· 6 years ago · Nov 25, 2019, 07:45 PM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname freeflorida.org ISP Unified Layer
4Continent North America Flag
5US
6Country United States Country Code US
7Region Texas Local time 25 Nov 2019 12:12 CST
8City Houston Postal Code 77092
9IP Address 192.185.138.18 Latitude 29.828
10 Longitude -95.47
11=====================================================================================================================================
12#######################################################################################################################################
13> freeflorida.org
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: freeflorida.org
19Address: 192.185.138.18
20>
21#######################################################################################################################################
22Domain Name: FREEFLORIDA.ORG
23Registry Domain ID: D8824055-LROR
24Registrar WHOIS Server: whois.enom.com
25Registrar URL: http://www.enom.com
26Updated Date: 2019-07-22T16:36:40Z
27Creation Date: 1999-08-04T14:12:55Z
28Registry Expiry Date: 2020-08-04T14:12:47Z
29Registrar Registration Expiration Date:
30Registrar: eNom, Inc.
31Registrar IANA ID: 48
32Registrar Abuse Contact Email: abuse@enom.com
33Registrar Abuse Contact Phone: +1.4252982646
34Reseller:
35Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
36Registrant Organization: Joseph Cole
37Registrant State/Province: FL
38Registrant Country: US
39Name Server: NS1.DIXIEINTERNET.NET
40Name Server: NS2.DIXIEINTERNET.NET
41DNSSEC: unsigned
42#######################################################################################################################################
43[+] Target : freeflorida.org
44
45[+] IP Address : 192.185.138.18
46
47[+] Headers :
48
49[+] Date : Mon, 25 Nov 2019 18:38:59 GMT
50[+] Server : Apache
51[+] Content-Length : 226
52[+] Keep-Alive : timeout=5, max=75
53[+] Connection : Keep-Alive
54[+] Content-Type : text/html; charset=iso-8859-1
55
56[+] SSL Certificate Information :
57
58[+] commonName : freeflorida.org
59[+] countryName : US
60[+] organizationName : Let's Encrypt
61[+] commonName : Let's Encrypt Authority X3
62[+] Version : 3
63[+] Serial Number : 045C4364810A5A1230CE2CCC40110B74EB29
64[+] Not Before : Nov 14 01:47:12 2019 GMT
65[+] Not After : Feb 12 01:47:12 2020 GMT
66[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
67[+] subject Alt Name : (('DNS', 'autodiscover.freeflorida.org'), ('DNS', 'cpanel.freeflorida.org'), ('DNS', 'freeflorida.org'), ('DNS', 'mail.freeflorida.org'), ('DNS', 'webdisk.freeflorida.org'), ('DNS', 'webmail.freeflorida.org'), ('DNS', 'www.freeflorida.org'))
68[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
69
70[+] Whois Lookup :
71
72[+] NIR : None
73[+] ASN Registry : arin
74[+] ASN : 46606
75[+] ASN CIDR : 192.185.128.0/18
76[+] ASN Country Code : US
77[+] ASN Date : 2013-07-22
78[+] ASN Description : UNIFIEDLAYER-AS-1 - Unified Layer, US
79[+] cidr : 192.185.0.0/16
80[+] name : HGBLOCK-10
81[+] handle : NET-192-185-0-0-1
82[+] range : 192.185.0.0 - 192.185.255.255
83[+] description : WEBSITEWELCOME.COM
84[+] country : US
85[+] state : MA
86[+] city : Burlington
87[+] address : 10 Corporate Drive
88[+] postal_code : 01803
89[+] emails : ['eig-abuse@endurance.com', 'eig-net-team@endurance.com']
90[+] created : 2013-07-22
91[+] updated : 2013-07-22
92
93[+] Crawling Target...
94
95[+] Looking for robots.txt........[ Found ]
96[+] Extracting robots Links.......[ 0 ]
97[+] Looking for sitemap.xml.......[ Not Found ]
98[+] Extracting CSS Links..........[ 5 ]
99[+] Extracting Javascript Links...[ 5 ]
100[+] Extracting Internal Links.....[ 28 ]
101[+] Extracting External Links.....[ 6 ]
102[+] Extracting Images.............[ 7 ]
103
104[+] Total Links Extracted : 51
105
106[+] Dumping Links in /opt/FinalRecon/dumps/freeflorida.org.dump
107[+] Completed!
108#######################################################################################################################################
109[i] Scanning Site: https://freeflorida.org
110
111
112
113B A S I C I N F O
114====================
115
116
117[+] Site Title: The Florida League of the South – We Dare to Resist
118[+] IP address: 192.185.138.18
119[+] Web Server: Apache
120[+] CMS: WordPress
121[+] Cloudflare: Not Detected
122[+] Robots File: Found
123
124-------------[ contents ]----------------
125User-agent: *
126Crawl-Delay: 20
127
128-----------[end of contents]-------------
129
130
131
132W H O I S L O O K U P
133========================
134
135 Domain Name: FREEFLORIDA.ORG
136Registry Domain ID: D8824055-LROR
137Registrar WHOIS Server: whois.enom.com
138Registrar URL: http://www.enom.com
139Updated Date: 2019-07-22T16:36:40Z
140Creation Date: 1999-08-04T14:12:55Z
141Registry Expiry Date: 2020-08-04T14:12:47Z
142Registrar Registration Expiration Date:
143Registrar: eNom, Inc.
144Registrar IANA ID: 48
145Registrar Abuse Contact Email: abuse@enom.com
146Registrar Abuse Contact Phone: +1.4252982646
147Reseller:
148Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
149Registrant Organization: Joseph Cole
150Registrant State/Province: FL
151Registrant Country: US
152Name Server: NS1.DIXIEINTERNET.NET
153Name Server: NS2.DIXIEINTERNET.NET
154DNSSEC: unsigned
155URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
156>>> Last update of WHOIS database: 2019-11-25T18:38:18Z <<<
157
158For more information on Whois status codes, please visit https://icann.org/epp
159
160
161
162
163
164G E O I P L O O K U P
165=========================
166
167[i] IP Address: 192.185.138.18
168[i] Country: United States
169[i] State: Texas
170[i] City: Houston
171[i] Latitude: 29.8284
172[i] Longitude: -95.4696
173
174
175
176
177H T T P H E A D E R S
178=======================
179
180
181[i] HTTP/1.1 200 OK
182[i] Date: Mon, 25 Nov 2019 18:39:19 GMT
183[i] Server: Apache
184[i] Upgrade: h2,h2c
185[i] Connection: Upgrade, close
186[i] Last-Modified: Fri, 08 Nov 2019 16:08:33 GMT
187[i] Accept-Ranges: bytes
188[i] Content-Length: 47859
189[i] Vary: Accept-Encoding
190[i] Content-Type: text/html
191
192
193
194
195D N S L O O K U P
196===================
197
198freeflorida.org. 59 IN MX 0 freeflorida.org.
199freeflorida.org. 21599 IN SOA ns903.websitewelcome.com. msrebel54.gmail.com. 2019112201 86400 7200 3600000 86400
200freeflorida.org. 21599 IN NS ns903.websitewelcome.com.
201freeflorida.org. 21599 IN NS ns904.websitewelcome.com.
202freeflorida.org. 59 IN A 192.185.138.18
203
204
205
206
207S U B N E T C A L C U L A T I O N
208====================================
209
210Address = 192.185.138.18
211Network = 192.185.138.18 / 32
212Netmask = 255.255.255.255
213Broadcast = not needed on Point-to-Point links
214Wildcard Mask = 0.0.0.0
215Hosts Bits = 0
216Max. Hosts = 1 (2^0 - 0)
217Host Range = { 192.185.138.18 - 192.185.138.18 }
218
219
220
221N M A P P O R T S C A N
222============================
223
224Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-25 18:39 UTC
225Nmap scan report for freeflorida.org (192.185.138.18)
226Host is up (0.041s latency).
227rDNS record for 192.185.138.18: 192-185-138-18.unifiedlayer.com
228
229PORT STATE SERVICE
23021/tcp open ftp
23122/tcp filtered ssh
23223/tcp closed telnet
23380/tcp open http
234110/tcp open pop3
235143/tcp open imap
236443/tcp open https
2373389/tcp closed ms-wbt-server
238
239Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds
240
241
242
243S U B - D O M A I N F I N D E R
244==================================
245
246
247[i] Total Subdomains Found : 8
248
249[+] Subdomain: cpanel.freeflorida.org
250[-] IP: 192.185.138.18
251
252[+] Subdomain: webmail.freeflorida.org
253[-] IP: 192.185.138.18
254
255[+] Subdomain: chipin.freeflorida.org
256[-] IP: 192.185.138.18
257
258[+] Subdomain: www.chipin.freeflorida.org
259[-] IP: 192.185.138.18
260
261[+] Subdomain: autodiscover.freeflorida.org
262[-] IP: 192.185.138.18
263
264[+] Subdomain: connect.freeflorida.org
265[-] IP: 159.203.68.206
266
267[+] Subdomain: webmail.connect.freeflorida.org
268[-] IP: 159.203.68.206
269
270[+] Subdomain: www.connect.freeflorida.org
271[-] IP: 159.203.68.206
272
273#######################################################################################################################################
274[+] Starting At 2019-11-25 13:39:15.502581
275[+] Collecting Information On: https://freeflorida.org/
276[#] Status: 200
277--------------------------------------------------
278[#] Web Server Detected: Apache
279[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
280- Date: Mon, 25 Nov 2019 18:39:16 GMT
281- Server: Apache
282- Upgrade: h2,h2c
283- Connection: Upgrade, Keep-Alive
284- Last-Modified: Fri, 08 Nov 2019 16:08:33 GMT
285- Accept-Ranges: bytes
286- Vary: Accept-Encoding
287- Content-Encoding: gzip
288- Keep-Alive: timeout=5, max=75
289- Transfer-Encoding: chunked
290- Content-Type: text/html
291--------------------------------------------------
292[#] Finding Location..!
293[#] status: success
294[#] country: United States
295[#] countryCode: US
296[#] region: TX
297[#] regionName: Texas
298[#] city: Houston
299[#] zip: 77092
300[#] lat: 29.8135
301[#] lon: -95.4641
302[#] timezone: America/Chicago
303[#] isp: Unified Layer
304[#] org: WEBSITEWELCOME.COM
305[#] as: AS46606 Unified Layer
306[#] query: 192.185.138.18
307--------------------------------------------------
308[x] Didn't Detect WAF Presence on: https://freeflorida.org/
309--------------------------------------------------
310[#] Starting Reverse DNS
311[-] Failed ! Fail
312--------------------------------------------------
313[!] Scanning Open Port
314[#] 21/tcp open ftp
315[#] 26/tcp open rsftp
316[#] 53/tcp open domain
317[#] 80/tcp open http
318[#] 110/tcp open pop3
319[#] 143/tcp open imap
320[#] 443/tcp open https
321[#] 465/tcp open smtps
322[#] 587/tcp open submission
323[#] 993/tcp open imaps
324[#] 995/tcp open pop3s
325[#] 2222/tcp open EtherNetIP-1
326[#] 3306/tcp open mysql
327--------------------------------------------------
328[+] Collecting Information Disclosure!
329[#] Detecting sitemap.xml file
330[-] sitemap.xml file not Found!?
331[#] Detecting robots.txt file
332[!] robots.txt File Found: https://freeflorida.org//robots.txt
333[#] Detecting GNU Mailman
334[!] GNU Mailman App Detected: https://freeflorida.org//mailman/admin
335[!] version: 2.1.27
336--------------------------------------------------
337[+] Crawling Url Parameter On: https://freeflorida.org/
338--------------------------------------------------
339[#] Searching Html Form !
340[-] No Html Form Found!?
341--------------------------------------------------
342[!] Found 1 dom parameter
343[#] https://freeflorida.org//#content
344--------------------------------------------------
345[!] 1 Internal Dynamic Parameter Discovered
346[+] http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180
347--------------------------------------------------
348[!] 4 External Dynamic Parameter Discovered
349[#] https://confederatetn.wordpress.com/xmlrpc.php?rsd
350[#] https://www.goodsearch.org/?charityid=826416
351[#] https://www.goodsearch.org/?charityid=826416
352[#] https://www.goodsearch.org/?charityid=826416
353--------------------------------------------------
354[!] 39 Internal links Discovered
355[+] http://freeflorida.org/images/bonnieblue.ico
356[+] https://freeflorida.org/chipin/support.html
357[+] https://connect.freeflorida.org/
358[+] http://freeflorida.org/contact.html
359[+] http://freeflorida.org/Media-1.html
360[+] https://freeflorida.org//Http://freeflorida.org
361[+] http://freeflorida.org
362[+] http://freeflorida.org/whatistheleague.html
363[+] http://freeflorida.org/corebeliefs.html
364[+] http://freeflorida.org/strategy.html
365[+] http://freeflorida.org/thefederalflag.html
366[+] http://freeflorida.org/thepledge.html
367[+] http://freeflorida.org/ffi.html
368[+] http://freeflorida.org/southern_nation.html
369[+] http://freeflorida.org/florida_republic.html
370[+] http://freeflorida.org/reform.html
371[+] http://freeflorida.org/kithandkin.html
372[+] http://freeflorida.org/league_theocracy.html
373[+] http://freeflorida.org/great_divide.html
374[+] http://freeflorida.org/islamic_invasion.html
375[+] http://freeflorida.org
376[+] https://connect.freeflorida.org/product-category/merchandise//
377[+] https://freeflorida.org/
378[+] http://freeflorida.org/
379[+] https://freeflorida.org//archives/florida-politicians-play-sneaky-with-immigration.html
380[+] https://freeflorida.org//archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
381[+] http://freeflorida.org/noliberty.html
382[+] http://freeflorida.org/noliberty.html
383[+] http://freeflorida.org/secession/
384[+] http://freeflorida.org/repeal/
385[+] http://freeflorida.org/repeal/
386[+] https://freeflorida.org/chipin/join.html
387[+] https://connect.freeflorida.org/product-category/merchandise/
388[+] http://freeflorida.org/states_rights1.html
389[+] http://freeflorida.org/contact.html
390[+] https://freeflorida.org/chipin/support.html
391[+] http://freeflorida.org/secession/
392[+] http://freeflorida.org/secession/
393[+] http://freeflorida.org/
394--------------------------------------------------
395[!] 11 External links Discovered
396[#] http://gmpg.org/xfn/11
397[#] https://confederatetn.org/feed/
398[#] https://confederatetn.org/comments/feed/
399[#] https://s1.wp.com/wp-includes/wlwmanifest.xml
400[#] https://confederatetn.org/osd.xml
401[#] https://s1.wp.com/opensearch.xml
402[#] http://coolchange.net/discussions/index.html
403[#] http://leagueofthesouth.com/
404[#] http://www.buysouthern.info/
405[#] http://thesnc.org/
406[#] http://www.coffeecamp.org/
407--------------------------------------------------
408[#] Mapping Subdomain..
409[!] Found 9 Subdomain
410- webdisk.freeflorida.org
411- cpanel.freeflorida.org
412- webmail.freeflorida.org
413- chipin.freeflorida.org
414- www.chipin.freeflorida.org
415- autodiscover.freeflorida.org
416- connect.freeflorida.org
417- webmail.connect.freeflorida.org
418- www.connect.freeflorida.org
419--------------------------------------------------
420[!] Done At 2019-11-25 13:39:25.756313
421#######################################################################################################################################
422Trying "freeflorida.org"
423;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13114
424;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
425
426;; QUESTION SECTION:
427;freeflorida.org. IN ANY
428
429;; ANSWER SECTION:
430freeflorida.org. 0 IN A 192.185.138.18
431freeflorida.org. 0 IN SOA ns903.websitewelcome.com. msrebel54.gmail.com. 2019112201 86400 7200 3600000 86400
432freeflorida.org. 0 IN MX 0 freeflorida.org.
433freeflorida.org. 0 IN NS ns904.websitewelcome.com.
434freeflorida.org. 0 IN NS ns903.websitewelcome.com.
435
436;; AUTHORITY SECTION:
437freeflorida.org. 43199 IN NS ns904.websitewelcome.com.
438freeflorida.org. 43199 IN NS ns903.websitewelcome.com.
439
440Received 203 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 197 ms
441#######################################################################################################################################
442; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace freeflorida.org any
443;; global options: +cmd
444. 80583 IN NS b.root-servers.net.
445. 80583 IN NS m.root-servers.net.
446. 80583 IN NS a.root-servers.net.
447. 80583 IN NS c.root-servers.net.
448. 80583 IN NS j.root-servers.net.
449. 80583 IN NS h.root-servers.net.
450. 80583 IN NS g.root-servers.net.
451. 80583 IN NS i.root-servers.net.
452. 80583 IN NS f.root-servers.net.
453. 80583 IN NS l.root-servers.net.
454. 80583 IN NS e.root-servers.net.
455. 80583 IN NS k.root-servers.net.
456. 80583 IN NS d.root-servers.net.
457. 80583 IN RRSIG NS 8 0 518400 20191208050000 20191125040000 22545 . DES5nuyj3DGIteRe7CA3Qb+VnUrNG4ii2jkh6JbXQheBjpUcCVsDZcLx qpZP8Yuzx5DSQeNGy+pCZkJ9NWS1VUq1vRw7a4j/3/eQceItEbbuz0ub OU/LATveyZiCNif6zSpNk1J/+PjVjTXpmQtNSrUC1hzRPuqwaM1mq+jO TBHUCQ+d9lVbDvxiBY0BpqenDAvr+g6eocUpE+zkVd6Hi63uFa8EtqN4 GDZiHUKWfa4sNJfJ+K93smt0jmL2koK+fbGfe5LrFSEqRAqD622cYIwC lYrVAXCQk6GMoB2M6XhsEq8Rs7JF67wF34JgJIGpil1RiZBPHarEOHyD 1donaQ==
458;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 154 ms
459
460org. 172800 IN NS a0.org.afilias-nst.info.
461org. 172800 IN NS a2.org.afilias-nst.info.
462org. 172800 IN NS b0.org.afilias-nst.org.
463org. 172800 IN NS b2.org.afilias-nst.org.
464org. 172800 IN NS c0.org.afilias-nst.info.
465org. 172800 IN NS d0.org.afilias-nst.org.
466org. 86400 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
467org. 86400 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5
468org. 86400 IN RRSIG DS 8 1 86400 20191208170000 20191125160000 22545 . F0wtX++PCjofeqiidGe7do/g0442a318f9ZDCafbRQ3jvN3Mk9lrfH9X V0Tc25ttOAQE0HxDtOfpBnV1jIN272He14GjzmYGJDTRjq4xY3IAJl+l /gIWktXULqf1a7JnVgic66FngTBg5MPMmQ0ZU1FmEQZZ2noi4ahhP5Rj /aJn3OWJCKyv0hsA5W6JN6ScFqxMK1Savu8hqgCfbHVLhXUOHGhKJcOU qnQAUnWxJqZ31ezcbUjhUWnb8UudKV4l84G/uoQw+c+EZtTdRSy7mwiL yk1e3kHwn2rNaRzNHPfxF0o5+1Xa+g85ajnsRsPFehEAG8gbERSBb058 JPSCGQ==
469;; Received 817 bytes from 199.7.83.42#53(l.root-servers.net) in 220 ms
470
471freeflorida.org. 86400 IN NS ns2.dixieinternet.net.
472freeflorida.org. 86400 IN NS ns1.dixieinternet.net.
473h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
474h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20191216184225 20191125174225 11324 org. sR8ZzG8u3OO76NZNlhFsEHjvAXf/OQfsYbWJ8uZ3gh5Xa+KveFNqp2uA YoHhaFug/bHC6xF6yfZg7Gxq/iQA3waR7p1Z0Wk3Hw5gdOcOlWZb3peT SG14MlgugNBj749o84JDktB5674+ZdhITlVKjlW7W62VuU2VO1Kdm+KZ JvY=
4754n6hnt0vpdb8t35b68dg71avc12g0f5l.org. 86400 IN NSEC3 1 1 1 D399EAAB 4N77CV5M67A99FT8V49K0OJQOQ19F0FO NS DS RRSIG
4764n6hnt0vpdb8t35b68dg71avc12g0f5l.org. 86400 IN RRSIG NSEC3 7 2 86400 20191216152802 20191125142802 11324 org. KSxgrqWyME9k6iucyPsIjUzhktH+vTvuqGiSxpHpUzHtWntxeZcyIBIR KxbzdW9ffyKkrNki4fWLPQ6am/kbRe4An2dzjEVKzH1XnjwzgCvKFsXZ AVE5PMELRX3uOzqk22Wh29KXx8qxe5IUNJ8Kr3goXM8sF4saGEmkrcWm bgk=
477;; Received 618 bytes from 199.19.57.1#53(d0.org.afilias-nst.org) in 146 ms
478
479freeflorida.org. 60 IN MX 0 freeflorida.org.
480freeflorida.org. 86400 IN SOA ns903.websitewelcome.com. msrebel54.gmail.com. 2019112201 86400 7200 3600000 86400
481freeflorida.org. 86400 IN NS ns903.websitewelcome.com.
482freeflorida.org. 86400 IN NS ns904.websitewelcome.com.
