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
18361| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
18362| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
18363| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
18364| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
18365| [33974] MySQL information_schema Table Subselect Single-Row DoS
18366| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
18367| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
18368| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
18369| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
18370| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
18371| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
18372| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
18373| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
18374| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
18375| [32056] BTSaveMySql Direct Request Config File Disclosure
18376| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
18377| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
18378| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
18379| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
18380| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
18381| [29696] MySQLDumper sql.php db Parameter XSS
18382| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
18383| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
18384| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
18385| [28288] MySQL Instance_options::complete_initialization Function Overflow
18386| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
18387| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
18388| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
18389| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
18390| [28012] MySQL Case Sensitivity Unauthorized Database Creation
18391| [27919] MySQL VIEW Access information_schema.views Information Disclosure
18392| [27703] MySQL MERGE Table Privilege Persistence
18393| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
18394| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
18395| [27416] MySQL Server time.cc date_format Function Format String
18396| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
18397| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
18398| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
18399| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
18400| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
18401| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
18402| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
18403| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
18404| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
18405| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
18406| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
18407| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
18408| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
18409| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
18410| [25595] Apple Mac OS X MySQL Manager Blank root Password
18411| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
18412| [25227] MySQL COM_TABLE_DUMP Packet Overflow
18413| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
18414| [24245] Cholod Mysql Based Message Board Unspecified XSS
18415| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
18416| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
18417| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
18418| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
18419| [23526] MySQL Query NULL Charcter Logging Bypass
18420| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
18421| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
18422| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
18423| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
18424| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
18425| [22479] PHP mysqli Extension Error Message Format String
18426| [22232] PHP Pipe Variable mysql_connect() Function Overflow
18427| [21685] MySQL Auction Search Module keyword XSS
18428| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
18429| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
18430| [19457] aMember Pro mysql.inc.php Remote File Inclusion
18431| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
18432| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
18433| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
18434| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
18435| [18896] MySQL User-Defined Function init_syms() Function Overflow
18436| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
18437| [18894] MySQL drop database Request Remote Overflow
18438| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
18439| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
18440| [18406] MySQL Eventum releases.php SQL Injection
18441| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
18442| [18404] MySQL Eventum custom_fields.php SQL Injection
18443| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
18444| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
18445| [18401] MySQL Eventum list.php release Parameter XSS
18446| [18400] MySQL Eventum view.php id Parameter XSS
18447| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
18448| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
18449| [17223] xMySQLadmin Symlink Arbitrary File Deletion
18450| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
18451| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
18452| [16056] Plans Unspecified mySQL Remote Password Disclosure
18453| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
18454| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
18455| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
18456| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
18457| [14748] MySQL MS-DOS Device Names Request DoS
18458| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
18459| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
18460| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
18461| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
18462| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
18463| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
18464| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
18465| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
18466| [12919] MySQL MaxDB WebAgent websql Remote Overflow
18467| [12779] MySQL User Defined Function Privilege Escalation
18468| [12609] MySQL Eventum projects.php Multiple Parameter XSS
18469| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
18470| [12607] MySQL Eventum forgot_password.php email Parameter XSS
18471| [12606] MySQL Eventum index.php email Parameter XSS
18472| [12605] MySQL Eventum Default Vendor Account
18473| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
18474| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
18475| [11689] Roxen Web Server MySQL Socket Permission Weakness
18476| [10985] MySQL MATCH..AGAINST Query DoS
18477| [10959] MySQL GRANT ALL ON Privilege Escalation
18478| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
18479| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
18480| [10658] MySQL mysql_real_connect() Function Remote Overflow
18481| [10532] MySQL MaxDB webdbm Server Field DoS
18482| [10491] AWS MySQLguest AWSguest.php Script Insertion
18483| [10244] MySQL libmysqlclient Prepared Statements API Overflow
18484| [10226] MySQLGuest AWSguest.php Multiple Field XSS
18485| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
18486| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
18487| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
18488| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
18489| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
18490| [9907] MySQL SELECT Statement String Handling Overflow
18491| [9906] MySQL GRANT Privilege Arbitrary Password Modification
18492| [9509] teapop MySQL Authentication Module SQL Injection
18493| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
18494| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
18495| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
18496| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
18497| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
18498| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
18499| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
18500| [8886] MySQL libmysqlclient Library read_one_row Overflow
18501| [8885] MySQL libmysqlclient Library read_rows Overflow
18502| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
18503| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
18504| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
18505| [7128] MySQL show database Database Name Exposure
18506| [6716] MySQL Database Engine Weak Authentication Information Disclosure
18507| [6605] MySQL mysqld Readable Log File Information Disclosure
18508| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
18509| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
18510| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
18511| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
18512| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
18513| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
18514| [520] MySQL Database Name Traversal Arbitrary File Modification
18515| [380] MySQL Server on Windows Default Null Root Password
18516| [261] MySQL Short Check String Authentication Bypass
18517######################################################################################################################################
18518                                         Anonymous JTSEC #OpChili Full Recon #30