483freeflorida.org. 60 IN A 192.185.138.18
484;; Received 234 bytes from 192.185.138.160#53(ns2.dixieinternet.net) in 193 ms
485#######################################################################################################################################
486[*] Performing General Enumeration of Domain: freeflorida.org
487[-] DNSSEC is not configured for freeflorida.org
488[*] SOA ns903.websitewelcome.com 192.185.138.16
489[*] NS ns903.websitewelcome.com 192.185.138.16
490[*] Bind Version for 192.185.138.16 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
491[*] NS ns904.websitewelcome.com 192.185.138.160
492[*] Bind Version for 192.185.138.160 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
493[*] MX freeflorida.org 192.185.138.18
494[*] A freeflorida.org 192.185.138.18
495[*] Enumerating SRV Records
496[*] SRV _caldav._tcp.freeflorida.org trailblazer.websitewelcome.com 192.185.82.117 2079 0
497[*] SRV _carddav._tcp.freeflorida.org trailblazer.websitewelcome.com 192.185.82.117 2079 0
498[*] SRV _caldavs._tcp.freeflorida.org trailblazer.websitewelcome.com 192.185.82.117 2080 0
499[*] SRV _carddavs._tcp.freeflorida.org trailblazer.websitewelcome.com 192.185.82.117 2080 0
500[*] SRV _autodiscover._tcp.freeflorida.org cpanelemaildiscovery.cpanel.net 208.74.123.37 443 0
501[*] SRV _autodiscover._tcp.freeflorida.org cpanelemaildiscovery.cpanel.net 208.74.120.196 443 0
502[*] SRV _autodiscover._tcp.freeflorida.org cpanelemaildiscovery.cpanel.net 208.74.120.173 443 0
503[+] 7 Records Found
504#######################################################################################################################################
505[*] Processing domain freeflorida.org
506[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
507[+] Getting nameservers
508192.185.138.16 - ns903.websitewelcome.com
509192.185.138.160 - ns904.websitewelcome.com
510[-] Zone transfer failed
511
512[+] MX records found, added to target list
5130 freeflorida.org.
514
515[*] Scanning freeflorida.org for A records
516192.185.138.18 - freeflorida.org
517192.185.138.18 - autoconfig.freeflorida.org
518192.185.138.18 - autodiscover.freeflorida.org
519159.203.68.206 - connect.freeflorida.org
520192.185.138.18 - cpanel.freeflorida.org
521192.185.138.18 - ftp.freeflorida.org
522127.0.0.1 - localhost.freeflorida.org
523192.185.138.18 - mail.freeflorida.org
524192.185.138.18 - new.freeflorida.org
525192.185.138.18 - webdisk.freeflorida.org
526192.185.138.18 - webmail.freeflorida.org
527192.185.138.18 - whm.freeflorida.org
528192.185.138.18 - www.freeflorida.org
529#######################################################################################################################################
530
531
532 AVAILABLE PLUGINS
533 -----------------
534
535 HttpHeadersPlugin
536 FallbackScsvPlugin
537 OpenSslCipherSuitesPlugin
538 EarlyDataPlugin
539 CertificateInfoPlugin
540 HeartbleedPlugin
541 RobotPlugin
542 OpenSslCcsInjectionPlugin
543 CompressionPlugin
544 SessionRenegotiationPlugin
545 SessionResumptionPlugin
546
547
548
549 CHECKING HOST(S) AVAILABILITY
550 -----------------------------
551
552 192.185.138.18:443 => 192.185.138.18
553
554
555
556
557 SCAN RESULTS FOR 192.185.138.18:443 - 192.185.138.18
558 ----------------------------------------------------
559
560 * TLSV1_3 Cipher Suites:
561 Server rejected all cipher suites.
562
563 * ROBOT Attack:
564 OK - Not vulnerable, RSA cipher suites not supported
565
566 * Downgrade Attacks:
567 TLS_FALLBACK_SCSV: OK - Supported
568
569 * Session Renegotiation:
570 Client-initiated Renegotiation: OK - Rejected
571 Secure Renegotiation: OK - Supported
572
573 * Certificate Information:
574 Content
575 SHA1 Fingerprint: c79a17855dc8ad731c7b0dae8d54e2c0a82557bc
576 Common Name: *.websitewelcome.com
577 Issuer: COMODO RSA Domain Validation Secure Server CA
578 Serial Number: 115169958126769181296328723513757132044
579 Not Before: 2018-10-15 00:00:00
580 Not After: 2020-10-21 23:59:59
581 Signature Algorithm: sha256
582 Public Key Algorithm: RSA
583 Key Size: 2048
584 Exponent: 65537 (0x10001)
585 DNS Subject Alternative Names: ['*.websitewelcome.com', 'websitewelcome.com']
586
587 Trust
588 Hostname Validation: FAILED - Certificate does NOT match 192.185.138.18
589 Android CA Store (9.0.0_r9): OK - Certificate is trusted
590 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
591 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
592 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
593 Windows CA Store (2019-05-27): OK - Certificate is trusted
594 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
595 Received Chain: *.websitewelcome.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
596 Verified Chain: *.websitewelcome.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
597 Received Chain Contains Anchor: OK - Anchor certificate not sent
598 Received Chain Order: OK - Order is valid
599 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
600
601 Extensions
602 OCSP Must-Staple: NOT SUPPORTED - Extension not found
603 Certificate Transparency: OK - 3 SCTs included
604
605 OCSP Stapling
606 NOT SUPPORTED - Server did not send back an OCSP response
607
608 * TLS 1.2 Session Resumption Support:
609 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
610 With TLS Tickets: OK - Supported
611
612 * OpenSSL Heartbleed:
613 OK - Not vulnerable to Heartbleed
614
615 * TLSV1_1 Cipher Suites:
616Unhandled exception while running --tlsv1_1:
617timeout - timed out
618
619 * TLSV1_2 Cipher Suites:
620Unhandled exception while running --tlsv1_2:
621timeout - timed out
622
623 * OpenSSL CCS Injection:
624Unhandled exception while running --openssl_ccs:
625timeout - timed out
626
627 * SSLV2 Cipher Suites:
628 Server rejected all cipher suites.
629 Undefined - An unexpected error happened:
630 SSL_CK_RC4_128_WITH_MD5 timeout - timed out
631 SSL_CK_RC4_128_EXPORT40_WITH_MD5 timeout - timed out
632 SSL_CK_RC2_128_CBC_WITH_MD5 timeout - timed out
633 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 timeout - timed out
634 SSL_CK_IDEA_128_CBC_WITH_MD5 timeout - timed out
635 SSL_CK_DES_64_CBC_WITH_MD5 timeout - timed out
636 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 timeout - timed out
637
638 * Deflate Compression:
639Unhandled exception while running --compression:
640timeout - timed out
641
642 * TLSV1 Cipher Suites:
643 Server rejected all cipher suites.
644 Undefined - An unexpected error happened:
645 TLS_RSA_WITH_SEED_CBC_SHA timeout - timed out
646 TLS_RSA_WITH_RC4_128_SHA timeout - timed out
647 TLS_RSA_WITH_RC4_128_MD5 timeout - timed out
648 TLS_RSA_WITH_NULL_SHA256 timeout - timed out
649 TLS_RSA_WITH_NULL_SHA timeout - timed out
650 TLS_RSA_WITH_NULL_MD5 timeout - timed out
651 TLS_RSA_WITH_IDEA_CBC_SHA timeout - timed out
652 TLS_RSA_WITH_DES_CBC_SHA timeout - timed out
653 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
654 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
655 TLS_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
656 TLS_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
657 TLS_RSA_WITH_AES_256_CBC_SHA timeout - timed out
658 TLS_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
659 TLS_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
660 TLS_RSA_WITH_AES_128_CBC_SHA timeout - timed out
661 TLS_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
662 TLS_RSA_EXPORT_WITH_RC4_40_MD5 timeout - timed out
663 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 timeout - timed out
664 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
665 TLS_ECDH_anon_WITH_RC4_128_SHA timeout - timed out
666 TLS_ECDH_anon_WITH_NULL_SHA timeout - timed out
667 TLS_ECDH_anon_WITH_AES_256_CBC_SHA timeout - timed out
668 TLS_ECDH_anon_WITH_AES_128_CBC_SHA timeout - timed out
669 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA timeout - timed out
670 TLS_ECDH_RSA_WITH_RC4_128_SHA timeout - timed out
671 TLS_ECDH_RSA_WITH_NULL_SHA timeout - timed out
672 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
673 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
674 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
675 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
676 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
677 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
678 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
679 TLS_ECDH_ECDSA_WITH_RC4_128_SHA timeout - timed out
680 TLS_ECDH_ECDSA_WITH_NULL_SHA timeout - timed out
681 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
682 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
683 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
684 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
685 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
686 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
687 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
688 TLS_ECDHE_RSA_WITH_RC4_128_SHA timeout - timed out
689 TLS_ECDHE_RSA_WITH_NULL_SHA timeout - timed out
690 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
691 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
692 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
693 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
694 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
695 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
696 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
697 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA timeout - timed out
698 TLS_ECDHE_ECDSA_WITH_NULL_SHA timeout - timed out
699 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
700 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
701 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
702 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
703 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
704 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
705 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
706 TLS_DH_anon_WITH_SEED_CBC_SHA timeout - timed out
707 TLS_DH_anon_WITH_RC4_128_MD5 timeout - timed out
708 TLS_DH_anon_WITH_DES_CBC_SHA timeout - timed out
709 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
710 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
711 TLS_DH_anon_WITH_AES_256_GCM_SHA384 timeout - timed out
712 TLS_DH_anon_WITH_AES_256_CBC_SHA256 timeout - timed out
713 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
714 TLS_DH_anon_WITH_AES_128_GCM_SHA256 timeout - timed out
715 TLS_DH_anon_WITH_AES_128_CBC_SHA256 timeout - timed out
716 TLS_DH_anon_WITH_AES_128_CBC_SHA timeout - timed out
717 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA timeout - timed out
718 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 timeout - timed out
719 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
720 TLS_DH_RSA_WITH_SEED_CBC_SHA timeout - timed out
721 TLS_DH_RSA_WITH_DES_CBC_SHA timeout - timed out
722 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
723 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
724 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
725 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
726 TLS_DH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
727 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
728 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
729 TLS_DH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
730 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
731 TLS_DH_DSS_WITH_SEED_CBC_SHA timeout - timed out
732 TLS_DH_DSS_WITH_DES_CBC_SHA timeout - timed out
733 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
734 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
735 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
736 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
737 TLS_DH_DSS_WITH_AES_256_CBC_SHA timeout - timed out
738 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 timeout - timed out
739 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
740 TLS_DH_DSS_WITH_AES_128_CBC_SHA timeout - timed out
741 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA timeout - timed out
742 TLS_DHE_RSA_WITH_SEED_CBC_SHA timeout - timed out
743 TLS_DHE_RSA_WITH_DES_CBC_SHA timeout - timed out
744 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
745 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
746 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
747 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
748 TLS_DHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
749 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
750 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
751 TLS_DHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
752 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
753 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
754 TLS_DHE_DSS_WITH_SEED_CBC_SHA timeout - timed out
755 TLS_DHE_DSS_WITH_DES_CBC_SHA timeout - timed out
756 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
757 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
758 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
759 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
760 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
761 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 timeout - timed out
762 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
763 TLS_DHE_DSS_WITH_AES_128_CBC_SHA timeout - timed out
764 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA timeout - timed out
765 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
766
767 * SSLV3 Cipher Suites:
768 Server rejected all cipher suites.
769 Undefined - An unexpected error happened:
770 TLS_RSA_WITH_SEED_CBC_SHA timeout - timed out
771 TLS_RSA_WITH_RC4_128_SHA timeout - timed out
772 TLS_RSA_WITH_RC4_128_MD5 timeout - timed out
773 TLS_RSA_WITH_NULL_SHA256 timeout - timed out
774 TLS_RSA_WITH_NULL_SHA timeout - timed out
775 TLS_RSA_WITH_IDEA_CBC_SHA timeout - timed out
776 TLS_RSA_WITH_DES_CBC_SHA timeout - timed out
777 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
778 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
779 TLS_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
780 TLS_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
781 TLS_RSA_WITH_AES_256_CBC_SHA timeout - timed out
782 TLS_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
783 TLS_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
784 TLS_RSA_WITH_AES_128_CBC_SHA timeout - timed out
785 TLS_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
786 TLS_RSA_EXPORT_WITH_RC4_40_MD5 timeout - timed out
787 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 timeout - timed out
788 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
789 TLS_ECDH_anon_WITH_RC4_128_SHA timeout - timed out
790 TLS_ECDH_anon_WITH_NULL_SHA timeout - timed out
791 TLS_ECDH_anon_WITH_AES_256_CBC_SHA timeout - timed out
792 TLS_ECDH_anon_WITH_AES_128_CBC_SHA timeout - timed out
793 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA timeout - timed out
794 TLS_ECDH_RSA_WITH_RC4_128_SHA timeout - timed out
795 TLS_ECDH_RSA_WITH_NULL_SHA timeout - timed out
796 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
797 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
798 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
799 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
800 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
801 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
802 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
803 TLS_ECDH_ECDSA_WITH_RC4_128_SHA timeout - timed out
804 TLS_ECDH_ECDSA_WITH_NULL_SHA timeout - timed out
805 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
806 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
807 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
808 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
809 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
810 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
811 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
812 TLS_ECDHE_RSA_WITH_RC4_128_SHA timeout - timed out
813 TLS_ECDHE_RSA_WITH_NULL_SHA timeout - timed out
814 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
815 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
816 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
817 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
818 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
819 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
820 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
821 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA timeout - timed out
822 TLS_ECDHE_ECDSA_WITH_NULL_SHA timeout - timed out
823 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
824 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
825 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
826 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
827 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
828 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
829 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
830 TLS_DH_anon_WITH_SEED_CBC_SHA timeout - timed out
831 TLS_DH_anon_WITH_RC4_128_MD5 timeout - timed out
832 TLS_DH_anon_WITH_DES_CBC_SHA timeout - timed out
833 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
834 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
835 TLS_DH_anon_WITH_AES_256_GCM_SHA384 timeout - timed out
836 TLS_DH_anon_WITH_AES_256_CBC_SHA256 timeout - timed out
837 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
838 TLS_DH_anon_WITH_AES_128_GCM_SHA256 timeout - timed out
839 TLS_DH_anon_WITH_AES_128_CBC_SHA256 timeout - timed out
840 TLS_DH_anon_WITH_AES_128_CBC_SHA timeout - timed out
841 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA timeout - timed out
842 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 timeout - timed out
843 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
844 TLS_DH_RSA_WITH_SEED_CBC_SHA timeout - timed out
845 TLS_DH_RSA_WITH_DES_CBC_SHA timeout - timed out
846 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
847 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
848 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
849 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
850 TLS_DH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
851 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
852 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
853 TLS_DH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
854 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
855 TLS_DH_DSS_WITH_SEED_CBC_SHA timeout - timed out
856 TLS_DH_DSS_WITH_DES_CBC_SHA timeout - timed out
857 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
858 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
859 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
860 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
861 TLS_DH_DSS_WITH_AES_256_CBC_SHA timeout - timed out
862 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 timeout - timed out
863 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
864 TLS_DH_DSS_WITH_AES_128_CBC_SHA timeout - timed out
865 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA timeout - timed out
866 TLS_DHE_RSA_WITH_SEED_CBC_SHA timeout - timed out
867 TLS_DHE_RSA_WITH_DES_CBC_SHA timeout - timed out
868 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
869 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
870 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
871 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
872 TLS_DHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
873 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
874 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
875 TLS_DHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
876 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
877 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
878 TLS_DHE_DSS_WITH_SEED_CBC_SHA timeout - timed out
879 TLS_DHE_DSS_WITH_DES_CBC_SHA timeout - timed out
880 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
881 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
882 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
883 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
884 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
885 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 timeout - timed out
886 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
887 TLS_DHE_DSS_WITH_AES_128_CBC_SHA timeout - timed out
888 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA timeout - timed out
889 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
890
891
892 SCAN COMPLETED IN 323.56 S
893 --------------------------
894#######################################################################################################################################
895Domains still to check: 1
896 Checking if the hostname freeflorida.org. given is in fact a domain...
897
898Analyzing domain: freeflorida.org.
899 Checking NameServers using system default resolver...
900 IP: 192.185.138.16 (United States)
901 HostName: ns903.websitewelcome.com Type: NS
902 HostName: ns903.websitewelcome.com Type: PTR
903 IP: 192.185.138.160 (United States)
904 HostName: ns904.websitewelcome.com Type: NS
905 HostName: ns904.websitewelcome.com Type: PTR
906
907 Checking MailServers using system default resolver...
908 IP: 192.185.138.18 (United States)
909 HostName: freeflorida.org Type: MX
910 HostName: 192-185-138-18.unifiedlayer.com Type: PTR
911
912 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
913 No zone transfer found on nameserver 192.185.138.16
914 No zone transfer found on nameserver 192.185.138.160
915
916 Checking SPF record...
917 No SPF record
918
919 Checking 192 most common hostnames using system default resolver...
920 IP: 192.185.138.18 (United States)
921 HostName: freeflorida.org Type: MX
922 HostName: 192-185-138-18.unifiedlayer.com Type: PTR
923 HostName: www.freeflorida.org. Type: A
924 IP: 192.185.138.18 (United States)
925 HostName: freeflorida.org Type: MX
926 HostName: 192-185-138-18.unifiedlayer.com Type: PTR
927 HostName: www.freeflorida.org. Type: A
928 HostName: ftp.freeflorida.org. Type: A
929 IP: 192.185.138.18 (United States)
930 HostName: freeflorida.org Type: MX
931 HostName: 192-185-138-18.unifiedlayer.com Type: PTR
932 HostName: www.freeflorida.org. Type: A
933 HostName: ftp.freeflorida.org. Type: A
934 HostName: mail.freeflorida.org. Type: A
935 IP: 192.185.138.18 (United States)
936 HostName: freeflorida.org Type: MX
937 HostName: 192-185-138-18.unifiedlayer.com Type: PTR
938 HostName: www.freeflorida.org. Type: A
939 HostName: ftp.freeflorida.org. Type: A
940 HostName: mail.freeflorida.org. Type: A
941 HostName: webmail.freeflorida.org. Type: A
942
943 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
944 Checking netblock 192.185.138.0
945
946 Searching for freeflorida.org. emails in Google
947 info@freeflorida.org�
948
949 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
950 Host 192.185.138.16 is up (reset ttl 64)
951 Host 192.185.138.160 is up (reset ttl 64)
952 Host 192.185.138.18 is up (reset ttl 64)
953
954 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
955 Scanning ip 192.185.138.16 (ns903.websitewelcome.com (PTR)):
956WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
957WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
958WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
959WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
960WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
961WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
962WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
963WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
964WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
965WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
966WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
967WARNING: RST from 192.185.138.16 port 26 -- is this port really open?
968 Scanning ip 192.185.138.160 (ns904.websitewelcome.com (PTR)):
969 53/tcp open domain syn-ack ttl 46 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
970 | dns-nsid:
971 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
972 80/tcp open http syn-ack ttl 47 Apache httpd
973 |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
974 | http-methods:
975 |_ Supported Methods: GET HEAD POST OPTIONS
976 |_http-server-header: Apache
977 | http-title: 404 - PAGE NOT FOUND
978 |_Requested resource was /404.html
979 |_http-trane-info: Problem with XML parsing of /evox/about
980 110/tcp open pop3 syn-ack ttl 47 Dovecot pop3d
981 |_pop3-capabilities: SASL(PLAIN LOGIN) STLS UIDL TOP USER CAPA PIPELINING RESP-CODES AUTH-RESP-CODE
982 | ssl-cert: Subject: commonName=*.websitewelcome.com
983 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
984 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
985 | Public Key type: rsa
986 | Public Key bits: 2048
987 | Signature Algorithm: sha256WithRSAEncryption
988 | Not valid before: 2018-10-15T00:00:00
989 | Not valid after: 2020-10-21T23:59:59
990 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
991 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
992 |_ssl-date: 2019-11-25T18:51:48+00:00; -1s from scanner time.
993 143/tcp open imap syn-ack ttl 46 Dovecot imapd
994 |_imap-capabilities: Pre-login IMAP4rev1 more OK capabilities NAMESPACE AUTH=PLAIN AUTH=LOGINA0001 ID LOGIN-REFERRALS ENABLE post-login IDLE have STARTTLS LITERAL+ SASL-IR listed
995 | ssl-cert: Subject: commonName=*.websitewelcome.com
996 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
997 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
998 | Public Key type: rsa
999 | Public Key bits: 2048
1000 | Signature Algorithm: sha256WithRSAEncryption
1001 | Not valid before: 2018-10-15T00:00:00
1002 | Not valid after: 2020-10-21T23:59:59
1003 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1004 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1005 |_ssl-date: 2019-11-25T18:51:48+00:00; -1s from scanner time.
1006 443/tcp open ssl/http syn-ack ttl 46 Apache httpd
1007 |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
1008 | http-methods:
1009 |_ Supported Methods: GET HEAD POST OPTIONS
1010 |_http-server-header: Apache
1011 | http-title: 404 - PAGE NOT FOUND
1012 |_Requested resource was /404.html
1013 |_http-trane-info: Problem with XML parsing of /evox/about
1014 | ssl-cert: Subject: commonName=*.websitewelcome.com
1015 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1016 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1017 | Public Key type: rsa
1018 | Public Key bits: 2048
1019 | Signature Algorithm: sha256WithRSAEncryption
1020 | Not valid before: 2018-10-15T00:00:00
1021 | Not valid after: 2020-10-21T23:59:59
1022 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1023 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1024 |_ssl-date: TLS randomness does not represent time
1025 | tls-alpn:
1026 | h2
1027 |_ http/1.1
1028 993/tcp open ssl/imap syn-ack ttl 46 Dovecot imapd
1029 |_imap-capabilities: Pre-login IMAP4rev1 more OK capabilities NAMESPACE AUTH=PLAIN AUTH=LOGINA0001 ID LOGIN-REFERRALS ENABLE post-login IDLE have SASL-IR LITERAL+ listed
1030 | ssl-cert: Subject: commonName=*.websitewelcome.com
1031 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1032 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1033 | Public Key type: rsa
1034 | Public Key bits: 2048
1035 | Signature Algorithm: sha256WithRSAEncryption
1036 | Not valid before: 2018-10-15T00:00:00
1037 | Not valid after: 2020-10-21T23:59:59
1038 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1039 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1040 |_ssl-date: 2019-11-25T18:51:48+00:00; 0s from scanner time.
1041 995/tcp open ssl/pop3 syn-ack ttl 46 Dovecot pop3d
1042 |_pop3-capabilities: AUTH-RESP-CODE USER CAPA SASL(PLAIN LOGIN) PIPELINING UIDL TOP RESP-CODES
1043 | ssl-cert: Subject: commonName=*.websitewelcome.com
1044 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1045 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1046 | Public Key type: rsa
1047 | Public Key bits: 2048
1048 | Signature Algorithm: sha256WithRSAEncryption
1049 | Not valid before: 2018-10-15T00:00:00
1050 | Not valid after: 2020-10-21T23:59:59
1051 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1052 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1053 |_ssl-date: 2019-11-25T18:51:48+00:00; 0s from scanner time.
1054 3306/tcp open mysql syn-ack ttl 46 MySQL 5.6.41-84.1
1055 | mysql-info:
1056 | Protocol: 10
1057 | Version: 5.6.41-84.1
1058 | Thread ID: 8650589
1059 | Capabilities flags: 65535
1060 | Some Capabilities: FoundRows, Support41Auth, Speaks41ProtocolNew, LongColumnFlag, ODBCClient, LongPassword, Speaks41ProtocolOld, SwitchToSSLAfterHandshake, IgnoreSigpipes, ConnectWithDatabase, InteractiveClient, SupportsCompression, SupportsTransactions, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
1061 | Status: Autocommit
1062 | Salt: .,4`geDcGwC'8&QHSGM-
1063 |_ Auth Plugin Name: mysql_native_password
1064 | vulners:
1065 | MySQL 5.6.41-84.1:
1066 |_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
1067 OS Info: Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1068 Scanning ip 192.185.138.18 (webmail.freeflorida.org.):
1069 53/tcp open domain syn-ack ttl 46 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1070 | dns-nsid:
1071 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
1072 80/tcp open http syn-ack ttl 46 Apache httpd
1073 |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
1074 | http-methods:
1075 |_ Supported Methods: GET HEAD POST OPTIONS
1076 |_http-server-header: Apache
1077 | http-title: 404 - PAGE NOT FOUND
1078 |_Requested resource was /404.html
1079 |_http-trane-info: Problem with XML parsing of /evox/about
1080 110/tcp open pop3 syn-ack ttl 47 Dovecot pop3d
1081 |_pop3-capabilities: UIDL TOP AUTH-RESP-CODE SASL(PLAIN LOGIN) PIPELINING CAPA USER STLS RESP-CODES
1082 | ssl-cert: Subject: commonName=*.websitewelcome.com
1083 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1084 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1085 | Public Key type: rsa
1086 | Public Key bits: 2048
1087 | Signature Algorithm: sha256WithRSAEncryption
1088 | Not valid before: 2018-10-15T00:00:00
1089 | Not valid after: 2020-10-21T23:59:59
1090 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1091 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1092 |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
1093 143/tcp open imap syn-ack ttl 46 Dovecot imapd
1094 |_imap-capabilities: post-login listed NAMESPACE have SASL-IR more IDLE IMAP4rev1 LOGIN-REFERRALS ENABLE STARTTLS AUTH=PLAIN LITERAL+ OK ID Pre-login capabilities AUTH=LOGINA0001
1095 | ssl-cert: Subject: commonName=*.websitewelcome.com
1096 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1097 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1098 | Public Key type: rsa
1099 | Public Key bits: 2048
1100 | Signature Algorithm: sha256WithRSAEncryption
1101 | Not valid before: 2018-10-15T00:00:00
1102 | Not valid after: 2020-10-21T23:59:59
1103 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1104 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1105 |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
1106 443/tcp open ssl/http syn-ack ttl 47 Apache httpd
1107 |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
1108 | http-methods:
1109 |_ Supported Methods: GET HEAD POST OPTIONS
1110 |_http-server-header: Apache
1111 | http-title: 404 - PAGE NOT FOUND
1112 |_Requested resource was /404.html
1113 |_http-trane-info: Problem with XML parsing of /evox/about
1114 | ssl-cert: Subject: commonName=*.websitewelcome.com
1115 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1116 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1117 | Public Key type: rsa
1118 | Public Key bits: 2048
1119 | Signature Algorithm: sha256WithRSAEncryption
1120 | Not valid before: 2018-10-15T00:00:00
1121 | Not valid after: 2020-10-21T23:59:59
1122 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1123 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1124 |_ssl-date: TLS randomness does not represent time
1125 | tls-alpn:
1126 | h2
1127 |_ http/1.1
1128 465/tcp open ssl/smtps? syn-ack ttl 46
1129 | smtp-commands: trailblazer.websitewelcome.com Hello nmap.scanme.org [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1130 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1131 587/tcp open smtp syn-ack ttl 47 Exim smtpd 4.92
1132 | smtp-commands: trailblazer.websitewelcome.com Hello nmap.scanme.org [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
1133 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1134 | vulners:
1135 | cpe:/a:exim:exim:4.92:
1136 | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1137 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1138 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1139 993/tcp open ssl/imap syn-ack ttl 47 Dovecot imapd
1140 |_imap-capabilities: post-login listed NAMESPACE have AUTH=LOGINA0001 IDLE IMAP4rev1 LOGIN-REFERRALS ENABLE more AUTH=PLAIN LITERAL+ OK ID Pre-login capabilities SASL-IR
1141 | ssl-cert: Subject: commonName=*.websitewelcome.com
1142 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1143 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1144 | Public Key type: rsa
1145 | Public Key bits: 2048
1146 | Signature Algorithm: sha256WithRSAEncryption
1147 | Not valid before: 2018-10-15T00:00:00
1148 | Not valid after: 2020-10-21T23:59:59
1149 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1150 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1151 |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
1152 995/tcp open ssl/pop3 syn-ack ttl 46 Dovecot pop3d
1153 |_pop3-capabilities: TOP PIPELINING UIDL CAPA AUTH-RESP-CODE USER SASL(PLAIN LOGIN) RESP-CODES
1154 | ssl-cert: Subject: commonName=*.websitewelcome.com
1155 | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
1156 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1157 | Public Key type: rsa
1158 | Public Key bits: 2048
1159 | Signature Algorithm: sha256WithRSAEncryption
1160 | Not valid before: 2018-10-15T00:00:00
1161 | Not valid after: 2020-10-21T23:59:59
1162 | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
1163 |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
1164 |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
1165 3306/tcp open mysql syn-ack ttl 47 MySQL 5.6.41-84.1
1166 | mysql-info:
1167 | Protocol: 10
1168 | Version: 5.6.41-84.1
1169 | Thread ID: 8650746
1170 | Capabilities flags: 65535
1171 | Some Capabilities: Support41Auth, InteractiveClient, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, SupportsTransactions, Speaks41ProtocolNew, LongPassword, SwitchToSSLAfterHandshake, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, IgnoreSigpipes, SupportsCompression, ODBCClient, ConnectWithDatabase, LongColumnFlag, FoundRows, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
1172 | Status: Autocommit
1173 | Salt: c+Fa5%Vaf[tZBzddHzNY
1174 |_ Auth Plugin Name: mysql_native_password
1175 | vulners:
1176 | MySQL 5.6.41-84.1:
1177 |_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
1178 OS Info: Service Info: Host: trailblazer.websitewelcome.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1179 WebCrawling domain's web servers... up to 50 max links.
1180
1181 + URL to crawl: http://ns904.websitewelcome.com
1182 + Date: 2019-11-25
1183
1184 + Crawling URL: http://ns904.websitewelcome.com:
1185 + Links:
1186 + Crawling http://ns904.websitewelcome.com
1187 + Searching for directories...
1188 - Found: http://ns904.websitewelcome.com/cgi-sys/
1189 - Found: http://ns904.websitewelcome.com/cgi-sys/js/
1190 - Found: http://ns904.websitewelcome.com/cgi-sys/images/
1191 + Searching open folders...
1192 - http://ns904.websitewelcome.com/cgi-sys/ (No Open Folder)
1193 - http://ns904.websitewelcome.com/cgi-sys/js/ (403 Forbidden)
1194 - http://ns904.websitewelcome.com/cgi-sys/images/ (403 Forbidden)
1195
1196
1197 + URL to crawl: https://ns904.websitewelcome.com
1198 + Date: 2019-11-25
1199
1200 + Crawling URL: https://ns904.websitewelcome.com:
1201 + Links:
1202 + Crawling https://ns904.websitewelcome.com
1203 + Searching for directories...
1204 - Found: https://ns904.websitewelcome.com/cgi-sys/
1205 - Found: https://ns904.websitewelcome.com/cgi-sys/js/
1206 - Found: https://ns904.websitewelcome.com/cgi-sys/images/
1207 + Searching open folders...
1208 - https://ns904.websitewelcome.com/cgi-sys/ (No Open Folder)
1209 - https://ns904.websitewelcome.com/cgi-sys/js/ (403 Forbidden)
1210 - https://ns904.websitewelcome.com/cgi-sys/images/ (403 Forbidden)
1211
1212
1213 + URL to crawl: http://mail.freeflorida.org.
1214 + Date: 2019-11-25
1215
1216 + Crawling URL: http://mail.freeflorida.org.:
1217 + Links:
1218 + Crawling http://mail.freeflorida.org.
1219 + Crawling http://mail.freeflorida.org./s2.wp.com (404 Not Found)
1220 + Crawling http://mail.freeflorida.org./s1.wp.com (404 Not Found)
1221 + Crawling http://mail.freeflorida.org./s0.wp.com (404 Not Found)
1222 + Crawling http://mail.freeflorida.org./confederatetn.wordpress.com (404 Not Found)
1223 + Crawling http://mail.freeflorida.org./fonts.googleapis.com (404 Not Found)
1224 + Crawling http://mail.freeflorida.org./archives/florida-politicians-play-sneaky-with-immigration.html
1225 + Crawling http://mail.freeflorida.org./archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1226 + Crawling http://mail.freeflorida.org./widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1227 + Crawling http://mail.freeflorida.org./0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1228 + Crawling http://mail.freeflorida.org./stats.wp.com/w.js?56 (404 Not Found)
1229 + Searching for directories...
1230 - Found: http://mail.freeflorida.org./archives/
1231 - Found: http://mail.freeflorida.org./widgets.wp.com/
1232 - Found: http://mail.freeflorida.org./widgets.wp.com/likes/
1233 - Found: http://mail.freeflorida.org./0.gravatar.com/
1234 - Found: http://mail.freeflorida.org./0.gravatar.com/js/
1235 - Found: http://mail.freeflorida.org./stats.wp.com/
1236 + Searching open folders...
1237 - http://mail.freeflorida.org./archives/ (403 Forbidden)
1238 - http://mail.freeflorida.org./widgets.wp.com/ (404 Not Found)
1239 - http://mail.freeflorida.org./widgets.wp.com/likes/ (404 Not Found)
1240 - http://mail.freeflorida.org./0.gravatar.com/ (404 Not Found)
1241 - http://mail.freeflorida.org./0.gravatar.com/js/ (404 Not Found)
1242 - http://mail.freeflorida.org./stats.wp.com/ (404 Not Found)
1243 + Crawl finished successfully.
1244----------------------------------------------------------------------
1245Summary of http://http://mail.freeflorida.org.
1246----------------------------------------------------------------------
1247+ Links crawled:
1248 - http://mail.freeflorida.org.
1249 - http://mail.freeflorida.org./0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1250 - http://mail.freeflorida.org./archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1251 - http://mail.freeflorida.org./archives/florida-politicians-play-sneaky-with-immigration.html
1252 - http://mail.freeflorida.org./confederatetn.wordpress.com (404 Not Found)
1253 - http://mail.freeflorida.org./fonts.googleapis.com (404 Not Found)
1254 - http://mail.freeflorida.org./s0.wp.com (404 Not Found)
1255 - http://mail.freeflorida.org./s1.wp.com (404 Not Found)
1256 - http://mail.freeflorida.org./s2.wp.com (404 Not Found)
1257 - http://mail.freeflorida.org./stats.wp.com/w.js?56 (404 Not Found)
1258 - http://mail.freeflorida.org./widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1259 Total links crawled: 11
1260
1261+ Links to files found:
1262 Total links to files: 0
1263
1264+ Externals links found:
1265 - Http://freeflorida.org
1266 - http://coolchange.net/discussions/index.html
1267 - http://freeflorida.org
1268 - http://freeflorida.org/
1269 - http://freeflorida.org/Media-1.html
1270 - http://freeflorida.org/contact.html
1271 - http://freeflorida.org/corebeliefs.html
1272 - http://freeflorida.org/ffi.html
1273 - http://freeflorida.org/florida_republic.html
1274 - http://freeflorida.org/great_divide.html
1275 - http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180
1276 - http://freeflorida.org/images/bonnieblue.gif
1277 - http://freeflorida.org/images/bonnieblue.ico
1278 - http://freeflorida.org/images/freemagnoliaad.jpg
1279 - http://freeflorida.org/images/logo-goodsearch.jpg
1280 - http://freeflorida.org/images/sidestripjoinusbutton.png
1281 - http://freeflorida.org/islamic_invasion.html
1282 - http://freeflorida.org/kithandkin.html
1283 - http://freeflorida.org/league_theocracy.html
1284 - http://freeflorida.org/noliberty.html
1285 - http://freeflorida.org/reform.html
1286 - http://freeflorida.org/repeal/
1287 - http://freeflorida.org/repeal/images/DuvalCourthouse3.jpg
1288 - http://freeflorida.org/secession/
1289 - http://freeflorida.org/southern_nation.html
1290 - http://freeflorida.org/states_rights1.html
1291 - http://freeflorida.org/strategy.html
1292 - http://freeflorida.org/thefederalflag.html
1293 - http://freeflorida.org/thepledge.html
1294 - http://freeflorida.org/whatistheleague.html
1295 - http://gmpg.org/xfn/11
1296 - http://leagueofthesouth.com/
1297 - http://thesnc.org/
1298 - http://www.buysouthern.info/
1299 - http://www.coffeecamp.org/
1300 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FRestoringFloridasSovereignty&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
1301 - https://confederatetn.org/comments/feed/
1302 - https://confederatetn.org/feed/
1303 - https://confederatetn.org/osd.xml
1304 - https://confederatetn.wordpress.com/xmlrpc.php?rsd
1305 - https://connect.freeflorida.org/
1306 - https://connect.freeflorida.org/product-category/merchandise/
1307 - https://connect.freeflorida.org/product-category/merchandise//
1308 - https://fonts.googleapis.com/css?family=Work+Sans%3A800%7CKarla%3A400%2C400italic%2C700%2C700italic&
1309 - https://freeflorida.org/
1310 - https://freeflorida.org/chipin/join.html
1311 - https://freeflorida.org/chipin/support.html
1312 - https://freeflorida.org/images/fllos_logo.png
1313 - https://pixel.wp.com/b.gif?v=noscript
1314 - https://platform.twitter.com/widgets.js?ver=20111117
1315 - https://r-login.wordpress.com/remote-login.php?action=js&host=confederatetn.org&id=140820469&t=1532779536&back=https%3A%2F%2Fconfederatetn.org%2F
1316 - https://s0.wp.com/_static/??-eJx9jVEKAjEMRC9kDVVB/RDP0u3GGmmbpcmyeHsrRaiI+zfDzJuBZTKes2JWSLOZ4hwoCwTMWKgGf+TWi2ygY/WOCQWmeYDII4q6ApR9rXhORvQZ8Yfp/hYaA6qAsCcXTbvrTYMJMmsLP2JtNSCbyN4pcf4y5hYdlTW04BA5VBmgtjr7hq7pYg/n4+5k7d4+Xv4NeSo=?cssminify=yes
1317 - https://s0.wp.com/_static/??-eJyVy0sOQEAMANALqcYvYSHOgmkmpWoyirg9WyuxfIuHZ4BxVSM1XHYIsnvWDe1kM4owSD/OA0cHgQmVDoqkjtWn05bgnxu+Hws58L0IxeutZ3VLm1V5WRVlU+fTDQ0qQ9Y=
1318 - https://s0.wp.com/_static/??/wp-content/mu-plugins/actionbar/actionbar.css,/wp-content/themes/h4/global.css?m=1516985148j&cssminify=yes
1319 - https://s0.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel.css?m=1524699534h&cssminify=yes
1320 - https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
1321 - https://s1.wp.com/_static/??-eJyFkOsKwjAMhV/Irk4m7o/4LF2XjdT1YpNu6NNbhyLKphAISb4TTiKnINDpIbVA0uS4JIjXZyoMbeQvQFjso2IoLLoXrL1jcPxgrW9wAJEIoupzLy/q/AIXPLEFogwtTD8toRsRpr+YAQ5Kn0UEwhssHULh7Xn9A2sUTZ1vDGj+dhKG1KMjOWILXioi4Fkw1yHboaw42WNZ1YddXe6rrbkDYLSQ+w==
1322 - https://s1.wp.com/opensearch.xml
1323 - https://s1.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel-ie8fix.css?m=1412618825h&
1324 - https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h
1325 - https://s1.wp.com/wp-includes/wlwmanifest.xml
1326 - https://s2.wp.com/_static/??-eJx9j9EOwiAMRX9IRDSa7MH4LYxVx0ahWUuW/b3MRR/U8NLc25yb3uqZlEtRIIrGrCjkh4+sZ3IJFaMPsHy5vWPe6f+x4EdgPYCQdaN6uRru491HL8tH1GCXJih7JCsrgdB5CwGwYLUY0uWdWmVfilU7bb+2LU3ArMpEn1FJXw795ra1ptzqkDpgsZNmWQKs5A2v5nw6moNpTDM8ARbshzo=?cssminify=yes
1327 - https://s2.wp.com/_static/??-eJyVkEFuwzAMBD9UlUiT9BbkLbRMO7QlShUpJ/l95UPTogcDvi3InQFBuGfnkxiJwaTQ08Ke8uN90jf4s4rV5VBHFoXAMyl8Vap0Q+kDlY0yy8DC9nyF/127UWy6XDsIqSc1LICqZLqeI7jwiMZJ9nFjSB2GfYzOnF1gmd2QfFU38NYXsI8srmuGiGpUWnJpoVK4iX9nOw1W0M+6Bfn1GSv0ShttjyVVpQATWW5m9zNozDVeDuePz9PhfDyepm8ItMMz
1328 - https://s2.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1521806916j
1329 - https://s2.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes
1330 - https://s2.wp.com/wp-content/mu-plugins/highlander-comments/style-ie7.css?m=1351637563h&
1331 - https://s2.wp.com/wp-content/mu-plugins/tiled-gallery/tiled-gallery.css?m=1443731146h&cssminify=yes
1332 - https://wp.me/9wRPT
1333 - https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Ffreeflorida.org&width=300&layout=standard&action=like&size=large&show_faces=true&share=true&height=80&appId
1334 - https://www.flsenate.gov/Session/Bill/2019/00168/?Tab=Amendments
1335 - https://www.goodsearch.org/?charityid=826416
1336 - https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
1337 - https://www.paypalobjects.com/en_US/i/scr/pixel.gif
1338 Total external links: 73
1339
1340+ Email addresses found:
1341 Total email address found: 0
1342
1343+ Directories found:
1344 - http://mail.freeflorida.org./0.gravatar.com/ (404 Not Found)
1345 - http://mail.freeflorida.org./0.gravatar.com/js/ (404 Not Found)
1346 - http://mail.freeflorida.org./archives/ (403 Forbidden)
1347 - http://mail.freeflorida.org./stats.wp.com/ (404 Not Found)
1348 - http://mail.freeflorida.org./widgets.wp.com/ (404 Not Found)
1349 - http://mail.freeflorida.org./widgets.wp.com/likes/ (404 Not Found)
1350 Total directories: 6
1351
1352+ Directory indexing found:
1353 Total directories with indexing: 0
1354
1355----------------------------------------------------------------------
1356
1357
1358 + URL to crawl: http://freeflorida.org
1359 + Date: 2019-11-25
1360
1361 + Crawling URL: http://freeflorida.org:
1362 + Links:
1363 + Crawling http://freeflorida.org
1364 + Crawling http://freeflorida.org/s2.wp.com (404 Not Found)
1365 + Crawling http://freeflorida.org/s1.wp.com (404 Not Found)
1366 + Crawling http://freeflorida.org/s0.wp.com (404 Not Found)
1367 + Crawling http://freeflorida.org/confederatetn.wordpress.com (404 Not Found)
1368 + Crawling http://freeflorida.org/fonts.googleapis.com (404 Not Found)
1369 + Crawling http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180 (File! Not crawling it.)
1370 + Crawling https://freeflorida.org/chipin/support.html
1371 + Crawling http://freeflorida.org/contact.html
1372 + Crawling http://freeflorida.org/Media-1.html
1373 + Crawling Http://freeflorida.org
1374 + Crawling http://freeflorida.org/whatistheleague.html
1375 + Crawling http://freeflorida.org/corebeliefs.html
1376 + Crawling http://freeflorida.org/strategy.html
1377 + Crawling http://freeflorida.org/thefederalflag.html
1378 + Crawling http://freeflorida.org/thepledge.html
1379 + Crawling http://freeflorida.org/ffi.html
1380 + Crawling http://freeflorida.org/southern_nation.html
1381 + Crawling http://freeflorida.org/florida_republic.html
1382 + Crawling http://freeflorida.org/reform.html
1383 + Crawling http://freeflorida.org/kithandkin.html
1384 + Crawling http://freeflorida.org/league_theocracy.html
1385 + Crawling http://freeflorida.org/great_divide.html
1386 + Crawling http://freeflorida.org/islamic_invasion.html (404 Not Found)
1387 + Crawling https://freeflorida.org/
1388 + Crawling http://freeflorida.org/
1389 + Crawling http://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1390 + Crawling http://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1391 + Crawling http://freeflorida.org/noliberty.html
1392 + Crawling http://freeflorida.org/secession/
1393 + Crawling http://freeflorida.org/repeal/
1394 + Crawling https://freeflorida.org/chipin/join.html
1395 + Crawling http://freeflorida.org/states_rights1.html
1396 + Crawling http://freeflorida.org/widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1397 + Crawling http://freeflorida.org/0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1398 + Crawling http://freeflorida.org/stats.wp.com/w.js?56 (404 Not Found)
1399 + Crawling https://freeflorida.org/contact/form.php
1400 + Crawling http://freeflorida.org/images/apopka-1.jpg?w=300&h=201 (File! Not crawling it.)
1401 + Crawling https://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1402 + Crawling https://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1403 + Crawling https://freeflorida.org/secession/form.php
1404 + Crawling https://freeflorida.org/repeal/form.php
1405 + Crawling http://freeflorida.org/code.jquery.com (404 Not Found)
1406 + Crawling http://freeflorida.org/s.w.org (404 Not Found)
1407 + Crawling http://freeflorida.org/v0.wordpress.com (404 Not Found)
1408 + Crawling http://freeflorida.org/c0.wp.com (404 Not Found)
1409 + Crawling https://freeflorida.org
1410 + Crawling http://freeflorida.org/index.html
1411 + Crawling http://freeflorida.org/states_rights2.html
1412 + Crawling http://freeflorida.org/states_rights3.html
1413 + Crawling http://freeflorida.org/states_rights4.html
1414 + Crawling http://freeflorida.org/states_rights5.html
1415 + Searching for directories...
1416 - Found: http://freeflorida.org/archives/
1417 - Found: http://freeflorida.org/secession/
1418 - Found: http://freeflorida.org/repeal/
1419 - Found: http://freeflorida.org/widgets.wp.com/
1420 - Found: http://freeflorida.org/widgets.wp.com/likes/
1421 - Found: http://freeflorida.org/0.gravatar.com/
1422 - Found: http://freeflorida.org/0.gravatar.com/js/
1423 - Found: http://freeflorida.org/stats.wp.com/
1424 - Found: http://freeflorida.org/images/
1425 - Found: http://freeflorida.org/repeal/images/
1426 - Found: http://freeflorida.org/s7.addthis.com/
1427 - Found: http://freeflorida.org/s7.addthis.com/js/
1428 - Found: http://freeflorida.org/s7.addthis.com/js/300/
1429 - Found: http://freeflorida.org/www.goodsearch.com/
1430 + Searching open folders...
1431 - http://freeflorida.org/archives/ (403 Forbidden)
1432 - http://freeflorida.org/secession/ (No Open Folder)
1433 - http://freeflorida.org/repeal/ (No Open Folder)
1434 - http://freeflorida.org/widgets.wp.com/ (404 Not Found)
1435 - http://freeflorida.org/widgets.wp.com/likes/ (404 Not Found)
1436 - http://freeflorida.org/0.gravatar.com/ (404 Not Found)
1437 - http://freeflorida.org/0.gravatar.com/js/ (404 Not Found)
1438 - http://freeflorida.org/stats.wp.com/ (404 Not Found)
1439 - http://freeflorida.org/images/ (403 Forbidden)
1440 - http://freeflorida.org/repeal/images/ (403 Forbidden)
1441 - http://freeflorida.org/s7.addthis.com/ (404 Not Found)
1442 - http://freeflorida.org/s7.addthis.com/js/ (404 Not Found)
1443 - http://freeflorida.org/s7.addthis.com/js/300/ (404 Not Found)
1444 - http://freeflorida.org/www.goodsearch.com/ (403 Forbidden)
1445 + Crawl finished successfully.
1446----------------------------------------------------------------------
1447Summary of http://http://freeflorida.org
1448----------------------------------------------------------------------
1449+ Links crawled:
1450 - Http://freeflorida.org
1451 - http://freeflorida.org
1452 - http://freeflorida.org/
1453 - http://freeflorida.org/0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1454 - http://freeflorida.org/Media-1.html
1455 - http://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1456 - http://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1457 - http://freeflorida.org/c0.wp.com (404 Not Found)
1458 - http://freeflorida.org/code.jquery.com (404 Not Found)
1459 - http://freeflorida.org/confederatetn.wordpress.com (404 Not Found)
1460 - http://freeflorida.org/contact.html
1461 - http://freeflorida.org/corebeliefs.html
1462 - http://freeflorida.org/ffi.html
1463 - http://freeflorida.org/florida_republic.html
1464 - http://freeflorida.org/fonts.googleapis.com (404 Not Found)
1465 - http://freeflorida.org/great_divide.html
1466 - http://freeflorida.org/index.html
1467 - http://freeflorida.org/islamic_invasion.html (404 Not Found)
1468 - http://freeflorida.org/kithandkin.html
1469 - http://freeflorida.org/league_theocracy.html
1470 - http://freeflorida.org/noliberty.html
1471 - http://freeflorida.org/reform.html
1472 - http://freeflorida.org/repeal/
1473 - http://freeflorida.org/s.w.org (404 Not Found)
1474 - http://freeflorida.org/s0.wp.com (404 Not Found)
1475 - http://freeflorida.org/s1.wp.com (404 Not Found)
1476 - http://freeflorida.org/s2.wp.com (404 Not Found)
1477 - http://freeflorida.org/secession/
1478 - http://freeflorida.org/southern_nation.html
1479 - http://freeflorida.org/states_rights1.html
1480 - http://freeflorida.org/states_rights2.html
1481 - http://freeflorida.org/states_rights3.html
1482 - http://freeflorida.org/states_rights4.html
1483 - http://freeflorida.org/states_rights5.html
1484 - http://freeflorida.org/stats.wp.com/w.js?56 (404 Not Found)
1485 - http://freeflorida.org/strategy.html
1486 - http://freeflorida.org/thefederalflag.html
1487 - http://freeflorida.org/thepledge.html
1488 - http://freeflorida.org/v0.wordpress.com (404 Not Found)
1489 - http://freeflorida.org/whatistheleague.html
1490 - http://freeflorida.org/widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1491 - https://freeflorida.org
1492 - https://freeflorida.org/
1493 - https://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1494 - https://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1495 - https://freeflorida.org/chipin/join.html
1496 - https://freeflorida.org/chipin/support.html
1497 - https://freeflorida.org/contact/form.php
1498 - https://freeflorida.org/repeal/form.php
1499 - https://freeflorida.org/secession/form.php
1500 Total links crawled: 50
1501
1502+ Links to files found:
1503 - http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180
1504 - http://freeflorida.org/images/aboutbutton.jpg
1505 - http://freeflorida.org/images/apopka-1.jpg
1506 - http://freeflorida.org/images/apopka-1.jpg?w=300&h=201
1507 - http://freeflorida.org/images/bonnieblue.gif
1508 - http://freeflorida.org/images/bonnieblue.ico
1509 - http://freeflorida.org/images/contactbutton.jpg
1510 - http://freeflorida.org/images/delegateapplicationhershey.jpg
1511 - http://freeflorida.org/images/fllos%20logo.png
1512 - http://freeflorida.org/images/floridapin.gif
1513 - http://freeflorida.org/images/freemagnoliaad.jpg
1514 - http://freeflorida.org/images/header2.png
1515 - http://freeflorida.org/images/joinbutton.jpg
1516 - http://freeflorida.org/images/logo-goodsearch.jpg
1517 - http://freeflorida.org/images/officialsealforindex.jpg
1518 - http://freeflorida.org/images/sidestripjoinusbutton.png
1519 - http://freeflorida.org/images/sidestripjoinusbutton1.png
1520 - http://freeflorida.org/images/upperhome2.jpg
1521 - http://freeflorida.org/repeal/images/DuvalCourthouse3.jpg
1522 - http://freeflorida.org/repeal/images/facebook_icon.ico
1523 - http://freeflorida.org/s7.addthis.com/js/300/addthis_widget.js
1524 - http://freeflorida.org/www.goodsearch.com/badge.css
1525 - https://freeflorida.org/chipin/images/donate_now_button1.jpg
1526 - https://freeflorida.org/chipin/images/fllos logo.jpg
1527 - https://freeflorida.org/images/contactusbutton.jpg
1528 - https://freeflorida.org/images/fllos_logo.png
1529 - https://freeflorida.org/images/header4.png
1530 - https://freeflorida.org/images/joinnowbutton.jpg
1531 - https://freeflorida.org/images/upperhome.jpg
1532 Total links to files: 29
1533
1534+ Externals links found:
1535 - http://avalon.law.yale.edu/18th_century/debates_529.asp
1536 - http://buysouthern.info/
1537 - http://chipin.freeflorida.org
1538 - http://coolchange.net/discussions/index.html
1539 - http://dixienet.org/
1540 - http://dixienet.org/rebellion/rebellion.html
1541 - http://gmpg.org/xfn/11
1542 - http://laws.findlaw.com/us/317/111.html
1543 - http://leagueofthesouth.com/
1544 - http://northfloridals.org/
1545 - http://phpfmg.sourceforge.net
1546 - http://s7.addthis.com/js/250/addthis_widget.js
1547 - http://southernnationalcongress.org/truths/what_is_states_rights_crane20101502.shtml
1548 - http://southernnationalcongress.org/truths/what_is_states_rights_crane_p2_20100103.shtml
1549 - http://southernnationalist.com/
1550 - http://thesnc.org/
1551 - http://thesnc.org/Florida/
1552 - http://www.buysouthern.info/
1553 - http://www.coffeecamp.org/
1554 - http://www.dixiebroadcasting.com/
1555 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFlorida-League-of-the-South%2F146323218769078&width=292&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=62
1556 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FRestoring-Floridas-Sovereignty-882663665236500&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
1557 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FRestoringFloridasSovereignty&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
1558 - http://www.formmail-maker.com
1559 - http://www.goodsearch.com/?charityid=826416
1560 - http://www.missourilos.org/whatistheleague.shtml
1561 - http://www.petitiononline.com/cripps/petition.html
1562 - http://www.petitiononline.com/union/petition.html
1563 - http://www.thesnc.org
1564 - http://www.thesnc.org/
1565 - http://www.thesnc.org/custpage.cfm?frm=10810&form=10810
1566 - https://c0.wp.com/c/5.2.4/wp-includes/css/dashicons.min.css
1567 - https://c0.wp.com/c/5.2.4/wp-includes/css/dist/block-library/style.min.css
1568 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/jquery-migrate.min.js
1569 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/jquery.js
1570 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/ui/core.min.js
1571 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/ui/datepicker.min.js
1572 - https://c0.wp.com/c/5.2.4/wp-includes/js/wp-embed.min.js
1573 - https://c0.wp.com/p/jetpack/7.3.2/_inc/genericons/genericons/genericons.css
1574 - https://c0.wp.com/p/jetpack/7.3.2/css/jetpack.css
1575 - https://c0.wp.com/p/woocommerce/3.6.4/assets/css/woocommerce-layout.css
1576 - https://c0.wp.com/p/woocommerce/3.6.4/assets/css/woocommerce-smallscreen.css
1577 - https://c0.wp.com/p/woocommerce/3.6.4/assets/css/woocommerce.css
1578 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/frontend/add-to-cart.min.js
1579 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/frontend/cart-fragments.min.js
1580 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/frontend/woocommerce.min.js
1581 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/jquery-blockui/jquery.blockUI.min.js
1582 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/js-cookie/js.cookie.min.js
1583 - https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css?ver=5.2.4
1584 - https://confederatetn.org/comments/feed/
1585 - https://confederatetn.org/feed/
1586 - https://confederatetn.org/osd.xml
1587 - https://confederatetn.wordpress.com/xmlrpc.php?rsd
1588 - https://connect.freeflorida.org
1589 - https://connect.freeflorida.org/
1590 - https://connect.freeflorida.org/about/
1591 - https://connect.freeflorida.org/about/feed/
1592 - https://connect.freeflorida.org/cart/
1593 - https://connect.freeflorida.org/comments/feed/
1594 - https://connect.freeflorida.org/feed/
1595 - https://connect.freeflorida.org/my-account/
1596 - https://connect.freeflorida.org/product-category/enrollment/
1597 - https://connect.freeflorida.org/product-category/merchandise/
1598 - https://connect.freeflorida.org/product-category/merchandise//
1599 - https://connect.freeflorida.org/product-category/promotional-literature/
1600 - https://connect.freeflorida.org/product/donate/
1601 - https://connect.freeflorida.org/wp-content/plugins/apply-online/public/css/applyonline-public.css?ver=1.9.94
1602 - https://connect.freeflorida.org/wp-content/plugins/apply-online/public/css/bootstrap.min.css?ver=1.9.94
1603 - https://connect.freeflorida.org/wp-content/plugins/apply-online/public/js/applyonline-public.js?ver=1.9.94
1604 - https://connect.freeflorida.org/wp-content/plugins/woo-gutenberg-products-block/build/style.css?ver=2.1.0
1605 - https://connect.freeflorida.org/wp-content/plugins/yith-donations-for-woocommerce/assets/css/ywcds_free_frontend.css?ver=1.1.5
1606 - https://connect.freeflorida.org/wp-content/plugins/yith-donations-for-woocommerce/assets/js/ywcds_free_frontend.min.js?ver=1.1.5
1607 - https://connect.freeflorida.org/wp-content/themes/tortuga/assets/css/custom-fonts.css?ver=20180413
1608 - https://connect.freeflorida.org/wp-content/themes/tortuga/assets/js/html5shiv.min.js?ver=3.7.3
1609 - https://connect.freeflorida.org/wp-content/themes/tortuga/assets/js/navigation.js?ver=20160719
1610 - https://connect.freeflorida.org/wp-content/themes/tortuga/style.css?ver=1.7.2
1611 - https://connect.freeflorida.org/wp-content/uploads/2019/05/cropped-bonnie-blue-180x180.jpg
1612 - https://connect.freeflorida.org/wp-content/uploads/2019/05/cropped-bonnie-blue-192x192.jpg
1613 - https://connect.freeflorida.org/wp-content/uploads/2019/05/cropped-bonnie-blue-32x32.jpg
1614 - https://connect.freeflorida.org/wp-content/uploads/2019/11/Florida-Flag-Wall-Logo-360px.jpg
1615 - https://connect.freeflorida.org/wp-includes/wlwmanifest.xml
1616 - https://connect.freeflorida.org/wp-json/
1617 - https://connect.freeflorida.org/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fconnect.freeflorida.org%2Fabout%2F
1618 - https://connect.freeflorida.org/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fconnect.freeflorida.org%2Fabout%2F&
1619 - https://connect.freeflorida.org/xmlrpc.php
1620 - https://connect.freeflorida.org/xmlrpc.php?rsd
1621 - https://docs.google.com/forms/d/1AQqQgD1J4513q1wJYSUaj55KNtonR3eSwWV0LO7clHU/viewform
1622 - https://fonts.googleapis.com/css?family=Work+Sans%3A800%7CKarla%3A400%2C400italic%2C700%2C700italic&
1623 - https://leagueofthesouth.com
1624 - https://lspanhandle.org/
1625 - https://pixel.wp.com/b.gif?v=noscript
1626 - https://platform.twitter.com/widgets.js?ver=20111117
1627 - https://r-login.wordpress.com/remote-login.php?action=js&host=confederatetn.org&id=140820469&t=1532779536&back=https%3A%2F%2Fconfederatetn.org%2F
1628 - https://s0.wp.com/_static/??-eJx9jVEKAjEMRC9kDVVB/RDP0u3GGmmbpcmyeHsrRaiI+zfDzJuBZTKes2JWSLOZ4hwoCwTMWKgGf+TWi2ygY/WOCQWmeYDII4q6ApR9rXhORvQZ8Yfp/hYaA6qAsCcXTbvrTYMJMmsLP2JtNSCbyN4pcf4y5hYdlTW04BA5VBmgtjr7hq7pYg/n4+5k7d4+Xv4NeSo=?cssminify=yes
1629 - https://s0.wp.com/_static/??-eJyVy0sOQEAMANALqcYvYSHOgmkmpWoyirg9WyuxfIuHZ4BxVSM1XHYIsnvWDe1kM4owSD/OA0cHgQmVDoqkjtWn05bgnxu+Hws58L0IxeutZ3VLm1V5WRVlU+fTDQ0qQ9Y=
1630 - https://s0.wp.com/_static/??/wp-content/mu-plugins/actionbar/actionbar.css,/wp-content/themes/h4/global.css?m=1516985148j&cssminify=yes
1631 - https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201948
1632 - https://s0.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel.css?m=1524699534h&cssminify=yes
1633 - https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
1634 - https://s1.wp.com/_static/??-eJyFkOsKwjAMhV/Irk4m7o/4LF2XjdT1YpNu6NNbhyLKphAISb4TTiKnINDpIbVA0uS4JIjXZyoMbeQvQFjso2IoLLoXrL1jcPxgrW9wAJEIoupzLy/q/AIXPLEFogwtTD8toRsRpr+YAQ5Kn0UEwhssHULh7Xn9A2sUTZ1vDGj+dhKG1KMjOWILXioi4Fkw1yHboaw42WNZ1YddXe6rrbkDYLSQ+w==
1635 - https://s1.wp.com/opensearch.xml
1636 - https://s1.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel-ie8fix.css?m=1412618825h&
1637 - https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h
1638 - https://s1.wp.com/wp-includes/wlwmanifest.xml
1639 - https://s2.wp.com/_static/??-eJx9j9EOwiAMRX9IRDSa7MH4LYxVx0ahWUuW/b3MRR/U8NLc25yb3uqZlEtRIIrGrCjkh4+sZ3IJFaMPsHy5vWPe6f+x4EdgPYCQdaN6uRru491HL8tH1GCXJih7JCsrgdB5CwGwYLUY0uWdWmVfilU7bb+2LU3ArMpEn1FJXw795ra1ptzqkDpgsZNmWQKs5A2v5nw6moNpTDM8ARbshzo=?cssminify=yes
1640 - https://s2.wp.com/_static/??-eJyVkEFuwzAMBD9UlUiT9BbkLbRMO7QlShUpJ/l95UPTogcDvi3InQFBuGfnkxiJwaTQ08Ke8uN90jf4s4rV5VBHFoXAMyl8Vap0Q+kDlY0yy8DC9nyF/127UWy6XDsIqSc1LICqZLqeI7jwiMZJ9nFjSB2GfYzOnF1gmd2QfFU38NYXsI8srmuGiGpUWnJpoVK4iX9nOw1W0M+6Bfn1GSv0ShttjyVVpQATWW5m9zNozDVeDuePz9PhfDyepm8ItMMz
1641 - https://s2.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1521806916j
1642 - https://s2.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes
1643 - https://s2.wp.com/wp-content/mu-plugins/highlander-comments/style-ie7.css?m=1351637563h&
1644 - https://s2.wp.com/wp-content/mu-plugins/tiled-gallery/tiled-gallery.css?m=1443731146h&cssminify=yes
1645 - https://stats.wp.com/e-201948.js
1646 - https://stats.wp.com/s-201948.js
1647 - https://thefreemagnolia.com/
1648 - https://themezee.com/themes/tortuga/
1649 - https://wp.me/9wRPT
1650 - https://wp.me/PaODrl-2
1651 - https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Ffreeflorida.org&width=300&layout=standard&action=like&size=large&show_faces=true&share=true&height=80&appId
1652 - https://www.facebook.com/sharer/sharer.php?u=http://freeflorida.org/repeal/index.html
1653 - https://www.flsenate.gov/Session/Bill/2019/00168/?Tab=Amendments
1654 - https://www.goodsearch.com/register
1655 - https://www.goodsearch.org/?charityid=826416
1656 - https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
1657 - https://www.paypalobjects.com/en_US/i/scr/pixel.gif
1658 - https://www.youtube.com/embed/0qbhnmGoQGc
1659 - https://www.youtube.com/embed/Fb8WGZXxi2c
1660 - https://www.youtube.com/embed/FgWbhmpNVe0
1661 - https://www.youtube.com/embed/QkSozbGsonE
1662 - https://www.youtube.com/embed/RGcZnM0dq-c
1663 - https://www.youtube.com/embed/Wh8I9kcgMCE
1664 - https://www.youtube.com/embed/jyV-hkoPLdA
1665 - https://www.youtube.com/embed/sJz9ZpQYsLA
1666 Total external links: 131
1667
1668+ Email addresses found:
1669 Total email address found: 0
1670
1671+ Directories found:
1672 - http://freeflorida.org/0.gravatar.com/ (404 Not Found)
1673 - http://freeflorida.org/0.gravatar.com/js/ (404 Not Found)
1674 - http://freeflorida.org/archives/ (403 Forbidden)
1675 - http://freeflorida.org/images/ (403 Forbidden)
1676 - http://freeflorida.org/repeal/ (No open folder)
1677 - http://freeflorida.org/repeal/images/ (403 Forbidden)
1678 - http://freeflorida.org/s7.addthis.com/ (404 Not Found)
1679 - http://freeflorida.org/s7.addthis.com/js/ (404 Not Found)
1680 - http://freeflorida.org/s7.addthis.com/js/300/ (404 Not Found)
1681 - http://freeflorida.org/secession/ (No open folder)
1682 - http://freeflorida.org/stats.wp.com/ (404 Not Found)
1683 - http://freeflorida.org/widgets.wp.com/ (404 Not Found)
1684 - http://freeflorida.org/widgets.wp.com/likes/ (404 Not Found)
1685 - http://freeflorida.org/www.goodsearch.com/ (403 Forbidden)
1686 Total directories: 14
1687
1688+ Directory indexing found:
1689 Total directories with indexing: 0
1690
1691----------------------------------------------------------------------
1692
1693
1694 + URL to crawl: http://www.freeflorida.org.
1695 + Date: 2019-11-25
1696
1697 + Crawling URL: http://www.freeflorida.org.:
1698 + Links:
1699 + Crawling http://www.freeflorida.org.
1700 + Crawling http://www.freeflorida.org./s2.wp.com (404 Not Found)
1701 + Crawling http://www.freeflorida.org./s1.wp.com (404 Not Found)
1702 + Crawling http://www.freeflorida.org./s0.wp.com (404 Not Found)
1703 + Crawling http://www.freeflorida.org./confederatetn.wordpress.com (404 Not Found)
1704 + Crawling http://www.freeflorida.org./fonts.googleapis.com (404 Not Found)
1705 + Crawling http://www.freeflorida.org./archives/florida-politicians-play-sneaky-with-immigration.html
1706 + Crawling http://www.freeflorida.org./archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1707 + Crawling http://www.freeflorida.org./widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1708 + Crawling http://www.freeflorida.org./0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1709 + Crawling http://www.freeflorida.org./stats.wp.com/w.js?56 (404 Not Found)
1710 + Searching for directories...
1711 - Found: http://www.freeflorida.org./archives/
1712 - Found: http://www.freeflorida.org./widgets.wp.com/
1713 - Found: http://www.freeflorida.org./widgets.wp.com/likes/
1714 - Found: http://www.freeflorida.org./0.gravatar.com/
1715 - Found: http://www.freeflorida.org./0.gravatar.com/js/
1716 - Found: http://www.freeflorida.org./stats.wp.com/
1717 + Searching open folders...
1718 - http://www.freeflorida.org./archives/ (403 Forbidden)
1719 - http://www.freeflorida.org./widgets.wp.com/ (404 Not Found)
1720 - http://www.freeflorida.org./widgets.wp.com/likes/ (404 Not Found)
1721 - http://www.freeflorida.org./0.gravatar.com/ (404 Not Found)
1722 - http://www.freeflorida.org./0.gravatar.com/js/ (404 Not Found)
1723 - http://www.freeflorida.org./stats.wp.com/ (404 Not Found)
1724 + Crawl finished successfully.
1725----------------------------------------------------------------------
1726Summary of http://http://www.freeflorida.org.
1727----------------------------------------------------------------------
1728+ Links crawled:
1729 - http://www.freeflorida.org.
1730 - http://www.freeflorida.org./0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1731 - http://www.freeflorida.org./archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1732 - http://www.freeflorida.org./archives/florida-politicians-play-sneaky-with-immigration.html
1733 - http://www.freeflorida.org./confederatetn.wordpress.com (404 Not Found)
1734 - http://www.freeflorida.org./fonts.googleapis.com (404 Not Found)
1735 - http://www.freeflorida.org./s0.wp.com (404 Not Found)
1736 - http://www.freeflorida.org./s1.wp.com (404 Not Found)
1737 - http://www.freeflorida.org./s2.wp.com (404 Not Found)
1738 - http://www.freeflorida.org./stats.wp.com/w.js?56 (404 Not Found)
1739 - http://www.freeflorida.org./widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1740 Total links crawled: 11
1741
1742+ Links to files found:
1743 Total links to files: 0
1744
1745+ Externals links found:
1746 - Http://freeflorida.org
1747 - http://coolchange.net/discussions/index.html
1748 - http://freeflorida.org
1749 - http://freeflorida.org/
1750 - http://freeflorida.org/Media-1.html
1751 - http://freeflorida.org/contact.html
1752 - http://freeflorida.org/corebeliefs.html
1753 - http://freeflorida.org/ffi.html
1754 - http://freeflorida.org/florida_republic.html
1755 - http://freeflorida.org/great_divide.html
1756 - http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180
1757 - http://freeflorida.org/images/bonnieblue.gif
1758 - http://freeflorida.org/images/bonnieblue.ico
1759 - http://freeflorida.org/images/freemagnoliaad.jpg
1760 - http://freeflorida.org/images/logo-goodsearch.jpg
1761 - http://freeflorida.org/images/sidestripjoinusbutton.png
1762 - http://freeflorida.org/islamic_invasion.html
1763 - http://freeflorida.org/kithandkin.html
1764 - http://freeflorida.org/league_theocracy.html
1765 - http://freeflorida.org/noliberty.html
1766 - http://freeflorida.org/reform.html
1767 - http://freeflorida.org/repeal/
1768 - http://freeflorida.org/repeal/images/DuvalCourthouse3.jpg
1769 - http://freeflorida.org/secession/
1770 - http://freeflorida.org/southern_nation.html
1771 - http://freeflorida.org/states_rights1.html
1772 - http://freeflorida.org/strategy.html
1773 - http://freeflorida.org/thefederalflag.html
1774 - http://freeflorida.org/thepledge.html
1775 - http://freeflorida.org/whatistheleague.html
1776 - http://gmpg.org/xfn/11
1777 - http://leagueofthesouth.com/
1778 - http://thesnc.org/
1779 - http://www.buysouthern.info/
1780 - http://www.coffeecamp.org/
1781 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FRestoringFloridasSovereignty&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
1782 - https://confederatetn.org/comments/feed/
1783 - https://confederatetn.org/feed/
1784 - https://confederatetn.org/osd.xml
1785 - https://confederatetn.wordpress.com/xmlrpc.php?rsd
1786 - https://connect.freeflorida.org/
1787 - https://connect.freeflorida.org/product-category/merchandise/
1788 - https://connect.freeflorida.org/product-category/merchandise//
1789 - https://fonts.googleapis.com/css?family=Work+Sans%3A800%7CKarla%3A400%2C400italic%2C700%2C700italic&
1790 - https://freeflorida.org/
1791 - https://freeflorida.org/chipin/join.html
1792 - https://freeflorida.org/chipin/support.html
1793 - https://freeflorida.org/images/fllos_logo.png
1794 - https://pixel.wp.com/b.gif?v=noscript
1795 - https://platform.twitter.com/widgets.js?ver=20111117
1796 - https://r-login.wordpress.com/remote-login.php?action=js&host=confederatetn.org&id=140820469&t=1532779536&back=https%3A%2F%2Fconfederatetn.org%2F
1797 - https://s0.wp.com/_static/??-eJx9jVEKAjEMRC9kDVVB/RDP0u3GGmmbpcmyeHsrRaiI+zfDzJuBZTKes2JWSLOZ4hwoCwTMWKgGf+TWi2ygY/WOCQWmeYDII4q6ApR9rXhORvQZ8Yfp/hYaA6qAsCcXTbvrTYMJMmsLP2JtNSCbyN4pcf4y5hYdlTW04BA5VBmgtjr7hq7pYg/n4+5k7d4+Xv4NeSo=?cssminify=yes
1798 - https://s0.wp.com/_static/??-eJyVy0sOQEAMANALqcYvYSHOgmkmpWoyirg9WyuxfIuHZ4BxVSM1XHYIsnvWDe1kM4owSD/OA0cHgQmVDoqkjtWn05bgnxu+Hws58L0IxeutZ3VLm1V5WRVlU+fTDQ0qQ9Y=
1799 - https://s0.wp.com/_static/??/wp-content/mu-plugins/actionbar/actionbar.css,/wp-content/themes/h4/global.css?m=1516985148j&cssminify=yes
1800 - https://s0.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel.css?m=1524699534h&cssminify=yes
1801 - https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
1802 - https://s1.wp.com/_static/??-eJyFkOsKwjAMhV/Irk4m7o/4LF2XjdT1YpNu6NNbhyLKphAISb4TTiKnINDpIbVA0uS4JIjXZyoMbeQvQFjso2IoLLoXrL1jcPxgrW9wAJEIoupzLy/q/AIXPLEFogwtTD8toRsRpr+YAQ5Kn0UEwhssHULh7Xn9A2sUTZ1vDGj+dhKG1KMjOWILXioi4Fkw1yHboaw42WNZ1YddXe6rrbkDYLSQ+w==
1803 - https://s1.wp.com/opensearch.xml
1804 - https://s1.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel-ie8fix.css?m=1412618825h&
1805 - https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h
1806 - https://s1.wp.com/wp-includes/wlwmanifest.xml
1807 - https://s2.wp.com/_static/??-eJx9j9EOwiAMRX9IRDSa7MH4LYxVx0ahWUuW/b3MRR/U8NLc25yb3uqZlEtRIIrGrCjkh4+sZ3IJFaMPsHy5vWPe6f+x4EdgPYCQdaN6uRru491HL8tH1GCXJih7JCsrgdB5CwGwYLUY0uWdWmVfilU7bb+2LU3ArMpEn1FJXw795ra1ptzqkDpgsZNmWQKs5A2v5nw6moNpTDM8ARbshzo=?cssminify=yes
1808 - https://s2.wp.com/_static/??-eJyVkEFuwzAMBD9UlUiT9BbkLbRMO7QlShUpJ/l95UPTogcDvi3InQFBuGfnkxiJwaTQ08Ke8uN90jf4s4rV5VBHFoXAMyl8Vap0Q+kDlY0yy8DC9nyF/127UWy6XDsIqSc1LICqZLqeI7jwiMZJ9nFjSB2GfYzOnF1gmd2QfFU38NYXsI8srmuGiGpUWnJpoVK4iX9nOw1W0M+6Bfn1GSv0ShttjyVVpQATWW5m9zNozDVeDuePz9PhfDyepm8ItMMz
1809 - https://s2.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1521806916j
1810 - https://s2.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes
1811 - https://s2.wp.com/wp-content/mu-plugins/highlander-comments/style-ie7.css?m=1351637563h&
1812 - https://s2.wp.com/wp-content/mu-plugins/tiled-gallery/tiled-gallery.css?m=1443731146h&cssminify=yes
1813 - https://wp.me/9wRPT
1814 - https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Ffreeflorida.org&width=300&layout=standard&action=like&size=large&show_faces=true&share=true&height=80&appId
1815 - https://www.flsenate.gov/Session/Bill/2019/00168/?Tab=Amendments
1816 - https://www.goodsearch.org/?charityid=826416
1817 - https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
1818 - https://www.paypalobjects.com/en_US/i/scr/pixel.gif
1819 Total external links: 73
1820
1821+ Email addresses found:
1822 Total email address found: 0
1823
1824+ Directories found:
1825 - http://www.freeflorida.org./0.gravatar.com/ (404 Not Found)
1826 - http://www.freeflorida.org./0.gravatar.com/js/ (404 Not Found)
1827 - http://www.freeflorida.org./archives/ (403 Forbidden)
1828 - http://www.freeflorida.org./stats.wp.com/ (404 Not Found)
1829 - http://www.freeflorida.org./widgets.wp.com/ (404 Not Found)
1830 - http://www.freeflorida.org./widgets.wp.com/likes/ (404 Not Found)
1831 Total directories: 6
1832
1833+ Directory indexing found:
1834 Total directories with indexing: 0
1835
1836----------------------------------------------------------------------
1837
1838
1839 + URL to crawl: http://ftp.freeflorida.org.
1840 + Date: 2019-11-25
1841
1842 + Crawling URL: http://ftp.freeflorida.org.:
1843 + Links:
1844 + Crawling http://ftp.freeflorida.org.
1845 + Searching for directories...
1846 - Found: http://ftp.freeflorida.org./cgi-sys/
1847 - Found: http://ftp.freeflorida.org./cgi-sys/js/
1848 - Found: http://ftp.freeflorida.org./cgi-sys/images/
1849 + Searching open folders...
1850 - http://ftp.freeflorida.org./cgi-sys/ (No Open Folder)
1851 - http://ftp.freeflorida.org./cgi-sys/js/ (403 Forbidden)
1852 - http://ftp.freeflorida.org./cgi-sys/images/ (403 Forbidden)
1853
1854
1855 + URL to crawl: http://webmail.freeflorida.org.
1856 + Date: 2019-11-25
1857
1858 + Crawling URL: http://webmail.freeflorida.org.:
1859 + Links:
1860 + Crawling http://webmail.freeflorida.org.
1861 + Searching for directories...
1862 + Searching open folders...
1863
1864
1865 + URL to crawl: https://mail.freeflorida.org.
1866 + Date: 2019-11-25
1867
1868 + Crawling URL: https://mail.freeflorida.org.:
1869 + Links:
1870 + Crawling https://mail.freeflorida.org.
1871 + Searching for directories...
1872 + Searching open folders...
1873
1874
1875 + URL to crawl: https://freeflorida.org
1876 + Date: 2019-11-25
1877
1878 + Crawling URL: https://freeflorida.org:
1879 + Links:
1880 + Crawling https://freeflorida.org
1881 + Crawling https://freeflorida.org/s2.wp.com (404 Not Found)
1882 + Crawling https://freeflorida.org/s1.wp.com (404 Not Found)
1883 + Crawling https://freeflorida.org/s0.wp.com (404 Not Found)
1884 + Crawling https://freeflorida.org/confederatetn.wordpress.com (404 Not Found)
1885 + Crawling https://freeflorida.org/fonts.googleapis.com (404 Not Found)
1886 + Crawling http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180 (File! Not crawling it.)
1887 + Crawling https://freeflorida.org/chipin/support.html
1888 + Crawling http://freeflorida.org/contact.html
1889 + Crawling http://freeflorida.org/Media-1.html
1890 + Crawling Http://freeflorida.org
1891 + Crawling http://freeflorida.org
1892 + Crawling http://freeflorida.org/whatistheleague.html
1893 + Crawling http://freeflorida.org/corebeliefs.html
1894 + Crawling http://freeflorida.org/strategy.html
1895 + Crawling http://freeflorida.org/thefederalflag.html
1896 + Crawling http://freeflorida.org/thepledge.html
1897 + Crawling http://freeflorida.org/ffi.html
1898 + Crawling http://freeflorida.org/southern_nation.html
1899 + Crawling http://freeflorida.org/florida_republic.html
1900 + Crawling http://freeflorida.org/reform.html
1901 + Crawling http://freeflorida.org/kithandkin.html
1902 + Crawling http://freeflorida.org/league_theocracy.html
1903 + Crawling http://freeflorida.org/great_divide.html
1904 + Crawling http://freeflorida.org/islamic_invasion.html (404 Not Found)
1905 + Crawling https://freeflorida.org/
1906 + Crawling http://freeflorida.org/
1907 + Crawling https://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1908 + Crawling https://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1909 + Crawling http://freeflorida.org/noliberty.html
1910 + Crawling http://freeflorida.org/secession/
1911 + Crawling http://freeflorida.org/repeal/
1912 + Crawling https://freeflorida.org/chipin/join.html
1913 + Crawling http://freeflorida.org/states_rights1.html
1914 + Crawling https://freeflorida.org/widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
1915 + Crawling https://freeflorida.org/0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
1916 + Crawling https://freeflorida.org/stats.wp.com/w.js?56 (404 Not Found)
1917 + Crawling https://freeflorida.org/contact/form.php
1918 + Crawling http://freeflorida.org/images/apopka-1.jpg?w=300&h=201 (File! Not crawling it.)
1919 + Crawling http://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1920 + Crawling http://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1921 + Crawling https://freeflorida.org/Media-1.html
1922 + Crawling https://freeflorida.org/secession/form.php
1923 + Crawling https://freeflorida.org/repeal/form.php
1924 + Crawling https://freeflorida.org/code.jquery.com (404 Not Found)
1925 + Crawling https://freeflorida.org/s.w.org (404 Not Found)
1926 + Crawling https://freeflorida.org/v0.wordpress.com (404 Not Found)
1927 + Crawling https://freeflorida.org/c0.wp.com (404 Not Found)
1928 + Crawling http://freeflorida.org/index.html
1929 + Crawling http://freeflorida.org/states_rights2.html
1930 + Crawling http://freeflorida.org/states_rights3.html
1931 + Crawling http://freeflorida.org/states_rights4.html
1932 + Searching for directories...
1933 - Found: https://freeflorida.org/chipin/
1934 - Found: https://freeflorida.org/archives/
1935 - Found: https://freeflorida.org/widgets.wp.com/
1936 - Found: https://freeflorida.org/widgets.wp.com/likes/
1937 - Found: https://freeflorida.org/0.gravatar.com/
1938 - Found: https://freeflorida.org/0.gravatar.com/js/
1939 - Found: https://freeflorida.org/stats.wp.com/
1940 - Found: https://freeflorida.org/contact/
1941 - Found: https://freeflorida.org/secession/
1942 - Found: https://freeflorida.org/repeal/
1943 - Found: https://freeflorida.org/images/
1944 - Found: https://freeflorida.org/chipin/images/
1945 - Found: https://freeflorida.org/s7.addthis.com/
1946 - Found: https://freeflorida.org/s7.addthis.com/js/
1947 - Found: https://freeflorida.org/s7.addthis.com/js/300/
1948 + Searching open folders...
1949 - https://freeflorida.org/chipin/ (403 Forbidden)
1950 - https://freeflorida.org/archives/ (403 Forbidden)
1951 - https://freeflorida.org/widgets.wp.com/ (404 Not Found)
1952 - https://freeflorida.org/widgets.wp.com/likes/ (404 Not Found)
1953 - https://freeflorida.org/0.gravatar.com/ (404 Not Found)
1954 - https://freeflorida.org/0.gravatar.com/js/ (404 Not Found)
1955 - https://freeflorida.org/stats.wp.com/ (404 Not Found)
1956 - https://freeflorida.org/contact/ (No Open Folder)
1957 - https://freeflorida.org/secession/ (No Open Folder)
1958 - https://freeflorida.org/repeal/ (No Open Folder)
1959 - https://freeflorida.org/images/ (403 Forbidden)
1960 - https://freeflorida.org/chipin/images/ (403 Forbidden)
1961 - https://freeflorida.org/s7.addthis.com/ (404 Not Found)
1962 - https://freeflorida.org/s7.addthis.com/js/ (404 Not Found)
1963 - https://freeflorida.org/s7.addthis.com/js/300/ (404 Not Found)
1964 + Crawl finished successfully.
1965----------------------------------------------------------------------
1966Summary of https://https://freeflorida.org
1967----------------------------------------------------------------------
1968+ Links crawled:
1969 - Http://freeflorida.org
1970 - http://freeflorida.org
1971 - http://freeflorida.org/
1972 - http://freeflorida.org/Media-1.html
1973 - http://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
1974 - http://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
1975 - http://freeflorida.org/contact.html
1976 - http://freeflorida.org/corebeliefs.html
1977 - http://freeflorida.org/ffi.html
1978 - http://freeflorida.org/florida_republic.html
1979 - http://freeflorida.org/great_divide.html
1980 - http://freeflorida.org/index.html
1981 - http://freeflorida.org/islamic_invasion.html (404 Not Found)
1982 - http://freeflorida.org/kithandkin.html
1983 - http://freeflorida.org/league_theocracy.html
1984 - http://freeflorida.org/noliberty.html
1985 - http://freeflorida.org/reform.html
1986 - http://freeflorida.org/repeal/
1987 - http://freeflorida.org/secession/
1988 - http://freeflorida.org/southern_nation.html
1989 - http://freeflorida.org/states_rights1.html
1990 - http://freeflorida.org/states_rights2.html
1991 - http://freeflorida.org/states_rights3.html
1992 - http://freeflorida.org/states_rights4.html
1993 - http://freeflorida.org/strategy.html
1994 - http://freeflorida.org/thefederalflag.html
1995 - http://freeflorida.org/thepledge.html
1996 - http://freeflorida.org/whatistheleague.html
1997 - https://freeflorida.org
1998 - https://freeflorida.org/
1999 - https://freeflorida.org/0.gravatar.com/js/gprofiles.js?ver=201830y (404 Not Found)
2000 - https://freeflorida.org/Media-1.html
2001 - https://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
2002 - https://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
2003 - https://freeflorida.org/c0.wp.com (404 Not Found)
2004 - https://freeflorida.org/chipin/join.html
2005 - https://freeflorida.org/chipin/support.html
2006 - https://freeflorida.org/code.jquery.com (404 Not Found)
2007 - https://freeflorida.org/confederatetn.wordpress.com (404 Not Found)
2008 - https://freeflorida.org/contact/form.php
2009 - https://freeflorida.org/fonts.googleapis.com (404 Not Found)
2010 - https://freeflorida.org/repeal/form.php
2011 - https://freeflorida.org/s.w.org (404 Not Found)
2012 - https://freeflorida.org/s0.wp.com (404 Not Found)
2013 - https://freeflorida.org/s1.wp.com (404 Not Found)
2014 - https://freeflorida.org/s2.wp.com (404 Not Found)
2015 - https://freeflorida.org/secession/form.php
2016 - https://freeflorida.org/stats.wp.com/w.js?56 (404 Not Found)
2017 - https://freeflorida.org/v0.wordpress.com (404 Not Found)
2018 - https://freeflorida.org/widgets.wp.com/likes/index.html?ver=20180319 (404 Not Found)
2019 Total links crawled: 50
2020
2021+ Links to files found:
2022 - http://freeflorida.org/images/FloridaFlagWallLogo.jpg?w=180
2023 - http://freeflorida.org/images/aboutbutton.jpg
2024 - http://freeflorida.org/images/apopka-1.jpg?w=300&h=201
2025 - http://freeflorida.org/images/bonnieblue.gif
2026 - http://freeflorida.org/images/bonnieblue.ico
2027 - http://freeflorida.org/images/contactbutton.jpg
2028 - http://freeflorida.org/images/delegateapplicationhershey.jpg
2029 - http://freeflorida.org/images/fllos%20logo.png
2030 - http://freeflorida.org/images/floridapin.gif
2031 - http://freeflorida.org/images/freemagnoliaad.jpg
2032 - http://freeflorida.org/images/header2.png
2033 - http://freeflorida.org/images/joinbutton.jpg
2034 - http://freeflorida.org/images/logo-goodsearch.jpg
2035 - http://freeflorida.org/images/sidestripjoinusbutton.png
2036 - http://freeflorida.org/images/sidestripjoinusbutton1.png
2037 - http://freeflorida.org/images/upperhome2.jpg
2038 - http://freeflorida.org/repeal/images/DuvalCourthouse3.jpg
2039 - http://freeflorida.org/repeal/images/facebook_icon.ico
2040 - http://freeflorida.org/www.goodsearch.com/badge.css
2041 - https://freeflorida.org/chipin/images/donate_now_button1.jpg
2042 - https://freeflorida.org/chipin/images/fllos logo.jpg
2043 - https://freeflorida.org/images/apopka-1.jpg
2044 - https://freeflorida.org/images/contactusbutton.jpg
2045 - https://freeflorida.org/images/fllos_logo.png
2046 - https://freeflorida.org/images/header4.png
2047 - https://freeflorida.org/images/joinnowbutton.jpg
2048 - https://freeflorida.org/images/officialsealforindex.jpg
2049 - https://freeflorida.org/images/upperhome.jpg
2050 - https://freeflorida.org/s7.addthis.com/js/300/addthis_widget.js
2051 Total links to files: 29
2052
2053+ Externals links found:
2054 - http://buysouthern.info/
2055 - http://chipin.freeflorida.org
2056 - http://coolchange.net/discussions/index.html
2057 - http://dixienet.org/
2058 - http://dixienet.org/rebellion/rebellion.html
2059 - http://gmpg.org/xfn/11
2060 - http://laws.findlaw.com/us/317/111.html
2061 - http://leagueofthesouth.com/
2062 - http://northfloridals.org/
2063 - http://phpfmg.sourceforge.net
2064 - http://s7.addthis.com/js/250/addthis_widget.js
2065 - http://southernnationalcongress.org/truths/what_is_states_rights_crane20101502.shtml
2066 - http://southernnationalcongress.org/truths/what_is_states_rights_crane_p2_20100103.shtml
2067 - http://southernnationalist.com/
2068 - http://thesnc.org/
2069 - http://thesnc.org/Florida/
2070 - http://www.buysouthern.info/
2071 - http://www.coffeecamp.org/
2072 - http://www.dixiebroadcasting.com/
2073 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFlorida-League-of-the-South%2F146323218769078&width=292&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=62
2074 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FRestoring-Floridas-Sovereignty-882663665236500&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
2075 - http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FRestoringFloridasSovereignty&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
2076 - http://www.formmail-maker.com
2077 - http://www.goodsearch.com/?charityid=826416
2078 - http://www.missourilos.org/whatistheleague.shtml
2079 - http://www.petitiononline.com/cripps/petition.html
2080 - http://www.petitiononline.com/union/petition.html
2081 - http://www.thesnc.org
2082 - http://www.thesnc.org/
2083 - http://www.thesnc.org/custpage.cfm?frm=10810&form=10810
2084 - https://c0.wp.com/c/5.2.4/wp-includes/css/dashicons.min.css
2085 - https://c0.wp.com/c/5.2.4/wp-includes/css/dist/block-library/style.min.css
2086 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/jquery-migrate.min.js
2087 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/jquery.js
2088 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/ui/core.min.js
2089 - https://c0.wp.com/c/5.2.4/wp-includes/js/jquery/ui/datepicker.min.js
2090 - https://c0.wp.com/c/5.2.4/wp-includes/js/wp-embed.min.js
2091 - https://c0.wp.com/p/jetpack/7.3.2/_inc/genericons/genericons/genericons.css
2092 - https://c0.wp.com/p/jetpack/7.3.2/css/jetpack.css
2093 - https://c0.wp.com/p/woocommerce/3.6.4/assets/css/woocommerce-layout.css
2094 - https://c0.wp.com/p/woocommerce/3.6.4/assets/css/woocommerce-smallscreen.css
2095 - https://c0.wp.com/p/woocommerce/3.6.4/assets/css/woocommerce.css
2096 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/frontend/add-to-cart.min.js
2097 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/frontend/cart-fragments.min.js
2098 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/frontend/woocommerce.min.js
2099 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/jquery-blockui/jquery.blockUI.min.js
2100 - https://c0.wp.com/p/woocommerce/3.6.4/assets/js/js-cookie/js.cookie.min.js
2101 - https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css?ver=5.2.4
2102 - https://confederatetn.org/comments/feed/
2103 - https://confederatetn.org/feed/
2104 - https://confederatetn.org/osd.xml
2105 - https://confederatetn.wordpress.com/xmlrpc.php?rsd
2106 - https://connect.freeflorida.org
2107 - https://connect.freeflorida.org/
2108 - https://connect.freeflorida.org/about/
2109 - https://connect.freeflorida.org/about/feed/
2110 - https://connect.freeflorida.org/cart/
2111 - https://connect.freeflorida.org/comments/feed/
2112 - https://connect.freeflorida.org/feed/
2113 - https://connect.freeflorida.org/my-account/
2114 - https://connect.freeflorida.org/product-category/enrollment/
2115 - https://connect.freeflorida.org/product-category/merchandise/
2116 - https://connect.freeflorida.org/product-category/merchandise//
2117 - https://connect.freeflorida.org/product-category/promotional-literature/
2118 - https://connect.freeflorida.org/product/donate/
2119 - https://connect.freeflorida.org/wp-content/plugins/apply-online/public/css/applyonline-public.css?ver=1.9.94
2120 - https://connect.freeflorida.org/wp-content/plugins/apply-online/public/css/bootstrap.min.css?ver=1.9.94
2121 - https://connect.freeflorida.org/wp-content/plugins/apply-online/public/js/applyonline-public.js?ver=1.9.94
2122 - https://connect.freeflorida.org/wp-content/plugins/woo-gutenberg-products-block/build/style.css?ver=2.1.0
2123 - https://connect.freeflorida.org/wp-content/plugins/yith-donations-for-woocommerce/assets/css/ywcds_free_frontend.css?ver=1.1.5
2124 - https://connect.freeflorida.org/wp-content/plugins/yith-donations-for-woocommerce/assets/js/ywcds_free_frontend.min.js?ver=1.1.5
2125 - https://connect.freeflorida.org/wp-content/themes/tortuga/assets/css/custom-fonts.css?ver=20180413
2126 - https://connect.freeflorida.org/wp-content/themes/tortuga/assets/js/html5shiv.min.js?ver=3.7.3
2127 - https://connect.freeflorida.org/wp-content/themes/tortuga/assets/js/navigation.js?ver=20160719
2128 - https://connect.freeflorida.org/wp-content/themes/tortuga/style.css?ver=1.7.2
2129 - https://connect.freeflorida.org/wp-content/uploads/2019/05/cropped-bonnie-blue-180x180.jpg
2130 - https://connect.freeflorida.org/wp-content/uploads/2019/05/cropped-bonnie-blue-192x192.jpg
2131 - https://connect.freeflorida.org/wp-content/uploads/2019/05/cropped-bonnie-blue-32x32.jpg
2132 - https://connect.freeflorida.org/wp-content/uploads/2019/11/Florida-Flag-Wall-Logo-360px.jpg
2133 - https://connect.freeflorida.org/wp-includes/wlwmanifest.xml
2134 - https://connect.freeflorida.org/wp-json/
2135 - https://connect.freeflorida.org/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fconnect.freeflorida.org%2Fabout%2F
2136 - https://connect.freeflorida.org/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fconnect.freeflorida.org%2Fabout%2F&
2137 - https://connect.freeflorida.org/xmlrpc.php
2138 - https://connect.freeflorida.org/xmlrpc.php?rsd
2139 - https://docs.google.com/forms/d/1AQqQgD1J4513q1wJYSUaj55KNtonR3eSwWV0LO7clHU/viewform
2140 - https://fonts.googleapis.com/css?family=Work+Sans%3A800%7CKarla%3A400%2C400italic%2C700%2C700italic&
2141 - https://leagueofthesouth.com
2142 - https://lspanhandle.org/
2143 - https://pixel.wp.com/b.gif?v=noscript
2144 - https://platform.twitter.com/widgets.js?ver=20111117
2145 - https://r-login.wordpress.com/remote-login.php?action=js&host=confederatetn.org&id=140820469&t=1532779536&back=https%3A%2F%2Fconfederatetn.org%2F
2146 - https://s0.wp.com/_static/??-eJx9jVEKAjEMRC9kDVVB/RDP0u3GGmmbpcmyeHsrRaiI+zfDzJuBZTKes2JWSLOZ4hwoCwTMWKgGf+TWi2ygY/WOCQWmeYDII4q6ApR9rXhORvQZ8Yfp/hYaA6qAsCcXTbvrTYMJMmsLP2JtNSCbyN4pcf4y5hYdlTW04BA5VBmgtjr7hq7pYg/n4+5k7d4+Xv4NeSo=?cssminify=yes
2147 - https://s0.wp.com/_static/??-eJyVy0sOQEAMANALqcYvYSHOgmkmpWoyirg9WyuxfIuHZ4BxVSM1XHYIsnvWDe1kM4owSD/OA0cHgQmVDoqkjtWn05bgnxu+Hws58L0IxeutZ3VLm1V5WRVlU+fTDQ0qQ9Y=
2148 - https://s0.wp.com/_static/??/wp-content/mu-plugins/actionbar/actionbar.css,/wp-content/themes/h4/global.css?m=1516985148j&cssminify=yes
2149 - https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201948
2150 - https://s0.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel.css?m=1524699534h&cssminify=yes
2151 - https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
2152 - https://s1.wp.com/_static/??-eJyFkOsKwjAMhV/Irk4m7o/4LF2XjdT1YpNu6NNbhyLKphAISb4TTiKnINDpIbVA0uS4JIjXZyoMbeQvQFjso2IoLLoXrL1jcPxgrW9wAJEIoupzLy/q/AIXPLEFogwtTD8toRsRpr+YAQ5Kn0UEwhssHULh7Xn9A2sUTZ1vDGj+dhKG1KMjOWILXioi4Fkw1yHboaw42WNZ1YddXe6rrbkDYLSQ+w==
2153 - https://s1.wp.com/opensearch.xml
2154 - https://s1.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel-ie8fix.css?m=1412618825h&
2155 - https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h
2156 - https://s1.wp.com/wp-includes/wlwmanifest.xml
2157 - https://s2.wp.com/_static/??-eJx9j9EOwiAMRX9IRDSa7MH4LYxVx0ahWUuW/b3MRR/U8NLc25yb3uqZlEtRIIrGrCjkh4+sZ3IJFaMPsHy5vWPe6f+x4EdgPYCQdaN6uRru491HL8tH1GCXJih7JCsrgdB5CwGwYLUY0uWdWmVfilU7bb+2LU3ArMpEn1FJXw795ra1ptzqkDpgsZNmWQKs5A2v5nw6moNpTDM8ARbshzo=?cssminify=yes
2158 - https://s2.wp.com/_static/??-eJyVkEFuwzAMBD9UlUiT9BbkLbRMO7QlShUpJ/l95UPTogcDvi3InQFBuGfnkxiJwaTQ08Ke8uN90jf4s4rV5VBHFoXAMyl8Vap0Q+kDlY0yy8DC9nyF/127UWy6XDsIqSc1LICqZLqeI7jwiMZJ9nFjSB2GfYzOnF1gmd2QfFU38NYXsI8srmuGiGpUWnJpoVK4iX9nOw1W0M+6Bfn1GSv0ShttjyVVpQATWW5m9zNozDVeDuePz9PhfDyepm8ItMMz
2159 - https://s2.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1521806916j
2160 - https://s2.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes
2161 - https://s2.wp.com/wp-content/mu-plugins/highlander-comments/style-ie7.css?m=1351637563h&
2162 - https://s2.wp.com/wp-content/mu-plugins/tiled-gallery/tiled-gallery.css?m=1443731146h&cssminify=yes
2163 - https://stats.wp.com/e-201948.js
2164 - https://stats.wp.com/s-201948.js
2165 - https://thefreemagnolia.com/
2166 - https://themezee.com/themes/tortuga/
2167 - https://wp.me/9wRPT
2168 - https://wp.me/PaODrl-2
2169 - https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Ffreeflorida.org&width=300&layout=standard&action=like&size=large&show_faces=true&share=true&height=80&appId
2170 - https://www.facebook.com/sharer/sharer.php?u=http://freeflorida.org/repeal/index.html
2171 - https://www.flsenate.gov/Session/Bill/2019/00168/?Tab=Amendments
2172 - https://www.goodsearch.com/register
2173 - https://www.goodsearch.org/?charityid=826416
2174 - https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
2175 - https://www.paypalobjects.com/en_US/i/scr/pixel.gif
2176 - https://www.youtube.com/embed/0qbhnmGoQGc
2177 - https://www.youtube.com/embed/Fb8WGZXxi2c
2178 - https://www.youtube.com/embed/FgWbhmpNVe0
2179 - https://www.youtube.com/embed/QkSozbGsonE
2180 - https://www.youtube.com/embed/RGcZnM0dq-c
2181 - https://www.youtube.com/embed/Wh8I9kcgMCE
2182 - https://www.youtube.com/embed/jyV-hkoPLdA
2183 - https://www.youtube.com/embed/sJz9ZpQYsLA
2184 Total external links: 130
2185
2186+ Email addresses found:
2187 Total email address found: 0
2188
2189+ Directories found:
2190 - https://freeflorida.org/0.gravatar.com/ (404 Not Found)
2191 - https://freeflorida.org/0.gravatar.com/js/ (404 Not Found)
2192 - https://freeflorida.org/archives/ (403 Forbidden)
2193 - https://freeflorida.org/chipin/ (403 Forbidden)
2194 - https://freeflorida.org/chipin/images/ (403 Forbidden)
2195 - https://freeflorida.org/contact/ (No open folder)
2196 - https://freeflorida.org/images/ (403 Forbidden)
2197 - https://freeflorida.org/repeal/ (No open folder)
2198 - https://freeflorida.org/s7.addthis.com/ (404 Not Found)
2199 - https://freeflorida.org/s7.addthis.com/js/ (404 Not Found)
2200 - https://freeflorida.org/s7.addthis.com/js/300/ (404 Not Found)
2201 - https://freeflorida.org/secession/ (No open folder)
2202 - https://freeflorida.org/stats.wp.com/ (404 Not Found)
2203 - https://freeflorida.org/widgets.wp.com/ (404 Not Found)
2204 - https://freeflorida.org/widgets.wp.com/likes/ (404 Not Found)
2205 Total directories: 15
2206
2207+ Directory indexing found:
2208 Total directories with indexing: 0
2209
2210----------------------------------------------------------------------
2211
2212
2213 + URL to crawl: https://www.freeflorida.org.
2214 + Date: 2019-11-25
2215
2216 + Crawling URL: https://www.freeflorida.org.:
2217 + Links:
2218 + Crawling https://www.freeflorida.org.
2219 + Searching for directories...
2220 + Searching open folders...
2221
2222
2223 + URL to crawl: https://ftp.freeflorida.org.
2224 + Date: 2019-11-25
2225
2226 + Crawling URL: https://ftp.freeflorida.org.:
2227 + Links:
2228 + Crawling https://ftp.freeflorida.org.
2229 + Searching for directories...
2230 + Searching open folders...
2231
2232
2233 + URL to crawl: https://webmail.freeflorida.org.
2234 + Date: 2019-11-25
2235
2236 + Crawling URL: https://webmail.freeflorida.org.:
2237 + Links:
2238 + Crawling https://webmail.freeflorida.org.
2239 + Searching for directories...
2240 + Searching open folders...
2241
2242--Finished--
2243Summary information for domain freeflorida.org.
2244-----------------------------------------
2245 Domain Specific Information:
2246 Email: info@freeflorida.org�
2247
2248 Domain Ips Information:
2249 IP: 192.185.138.16
2250 HostName: ns903.websitewelcome.com Type: NS
2251 HostName: ns903.websitewelcome.com Type: PTR
2252 Country: United States
2253 Is Active: True (reset ttl 64)
2254 IP: 192.185.138.160
2255 HostName: ns904.websitewelcome.com Type: NS
2256 HostName: ns904.websitewelcome.com Type: PTR
2257 Country: United States
2258 Is Active: True (reset ttl 64)
2259 Port: 53/tcp open domain syn-ack ttl 46 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
2260 Script Info: | dns-nsid:
2261 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
2262 Port: 80/tcp open http syn-ack ttl 47 Apache httpd
2263 Script Info: |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
2264 Script Info: | http-methods:
2265 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2266 Script Info: |_http-server-header: Apache
2267 Script Info: | http-title: 404 - PAGE NOT FOUND
2268 Script Info: |_Requested resource was /404.html
2269 Script Info: |_http-trane-info: Problem with XML parsing of /evox/about
2270 Port: 110/tcp open pop3 syn-ack ttl 47 Dovecot pop3d
2271 Script Info: |_pop3-capabilities: SASL(PLAIN LOGIN) STLS UIDL TOP USER CAPA PIPELINING RESP-CODES AUTH-RESP-CODE
2272 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2273 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2274 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2275 Script Info: | Public Key type: rsa
2276 Script Info: | Public Key bits: 2048
2277 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2278 Script Info: | Not valid before: 2018-10-15T00:00:00
2279 Script Info: | Not valid after: 2020-10-21T23:59:59
2280 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2281 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2282 Script Info: |_ssl-date: 2019-11-25T18:51:48+00:00; -1s from scanner time.
2283 Port: 143/tcp open imap syn-ack ttl 46 Dovecot imapd
2284 Script Info: |_imap-capabilities: Pre-login IMAP4rev1 more OK capabilities NAMESPACE AUTH=PLAIN AUTH=LOGINA0001 ID LOGIN-REFERRALS ENABLE post-login IDLE have STARTTLS LITERAL+ SASL-IR listed
2285 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2286 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2287 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2288 Script Info: | Public Key type: rsa
2289 Script Info: | Public Key bits: 2048
2290 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2291 Script Info: | Not valid before: 2018-10-15T00:00:00
2292 Script Info: | Not valid after: 2020-10-21T23:59:59
2293 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2294 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2295 Script Info: |_ssl-date: 2019-11-25T18:51:48+00:00; -1s from scanner time.
2296 Port: 443/tcp open ssl/http syn-ack ttl 46 Apache httpd
2297 Script Info: |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
2298 Script Info: | http-methods:
2299 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2300 Script Info: |_http-server-header: Apache
2301 Script Info: | http-title: 404 - PAGE NOT FOUND
2302 Script Info: |_Requested resource was /404.html
2303 Script Info: |_http-trane-info: Problem with XML parsing of /evox/about
2304 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2305 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2306 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2307 Script Info: | Public Key type: rsa
2308 Script Info: | Public Key bits: 2048
2309 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2310 Script Info: | Not valid before: 2018-10-15T00:00:00
2311 Script Info: | Not valid after: 2020-10-21T23:59:59
2312 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2313 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2314 Script Info: |_ssl-date: TLS randomness does not represent time
2315 Script Info: | tls-alpn:
2316 Script Info: | h2
2317 Script Info: |_ http/1.1
2318 Port: 993/tcp open ssl/imap syn-ack ttl 46 Dovecot imapd
2319 Script Info: |_imap-capabilities: Pre-login IMAP4rev1 more OK capabilities NAMESPACE AUTH=PLAIN AUTH=LOGINA0001 ID LOGIN-REFERRALS ENABLE post-login IDLE have SASL-IR LITERAL+ listed
2320 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2321 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2322 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2323 Script Info: | Public Key type: rsa
2324 Script Info: | Public Key bits: 2048
2325 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2326 Script Info: | Not valid before: 2018-10-15T00:00:00
2327 Script Info: | Not valid after: 2020-10-21T23:59:59
2328 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2329 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2330 Script Info: |_ssl-date: 2019-11-25T18:51:48+00:00; 0s from scanner time.
2331 Port: 995/tcp open ssl/pop3 syn-ack ttl 46 Dovecot pop3d
2332 Script Info: |_pop3-capabilities: AUTH-RESP-CODE USER CAPA SASL(PLAIN LOGIN) PIPELINING UIDL TOP RESP-CODES
2333 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2334 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2335 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2336 Script Info: | Public Key type: rsa
2337 Script Info: | Public Key bits: 2048
2338 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2339 Script Info: | Not valid before: 2018-10-15T00:00:00
2340 Script Info: | Not valid after: 2020-10-21T23:59:59
2341 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2342 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2343 Script Info: |_ssl-date: 2019-11-25T18:51:48+00:00; 0s from scanner time.
2344 Port: 3306/tcp open mysql syn-ack ttl 46 MySQL 5.6.41-84.1
2345 Script Info: | mysql-info:
2346 Script Info: | Protocol: 10
2347 Script Info: | Version: 5.6.41-84.1
2348 Script Info: | Thread ID: 8650589
2349 Script Info: | Capabilities flags: 65535
2350 Script Info: | Some Capabilities: FoundRows, Support41Auth, Speaks41ProtocolNew, LongColumnFlag, ODBCClient, LongPassword, Speaks41ProtocolOld, SwitchToSSLAfterHandshake, IgnoreSigpipes, ConnectWithDatabase, InteractiveClient, SupportsCompression, SupportsTransactions, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
2351 Script Info: | Status: Autocommit
2352 Script Info: | Salt: .,4`geDcGwC'8&QHSGM-
2353 Script Info: |_ Auth Plugin Name: mysql_native_password
2354 Script Info: | vulners:
2355 Script Info: | MySQL 5.6.41-84.1:
2356 Script Info: |_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
2357 Os Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
2358 IP: 192.185.138.18
2359 HostName: freeflorida.org Type: MX
2360 HostName: 192-185-138-18.unifiedlayer.com Type: PTR
2361 HostName: www.freeflorida.org. Type: A
2362 HostName: ftp.freeflorida.org. Type: A
2363 HostName: mail.freeflorida.org. Type: A
2364 HostName: webmail.freeflorida.org. Type: A
2365 Country: United States
2366 Is Active: True (reset ttl 64)
2367 Port: 53/tcp open domain syn-ack ttl 46 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
2368 Script Info: | dns-nsid:
2369 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
2370 Port: 80/tcp open http syn-ack ttl 46 Apache httpd
2371 Script Info: |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
2372 Script Info: | http-methods:
2373 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2374 Script Info: |_http-server-header: Apache
2375 Script Info: | http-title: 404 - PAGE NOT FOUND
2376 Script Info: |_Requested resource was /404.html
2377 Script Info: |_http-trane-info: Problem with XML parsing of /evox/about
2378 Port: 110/tcp open pop3 syn-ack ttl 47 Dovecot pop3d
2379 Script Info: |_pop3-capabilities: UIDL TOP AUTH-RESP-CODE SASL(PLAIN LOGIN) PIPELINING CAPA USER STLS RESP-CODES
2380 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2381 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2382 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2383 Script Info: | Public Key type: rsa
2384 Script Info: | Public Key bits: 2048
2385 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2386 Script Info: | Not valid before: 2018-10-15T00:00:00
2387 Script Info: | Not valid after: 2020-10-21T23:59:59
2388 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2389 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2390 Script Info: |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
2391 Port: 143/tcp open imap syn-ack ttl 46 Dovecot imapd
2392 Script Info: |_imap-capabilities: post-login listed NAMESPACE have SASL-IR more IDLE IMAP4rev1 LOGIN-REFERRALS ENABLE STARTTLS AUTH=PLAIN LITERAL+ OK ID Pre-login capabilities AUTH=LOGINA0001
2393 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2394 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2395 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2396 Script Info: | Public Key type: rsa
2397 Script Info: | Public Key bits: 2048
2398 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2399 Script Info: | Not valid before: 2018-10-15T00:00:00
2400 Script Info: | Not valid after: 2020-10-21T23:59:59
2401 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2402 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2403 Script Info: |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
2404 Port: 443/tcp open ssl/http syn-ack ttl 47 Apache httpd
2405 Script Info: |_http-favicon: Unknown favicon MD5: A8063BD37D3C8FB3176A6BF140558A4D
2406 Script Info: | http-methods:
2407 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2408 Script Info: |_http-server-header: Apache
2409 Script Info: | http-title: 404 - PAGE NOT FOUND
2410 Script Info: |_Requested resource was /404.html
2411 Script Info: |_http-trane-info: Problem with XML parsing of /evox/about
2412 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2413 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2414 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2415 Script Info: | Public Key type: rsa
2416 Script Info: | Public Key bits: 2048
2417 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2418 Script Info: | Not valid before: 2018-10-15T00:00:00
2419 Script Info: | Not valid after: 2020-10-21T23:59:59
2420 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2421 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2422 Script Info: |_ssl-date: TLS randomness does not represent time
2423 Script Info: | tls-alpn:
2424 Script Info: | h2
2425 Script Info: |_ http/1.1
2426 Port: 465/tcp open ssl/smtps? syn-ack ttl 46
2427 Script Info: | smtp-commands: trailblazer.websitewelcome.com Hello nmap.scanme.org [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
2428 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2429 Port: 587/tcp open smtp syn-ack ttl 47 Exim smtpd 4.92
2430 Script Info: | smtp-commands: trailblazer.websitewelcome.com Hello nmap.scanme.org [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
2431 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2432 Script Info: | vulners:
2433 Script Info: | cpe:/a:exim:exim:4.92:
2434 Script Info: | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
2435 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
2436 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
2437 Port: 993/tcp open ssl/imap syn-ack ttl 47 Dovecot imapd
2438 Script Info: |_imap-capabilities: post-login listed NAMESPACE have AUTH=LOGINA0001 IDLE IMAP4rev1 LOGIN-REFERRALS ENABLE more AUTH=PLAIN LITERAL+ OK ID Pre-login capabilities SASL-IR
2439 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2440 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2441 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2442 Script Info: | Public Key type: rsa
2443 Script Info: | Public Key bits: 2048
2444 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2445 Script Info: | Not valid before: 2018-10-15T00:00:00
2446 Script Info: | Not valid after: 2020-10-21T23:59:59
2447 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2448 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2449 Script Info: |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
2450 Port: 995/tcp open ssl/pop3 syn-ack ttl 46 Dovecot pop3d
2451 Script Info: |_pop3-capabilities: TOP PIPELINING UIDL CAPA AUTH-RESP-CODE USER SASL(PLAIN LOGIN) RESP-CODES
2452 Script Info: | ssl-cert: Subject: commonName=*.websitewelcome.com
2453 Script Info: | Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2454 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2455 Script Info: | Public Key type: rsa
2456 Script Info: | Public Key bits: 2048
2457 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2458 Script Info: | Not valid before: 2018-10-15T00:00:00
2459 Script Info: | Not valid after: 2020-10-21T23:59:59
2460 Script Info: | MD5: b981 fa74 cae8 343b edda 9f8b 6716 bfcb
2461 Script Info: |_SHA-1: c79a 1785 5dc8 ad73 1c7b 0dae 8d54 e2c0 a825 57bc
2462 Script Info: |_ssl-date: 2019-11-25T18:52:22+00:00; 0s from scanner time.
2463 Port: 3306/tcp open mysql syn-ack ttl 47 MySQL 5.6.41-84.1
2464 Script Info: | mysql-info:
2465 Script Info: | Protocol: 10
2466 Script Info: | Version: 5.6.41-84.1
2467 Script Info: | Thread ID: 8650746
2468 Script Info: | Capabilities flags: 65535
2469 Script Info: | Some Capabilities: Support41Auth, InteractiveClient, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, SupportsTransactions, Speaks41ProtocolNew, LongPassword, SwitchToSSLAfterHandshake, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, IgnoreSigpipes, SupportsCompression, ODBCClient, ConnectWithDatabase, LongColumnFlag, FoundRows, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
2470 Script Info: | Status: Autocommit
2471 Script Info: | Salt: c+Fa5%Vaf[tZBzddHzNY
2472 Script Info: |_ Auth Plugin Name: mysql_native_password
2473 Script Info: | vulners:
2474 Script Info: | MySQL 5.6.41-84.1:
2475 Script Info: |_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
2476 Os Info: Host: trailblazer.websitewelcome.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
2477#######################################################################################################################################
2478raceroute to freeflorida.org (192.185.138.18), 30 hops max, 60 byte packets
2479 1 10.251.204.1 (10.251.204.1) 22.652 ms 51.452 ms 70.125 ms
2480 2 vlan102.as02.qc1.ca.m247.com (176.113.74.17) 70.162 ms 70.162 ms 70.075 ms
2481 3 irb-0.agg1.qc1.ca.m247.com (37.120.128.168) 129.905 ms 129.914 ms 129.881 ms
2482 4 te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44) 70.046 ms 70.078 ms 70.045 ms
2483 5 ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98) 70.015 ms 69.931 ms 69.936 ms
2484 6 if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26) 69.995 ms 32.177 ms 27.711 ms
2485 7 if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90) 55.503 ms 55.432 ms 55.433 ms
2486 8 if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58) 55.464 ms 72.848 ms 72.850 ms
2487 9 if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21) 54.958 ms 55.264 ms 55.322 ms
248810 if-ae-7-5.tcore1.nto-new-york.as6453.net (63.243.128.141) 72.760 ms 72.693 ms if-ae-7-2.tcore1.nto-new-york.as6453.net (63.243.128.25) 55.315 ms
248911 if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122) 72.731 ms 72.738 ms 72.681 ms
249012 66.110.96.146 (66.110.96.146) 64.830 ms 66.110.96.138 (66.110.96.138) 98.793 ms 31.101 ms
249113 be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89) 118.820 ms 118.812 ms 58.973 ms
249214 be-10203-cr01.newark.nj.ibone.comcast.net (68.86.85.185) 118.737 ms 118.709 ms 118.661 ms
249315 be-10102-cr02.ashburn.va.ibone.comcast.net (68.86.85.161) 38.614 ms 135.372 ms 73.585 ms
249416 be-10114-cr02.56marietta.ga.ibone.comcast.net (68.86.85.10) 135.349 ms 135.288 ms 135.270 ms
249517 be-11423-cr01.houston.tx.ibone.comcast.net (68.86.85.22) 135.238 ms 135.207 ms 135.172 ms
249618 be-12393-pe01.westwaypark.tx.ibone.comcast.net (68.86.82.130) 63.549 ms 121.871 ms 184.215 ms
249719 as8075-1.2001sixthave.wa.ibone.comcast.net (75.149.230.54) 184.218 ms 184.279 ms 184.233 ms
249820 216.117.50.150 (216.117.50.150) 184.129 ms 91.087 ms 201.207 ms
249921 po101.router2a.hou1.net.unifiedlayer.com (162.241.0.7) 201.159 ms 201.034 ms 201.021 ms
250022 162-241-144-61.unifiedlayer.com (162.241.144.61) 201.017 ms 200.967 ms 162-241-144-63.unifiedlayer.com (162.241.144.63) 133.975 ms
250123 192-185-138-18.unifiedlayer.com (192.185.138.18) 200.923 ms 67.761 ms 127.471 ms
2502#######################################################################################################################################
2503----- freeflorida.org -----
2504
2505
2506Host's addresses:
2507__________________
2508
2509freeflorida.org. 60 IN A 192.185.138.18
2510
2511
2512Name Servers:
2513______________
2514
2515ns903.websitewelcome.com. 84875 IN A 192.185.138.16
2516ns904.websitewelcome.com. 84875 IN A 192.185.138.160
2517
2518
2519Mail (MX) Servers:
2520___________________
2521
2522freeflorida.org. 60 IN A 192.185.138.18
2523
2524
2525Trying Zone Transfers and getting Bind Versions:
2526_________________________________________________
2527
2528
2529
2530Google Results:
2531________________
2532
2533 perhaps Google is blocking our queries.
2534 Check manually.
2535
2536
2537Brute forcing with /usr/share/dnsenum/dns.txt:
2538_______________________________________________
2539
2540ftp.freeflorida.org. 13118 IN CNAME freeflorida.org.
2541freeflorida.org. 60 IN A 192.185.138.18
2542mail.freeflorida.org. 60 IN CNAME freeflorida.org.
2543freeflorida.org. 60 IN A 192.185.138.18
2544webmail.freeflorida.org. 60 IN A 192.185.138.18
2545www.freeflorida.org. 60 IN CNAME freeflorida.org.
2546freeflorida.org. 60 IN A 192.185.138.18
2547
2548
2549Launching Whois Queries:
2550_________________________
2551
2552 whois ip result: 192.185.138.0 -> 192.185.0.0/16
2553
2554
2555freeflorida.org_______________
2556
2557 192.185.0.0/16
2558#######################################################################################################################################
2559Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:17 EST
2560Nmap scan report for freeflorida.org (192.185.138.18)
2561Host is up (0.077s latency).
2562rDNS record for 192.185.138.18: 192-185-138-18.unifiedlayer.com
2563Not shown: 986 closed ports
2564PORT STATE SERVICE
256521/tcp open ftp
256622/tcp filtered ssh
256726/tcp open rsftp
256853/tcp open domain
256980/tcp open http
2570110/tcp open pop3
2571143/tcp open imap
2572443/tcp open https
2573465/tcp open smtps
2574587/tcp open submission
2575993/tcp open imaps
2576995/tcp open pop3s
25772222/tcp open EtherNetIP-1
25783306/tcp open mysql
2579
2580Host script results:
2581| dns-brute:
2582| DNS Brute-force hostnames:
2583| mail.freeflorida.org - 192.185.138.18
2584| ftp.freeflorida.org - 192.185.138.18
2585|_ www.freeflorida.org - 192.185.138.18
2586#######################################################################################################################################
2587Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:15 EST
2588Nmap scan report for freeflorida.org (192.185.138.18)
2589Host is up (0.079s latency).
2590rDNS record for 192.185.138.18: 192-185-138-18.unifiedlayer.com
2591Not shown: 982 closed ports
2592PORT STATE SERVICE
259321/tcp open ftp
259422/tcp filtered ssh
259525/tcp filtered smtp
259626/tcp open rsftp
259753/tcp open domain
259880/tcp open http
2599110/tcp open pop3
2600135/tcp filtered msrpc
2601139/tcp filtered netbios-ssn
2602143/tcp open imap
2603443/tcp open https
2604445/tcp filtered microsoft-ds
2605465/tcp open smtps
2606587/tcp open submission
2607993/tcp open imaps
2608995/tcp open pop3s
26092222/tcp open EtherNetIP-1
26103306/tcp open mysql
2611#######################################################################################################################################
2612WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2613Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 13:41 EST
2614Nmap scan report for 192-185-138-18.unifiedlayer.com (192.185.138.18)
2615Host is up (0.11s latency).
2616Not shown: 483 closed ports, 1 filtered port
2617Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2618PORT STATE SERVICE
261921/tcp open ftp
262053/tcp open domain
262180/tcp open http
2622110/tcp open pop3
2623143/tcp open imap
2624443/tcp open https
2625465/tcp open smtps
2626587/tcp open submission
2627993/tcp open imaps
2628995/tcp open pop3s
26292222/tcp open EtherNetIP-1
26303306/tcp open mysql
2631
2632Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds
2633#######################################################################################################################################
2634Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 13:41 EST
2635Nmap scan report for 192-185-138-18.unifiedlayer.com (192.185.138.18)
2636Host is up (0.080s latency).
2637Not shown: 12 closed ports, 2 filtered ports
2638PORT STATE SERVICE
263953/udp open domain
2640
2641Nmap done: 1 IP address (1 host up) scanned in 7.02 seconds
2642#######################################################################################################################################
2643Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:09 EST
2644Nmap scan report for 192-185-138-18.unifiedlayer.com (192.185.138.18)
2645Host is up (0.082s latency).
2646Not shown: 986 closed ports
2647PORT STATE SERVICE VERSION
264821/tcp open ftp Pure-FTPd
2649| ssl-cert: Subject: commonName=*.websitewelcome.com
2650| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2651| Not valid before: 2018-10-15T00:00:00
2652|_Not valid after: 2020-10-21T23:59:59
2653|_ssl-date: 2019-11-25T19:10:29+00:00; 0s from scanner time.
265422/tcp filtered ssh
265526/tcp open smtp Exim smtpd 4.92
2656| smtp-commands: trailblazer.websitewelcome.com Hello 192-185-138-18.unifiedlayer.com [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
2657|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2658| vulners:
2659| cpe:/a:exim:exim:4.92:
2660| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
2661| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
2662|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
266353/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
2664| dns-nsid:
2665|_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
266680/tcp open http Apache httpd
2667|_http-server-header: Apache
2668110/tcp open pop3 Dovecot pop3d
2669|_pop3-capabilities: UIDL STLS USER SASL(PLAIN LOGIN) CAPA AUTH-RESP-CODE TOP PIPELINING RESP-CODES
2670| ssl-cert: Subject: commonName=*.websitewelcome.com
2671| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2672| Not valid before: 2018-10-15T00:00:00
2673|_Not valid after: 2020-10-21T23:59:59
2674|_ssl-date: 2019-11-25T19:10:30+00:00; 0s from scanner time.
2675143/tcp open imap Dovecot imapd
2676|_imap-capabilities: IDLE AUTH=PLAIN post-login LITERAL+ NAMESPACE ENABLE OK AUTH=LOGINA0001 more SASL-IR capabilities listed STARTTLS have ID Pre-login IMAP4rev1 LOGIN-REFERRALS
2677| ssl-cert: Subject: commonName=*.websitewelcome.com
2678| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2679| Not valid before: 2018-10-15T00:00:00
2680|_Not valid after: 2020-10-21T23:59:59
2681|_ssl-date: 2019-11-25T19:10:29+00:00; 0s from scanner time.
2682443/tcp open ssl/http Apache httpd
2683|_http-server-header: Apache
2684| ssl-cert: Subject: commonName=*.websitewelcome.com
2685| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2686| Not valid before: 2018-10-15T00:00:00
2687|_Not valid after: 2020-10-21T23:59:59
2688|_ssl-date: TLS randomness does not represent time
2689| tls-alpn:
2690| h2
2691|_ http/1.1
2692465/tcp open ssl/smtp Exim smtpd 4.92
2693| smtp-commands: trailblazer.websitewelcome.com Hello 192-185-138-18.unifiedlayer.com [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
2694|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2695| vulners:
2696| cpe:/a:exim:exim:4.92:
2697| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
2698| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
2699|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
2700587/tcp open smtp Exim smtpd 4.92
2701| smtp-commands: trailblazer.websitewelcome.com Hello 192-185-138-18.unifiedlayer.com [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
2702|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2703| vulners:
2704| cpe:/a:exim:exim:4.92:
2705| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
2706| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
2707|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
2708993/tcp open ssl/imap Dovecot imapd
2709| ssl-cert: Subject: commonName=*.websitewelcome.com
2710| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2711| Not valid before: 2018-10-15T00:00:00
2712|_Not valid after: 2020-10-21T23:59:59
2713|_ssl-date: 2019-11-25T19:10:28+00:00; 0s from scanner time.
2714995/tcp open ssl/pop3 Dovecot pop3d
2715|_pop3-capabilities: UIDL PIPELINING TOP USER SASL(PLAIN LOGIN) AUTH-RESP-CODE RESP-CODES CAPA
2716| ssl-cert: Subject: commonName=*.websitewelcome.com
2717| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2718| Not valid before: 2018-10-15T00:00:00
2719|_Not valid after: 2020-10-21T23:59:59
2720|_ssl-date: 2019-11-25T19:10:28+00:00; 0s from scanner time.
27212222/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2722| ssh-hostkey:
2723| 1024 16:f9:22:be:6b:78:1c:99:82:e4:12:05:9c:6e:34:83 (DSA)
2724|_ 2048 bd:05:bb:90:9f:d6:56:b1:71:15:ee:b2:90:46:ce:75 (RSA)
2725| vulners:
2726| cpe:/a:openbsd:openssh:5.3:
2727| CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
2728| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
2729| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
2730| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
2731| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
2732| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
2733| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
2734| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
2735| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
2736|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
27373306/tcp open mysql MySQL 5.6.41-84.1
2738| mysql-info:
2739| Protocol: 10
2740| Version: 5.6.41-84.1
2741| Thread ID: 8655995
2742| Capabilities flags: 65535
2743| Some Capabilities: Support41Auth, Speaks41ProtocolOld, LongColumnFlag, DontAllowDatabaseTableColumn, SupportsTransactions, FoundRows, ConnectWithDatabase, ODBCClient, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, IgnoreSpaceBeforeParenthesis, LongPassword, SupportsCompression, SupportsLoadDataLocal, InteractiveClient, IgnoreSigpipes, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
2744| Status: Autocommit
2745| Salt: W(`.a"#(?E{_J3]]=W|/
2746|_ Auth Plugin Name: mysql_native_password
2747| vulners:
2748| MySQL 5.6.41-84.1:
2749|_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
2750Device type: VoIP adapter
2751Running: Cisco embedded
2752OS CPE: cpe:/h:cisco:unified_call_manager
2753OS details: Cisco Unified Communications Manager VoIP adapter
2754Network Distance: 23 hops
2755Service Info: Host: trailblazer.websitewelcome.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
2756#######################################################################################################################################
2757Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:12 EST
2758Nmap scan report for 192-185-138-18.unifiedlayer.com (192.185.138.18)
2759Host is up (0.075s latency).
2760Not shown: 986 closed ports
2761PORT STATE SERVICE VERSION
276221/tcp open ftp Pure-FTPd
2763| ssl-cert: Subject: commonName=*.websitewelcome.com
2764| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2765| Not valid before: 2018-10-15T00:00:00
2766|_Not valid after: 2020-10-21T23:59:59
2767|_ssl-date: 2019-11-25T19:12:39+00:00; -1s from scanner time.
276822/tcp filtered ssh
276926/tcp open smtp Exim smtpd 4.92
2770|_smtp-commands: Couldn't establish connection on port 26
2771| vulners:
2772| cpe:/a:exim:exim:4.92:
2773| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
2774| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
2775|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
277653/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
2777| dns-nsid:
2778|_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
277980/tcp open http Apache httpd
2780|_http-server-header: Apache
2781110/tcp open pop3 Dovecot pop3d
2782|_pop3-capabilities: AUTH-RESP-CODE STLS TOP USER PIPELINING UIDL RESP-CODES SASL(PLAIN LOGIN) CAPA
2783| ssl-cert: Subject: commonName=*.websitewelcome.com
2784| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2785| Not valid before: 2018-10-15T00:00:00
2786|_Not valid after: 2020-10-21T23:59:59
2787|_ssl-date: 2019-11-25T19:12:41+00:00; 0s from scanner time.
2788143/tcp open imap Dovecot imapd
2789|_imap-capabilities: IMAP4rev1 LOGIN-REFERRALS LITERAL+ post-login listed STARTTLS NAMESPACE AUTH=PLAIN Pre-login SASL-IR IDLE ID more ENABLE OK have capabilities AUTH=LOGINA0001
2790| ssl-cert: Subject: commonName=*.websitewelcome.com
2791| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2792| Not valid before: 2018-10-15T00:00:00
2793|_Not valid after: 2020-10-21T23:59:59
2794|_ssl-date: 2019-11-25T19:12:40+00:00; 0s from scanner time.
2795443/tcp open ssl/http Apache httpd
2796|_http-server-header: Apache
2797| ssl-cert: Subject: commonName=*.websitewelcome.com
2798| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2799| Not valid before: 2018-10-15T00:00:00
2800|_Not valid after: 2020-10-21T23:59:59
2801|_ssl-date: TLS randomness does not represent time
2802| tls-alpn:
2803| h2
2804|_ http/1.1
2805465/tcp open ssl/smtps?
2806| smtp-commands: trailblazer.websitewelcome.com Hello 192-185-138-18.unifiedlayer.com [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
2807|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2808587/tcp open smtp Exim smtpd 4.92
2809| smtp-commands: trailblazer.websitewelcome.com Hello 192-185-138-18.unifiedlayer.com [176.113.74.133], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
2810|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2811| vulners:
2812| cpe:/a:exim:exim:4.92:
2813| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
2814| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
2815|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
2816993/tcp open ssl/imap Dovecot imapd
2817|_imap-capabilities: capabilities LOGIN-REFERRALS LITERAL+ post-login listed NAMESPACE AUTH=PLAIN Pre-login SASL-IR IDLE ID more ENABLE OK have IMAP4rev1 AUTH=LOGINA0001
2818| ssl-cert: Subject: commonName=*.websitewelcome.com
2819| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2820| Not valid before: 2018-10-15T00:00:00
2821|_Not valid after: 2020-10-21T23:59:59
2822|_ssl-date: 2019-11-25T19:12:39+00:00; 0s from scanner time.
2823995/tcp open ssl/pop3 Dovecot pop3d
2824|_pop3-capabilities: AUTH-RESP-CODE PIPELINING SASL(PLAIN LOGIN) TOP UIDL RESP-CODES USER CAPA
2825| ssl-cert: Subject: commonName=*.websitewelcome.com
2826| Subject Alternative Name: DNS:*.websitewelcome.com, DNS:websitewelcome.com
2827| Not valid before: 2018-10-15T00:00:00
2828|_Not valid after: 2020-10-21T23:59:59
2829|_ssl-date: 2019-11-25T19:12:39+00:00; 0s from scanner time.
28302222/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2831| ssh-hostkey:
2832| 1024 16:f9:22:be:6b:78:1c:99:82:e4:12:05:9c:6e:34:83 (DSA)
2833|_ 2048 bd:05:bb:90:9f:d6:56:b1:71:15:ee:b2:90:46:ce:75 (RSA)
2834| vulners:
2835| cpe:/a:openbsd:openssh:5.3:
2836| CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
2837| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
2838| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
2839| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
2840| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
2841| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
2842| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
2843| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
2844| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
2845|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
28463306/tcp open mysql MySQL 5.6.41-84.1
2847| mysql-info:
2848| Protocol: 10
2849| Version: 5.6.41-84.1
2850| Thread ID: 8656795
2851| Capabilities flags: 65535
2852| Some Capabilities: Support41Auth, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, FoundRows, ODBCClient, LongPassword, SupportsTransactions, Speaks41ProtocolOld, SupportsLoadDataLocal, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, LongColumnFlag, ConnectWithDatabase, InteractiveClient, SupportsCompression, DontAllowDatabaseTableColumn, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults
2853| Status: Autocommit
2854| Salt: qFFmqp]bVe{Z2)t16Y@o
2855|_ Auth Plugin Name: mysql_native_password
2856| vulners:
2857| MySQL 5.6.41-84.1:
2858|_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
2859Device type: VoIP adapter
2860Running: Cisco embedded
2861OS CPE: cpe:/h:cisco:unified_call_manager
2862OS details: Cisco Unified Communications Manager VoIP adapter
2863Network Distance: 23 hops
2864Service Info: Host: trailblazer.websitewelcome.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
2865
2866TRACEROUTE (using port 554/tcp)
2867HOP RTT ADDRESS
28681 87.31 ms 10.251.204.1
28692 87.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
28703 46.63 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
28714 50.31 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
28725 50.29 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
28736 50.35 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
28747 50.40 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
28758 50.38 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
28769 50.37 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
287710 50.44 ms if-ae-7-2.tcore1.nto-new-york.as6453.net (63.243.128.25)
287811 52.43 ms if-ae-9-2.tcore1.n75-new-york.as6453.net (63.243.128.122)
287912 52.42 ms 66.110.96.142
288013 31.72 ms be-10390-cr02.newyork.ny.ibone.comcast.net (68.86.83.89)
288114 47.47 ms be-10203-cr01.newark.nj.ibone.comcast.net (68.86.85.185)
288215 64.09 ms be-10102-cr02.ashburn.va.ibone.comcast.net (68.86.85.161)
288316 82.21 ms be-10114-cr02.56marietta.ga.ibone.comcast.net (68.86.85.10)
288417 82.31 ms be-11423-cr01.houston.tx.ibone.comcast.net (68.86.85.22)
288518 82.27 ms be-12393-pe01.westwaypark.tx.ibone.comcast.net (68.86.82.130)
288619 104.89 ms as8075-1.2001sixthave.wa.ibone.comcast.net (75.149.230.54)
288720 82.32 ms 216.117.50.150
288821 82.27 ms po101.router2b.hou1.net.unifiedlayer.com (162.241.0.9)
288922 82.30 ms 162-241-144-61.unifiedlayer.com (162.241.144.61)
289023 64.20 ms 192-185-138-18.unifiedlayer.com (192.185.138.18)
2891#######################################################################################################################################
2892Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:14 EST
2893Nmap scan report for freeflorida.org (192.185.138.18)
2894Host is up (0.11s latency).
2895rDNS record for 192.185.138.18: 192-185-138-18.unifiedlayer.com
2896Not shown: 986 closed ports
2897PORT STATE SERVICE VERSION
289821/tcp open ftp Pure-FTPd
289922/tcp filtered ssh
290026/tcp open smtp Exim smtpd 4.92
290153/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
290280/tcp open http Apache httpd
2903|_http-server-header: Apache
2904|_http-title: Did not follow redirect to https://freeflorida.org/
2905110/tcp open pop3 Dovecot pop3d
2906143/tcp open imap Dovecot imapd
2907443/tcp open ssl/http Apache httpd
2908|_http-server-header: Apache
2909|_http-title: The Florida League of the South – We Dare to Resist
2910465/tcp open ssl/smtps?
2911587/tcp open tcpwrapped
2912993/tcp open ssl/imap Dovecot imapd
2913995/tcp open ssl/pop3 Dovecot pop3d
29142222/tcp open ssh OpenSSH 5.3 (protocol 2.0)
29153306/tcp open mysql MySQL 5.6.41-84.1
2916Service Info: Host: trailblazer.websitewelcome.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
2917#######################################################################################################################################
2918Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:26 EST
2919Nmap scan report for freeflorida.org (192.185.138.18)
2920Host is up (0.059s latency).
2921rDNS record for 192.185.138.18: 192-185-138-18.unifiedlayer.com
2922
2923PORT STATE SERVICE
292480/tcp open http
2925| http-enum:
2926| /webmail/: Mail folder
2927| /webmail/images/sm_logo.png: SquirrelMail
2928| /cgi-sys/: Potentially interesting folder
2929|_ /controlpanel/: Potentially interesting folder
2930#######################################################################################################################################
2931Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 14:19 EST
2932Nmap scan report for freeflorida.org (192.185.138.18)
2933Host is up (0.089s latency).
2934rDNS record for 192.185.138.18: 192-185-138-18.unifiedlayer.com
2935Not shown: 986 closed ports
2936PORT STATE SERVICE VERSION
293721/tcp open ftp Pure-FTPd
2938| vulscan: VulDB - https://vuldb.com:
2939| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
2940| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
2941| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
2942|
2943| MITRE CVE - https://cve.mitre.org:
2944| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
2945|
2946| SecurityFocus - https://www.securityfocus.com/bid/:
2947| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
2948|
2949| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2950| No findings
2951|
2952| Exploit-DB - https://www.exploit-db.com:
2953| No findings
2954|
2955| OpenVAS (Nessus) - http://www.openvas.org:
2956| No findings
2957|
2958| SecurityTracker - https://www.securitytracker.com:
2959| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
2960| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
2961| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
2962| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
2963|
2964| OSVDB - http://www.osvdb.org:
2965| No findings
2966|_
296722/tcp filtered ssh
296826/tcp open smtp Exim smtpd 4.92
2969| vulscan: VulDB - https://vuldb.com:
2970| [141327] Exim up to 4.92.1 Backslash privilege escalation
2971| [138827] Exim up to 4.92 Expansion Code Execution
2972| [135932] Exim up to 4.92 privilege escalation
2973| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
2974|
2975| MITRE CVE - https://cve.mitre.org:
2976| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
2977| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
2978| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
2979| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
2980| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
2981| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
2982| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
2983| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
2984| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
2985| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
2986| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
2987| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
2988| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
2989| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
2990| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
2991| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
2992|
2993| SecurityFocus - https://www.securityfocus.com/bid/:
2994| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
2995| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
2996| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
2997| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
2998| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
2999| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
3000| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
3001| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
3002| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
3003| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
3004| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
3005| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
3006| [45308] Exim Crafted Header Remote Code Execution Vulnerability
3007| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
3008| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
3009| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
3010| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
3011| [17110] sa-exim Unauthorized File Access Vulnerability
3012| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
3013| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
3014| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
3015| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
3016| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
3017| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
3018| [6314] Exim Internet Mailer Format String Vulnerability
3019| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
3020| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
3021| [2828] Exim Format String Vulnerability
3022| [1859] Exim Buffer Overflow Vulnerability
3023|
3024| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3025| [84758] Exim sender_address parameter command execution
3026| [84015] Exim command execution
3027| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
3028| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
3029| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
3030| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
3031| [67455] Exim DKIM processing code execution
3032| [67299] Exim dkim_exim_verify_finish() format string
3033| [65028] Exim open_log privilege escalation
3034| [63967] Exim config file privilege escalation
3035| [63960] Exim header buffer overflow
3036| [59043] Exim mail directory privilege escalation
3037| [59042] Exim MBX symlink
3038| [52922] ikiwiki teximg plugin information disclosure
3039| [34265] Exim spamd buffer overflow
3040| [25286] Sa-exim greylistclean.cron file deletion
3041| [22687] RHSA-2005:025 updates for exim not installed
3042| [18901] Exim dns_build_reverse buffer overflow
3043| [18764] Exim spa_base64_to_bits function buffer overflow
3044| [18763] Exim host_aton buffer overflow
3045| [16079] Exim require_verify buffer overflow
3046| [16077] Exim header_check_syntax buffer overflow
3047| [16075] Exim sender_verify buffer overflow
3048| [13067] Exim HELO or EHLO command heap overflow
3049| [10761] Exim daemon.c format string
3050| [8194] Exim configuration file -c command-line argument buffer overflow
3051| [7738] Exim allows attacker to hide commands in localhost names using pipes
3052| [6671] Exim "
3053| [1893] Exim MTA allows local users to gain root privileges
3054|
3055| Exploit-DB - https://www.exploit-db.com:
3056| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
3057| [15725] Exim 4.63 Remote Root Exploit
3058| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
3059| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
3060| [796] Exim <= 4.42 Local Root Exploit
3061| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
3062|
3063| OpenVAS (Nessus) - http://www.openvas.org:
3064| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
3065|
3066| SecurityTracker - https://www.securitytracker.com:
3067| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
3068| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
3069| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
3070| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
3071| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
3072| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
3073| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
3074| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
3075| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
3076| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
3077| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
3078| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
3079|
3080| OSVDB - http://www.osvdb.org:
3081| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
3082| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
3083| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
3084| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
3085| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
3086| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
3087| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
3088| [70696] Exim log.c open_log() Function Local Privilege Escalation
3089| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
3090| [69685] Exim string_format Function Remote Overflow
3091| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
3092| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
3093| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
3094| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
3095| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
3096| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
3097| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
3098| [12726] Exim -be Command Line Option host_aton Function Local Overflow
3099| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
3100| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
3101| [10032] libXpm CreateXImage Function Integer Overflow
3102| [7160] Exim .forward :include: Option Privilege Escalation
3103| [6479] Vexim COOKIE Authentication Credential Disclosure
3104| [6478] Vexim Multiple Parameter SQL Injection
3105| [5930] Exim Parenthesis File Name Filter Bypass
3106| [5897] Exim header_syntax Function Remote Overflow
3107| [5896] Exim sender_verify Function Remote Overflow
3108| [5530] Exim Localhost Name Arbitrary Command Execution
3109| [5330] Exim Configuration File Variable Overflow
3110| [1855] Exim Batched SMTP Mail Header Format String
3111|_
311253/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
3113| vulscan: VulDB - https://vuldb.com:
3114| [93249] ISC BIND up to 9.8.x/9.9.9-P3/9.9.9-S5/9.10.4-P3/9.11.0 DNAME Response db.c denial of service
3115| [93015] ISC BIND up to 9.8.4/9.9.2 Packet Option DNS Packet Crash denial of service
3116| [80354] ISC BIND up to 9.8.8/9.9.8-P2/9.9.8-S3/9.10.3-P2 Address Prefix List apl_42.c denial of service
3117| [77552] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 OpenPGP Key openpgpkey_61.c denial of service
3118| [77551] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 DNSSEC Key buffer.c denial of service
3119| [13184] ISC BIND 9.8.1-P1 Smoothed Round Trip Time Algorithm DNS spoofing
3120| [9946] ISC BIND 9.8.1-P1 SRTT Algorithm privilege escalation
3121| [4443] ISC BIND up to 9.8.x Recursive Query Processor denial of service
3122| [57895] ISC BIND 9.8.0/9.8.1 Crash denial of service
3123| [4357] ISC BIND up to 9.8.x Negative Caching RRSIG RRsets denial of service
3124| [57404] ISC BIND 9.8.0 denial of service
3125| [135686] Bosch Smart Home Controller up to 9.8 Backup information disclosure
3126| [135684] Bosch Smart Home Controller up to 9.8 JSON-RPC Interface information disclosure
3127| [129940] Adobe Connect up to 9.8.1 Session Token information disclosure
3128| [117535] Synacor Zimbra Collaboration up to 8.6.0 Patch 9/8.7.11 Patch 2/8.8.7 mailboxd Error information disclosure
3129| [11371] Cisco ONS 15454 9.8.0 Controller Card denial of service
3130|
3131| MITRE CVE - https://cve.mitre.org:
3132| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
3133| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
3134| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
3135| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
3136| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
3137| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
3138| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
3139| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
3140| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
3141| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
3142| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
3143| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
3144| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
3145| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
3146| [CVE-2010-1567] The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
3147|
3148| SecurityFocus - https://www.securityfocus.com/bid/:
3149| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
3150| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
3151| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
3152| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
3153| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
3154| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
3155| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
3156| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
3157| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
3158| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
3159| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
3160| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
3161| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
3162| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
3163| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
3164| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
3165| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
3166| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
3167| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
3168| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
3169| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
3170| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
3171| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
3172| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
3173| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
3174| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
3175|
3176| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3177| [85799] Cisco Unified IP Phones 9900 Series directory traversal
3178| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
3179| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
3180| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
3181| [9250] BIND 9 dns_message_findtype() denial of service
3182| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
3183| [539] Microsoft Windows 95 and Internet Explorer password disclosure
3184| [86004] ISC BIND RDATA denial of service
3185| [84767] ISC BIND denial of service
3186| [83066] ISC BIND denial of service
3187| [81504] ISC BIND AAAA denial of service
3188| [80510] ISC BIND DNS64 denial of service
3189| [79121] ISC BIND queries denial of service
3190| [78479] ISC BIND RDATA denial of service
3191| [77185] ISC BIND TCP queries denial of service
3192| [77184] ISC BIND bad cache denial of service
3193| [76034] ISC BIND rdata denial of service
3194| [73053] ISC BIND cache update policy security bypass
3195| [71332] ISC BIND recursive queries denial of service
3196| [68375] ISC BIND UPDATE denial of service
3197| [68374] ISC BIND Response Policy Zones denial of service
3198| [67665] ISC BIND RRSIG Rrsets denial of service
3199| [67297] ISC BIND RRSIG denial of service
3200| [65554] ISC BIND IXFR transfer denial of service
3201| [63602] ISC BIND allow-query security bypass
3202| [63596] ISC BIND zone data security bypass
3203| [63595] ISC BIND RRSIG denial of service
3204| [62072] ISC BIND DNSSEC query denial of service
3205| [62071] ISC BIND ACL security bypass
3206| [61871] ISC BIND anchors denial of service
3207| [60421] ISC BIND RRSIG denial of service
3208| [56049] ISC BIND out-of-bailiwick weak security
3209| [55937] ISC Bind unspecified cache poisoning
3210| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
3211| [54416] ISC BIND DNSSEC cache poisoning
3212| [52073] ISC BIND dns_db_findrdataset() denial of service
3213| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
3214| [45234] ISC BIND UDP denial of service
3215| [39670] ISC BIND inet_network buffer overflow
3216| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
3217| [37128] RHSA update for ISC BIND RRset denial of service not installed
3218| [37127] RHSA update for ISC BIND named service denial of service not installed
3219| [36275] ISC BIND DNS query spoofing
3220| [35575] ISC BIND query ID cache poisoning
3221| [35571] ISC BIND ACL security bypass
3222| [31838] ISC BIND RRset denial of service
3223| [31799] ISC BIND named service denial of service
3224| [29876] HP Tru64 ypbind core dump information disclosure
3225| [28745] ISC BIND DNSSEC RRset denial of service
3226| [28744] ISC BIND recursive INSIST denial of service
3227| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
3228| [18836] BIND hostname disclosure
3229| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
3230| [10333] ISC BIND SIG null pointer dereference denial of service
3231| [10332] ISC BIND OPT resource record (RR) denial of service
3232| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
3233| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
3234| [5814] ISC BIND "
3235| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
3236| [5462] ISC BIND AXFR host command remote buffer overflow
3237|
3238| Exploit-DB - https://www.exploit-db.com:
3239| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
3240| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
3241|
3242| OpenVAS (Nessus) - http://www.openvas.org:
3243| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
3244| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
3245| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
3246| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
3247| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
3248| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
3249| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
3250| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
3251| [11226] Oracle 9iAS default error information disclosure
3252|
3253| SecurityTracker - https://www.securitytracker.com:
3254| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
3255| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
3256| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
3257| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
3258| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
3259| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3260| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3261| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3262| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3263| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3264| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3265| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3266| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3267| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3268| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
3269| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
3270| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
3271| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
3272| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
3273| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
3274| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
3275| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
3276| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
3277| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
3278| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
3279| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
3280|
3281| OSVDB - http://www.osvdb.org:
3282| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
3283|_
328480/tcp open http Apache httpd
3285|_http-server-header: Apache
3286| vulscan: VulDB - https://vuldb.com:
3287| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3288| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3289| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3290| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3291| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3292| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3293| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3294| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3295| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3296| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3297| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3298| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3299| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3300| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3301| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3302| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3303| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3304| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3305| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3306| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3307| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3308| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3309| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3310| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3311| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3312| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3313| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3314| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3315| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3316| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3317| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3318| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3319| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3320| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3321| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3322| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3323| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3324| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3325| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3326| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3327| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3328| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3329| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3330| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3331| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3332| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3333| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3334| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3335| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3336| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3337| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3338| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3339| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3340| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3341| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3342| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3343| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3344| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3345| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3346| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3347| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3348| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3349| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3350| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3351| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3352| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3353| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3354| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3355| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3356| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3357| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3358| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3359| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3360| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3361| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3362| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3363| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3364| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3365| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3366| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3367| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3368| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3369| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3370| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3371| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3372| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3373| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3374| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3375| [136370] Apache Fineract up to 1.2.x sql injection
3376| [136369] Apache Fineract up to 1.2.x sql injection
3377| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3378| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3379| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3380| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3381| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3382| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3383| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3384| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3385| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3386| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3387| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3388| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3389| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3390| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3391| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3392| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3393| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3394| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3395| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3396| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3397| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3398| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3399| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3400| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3401| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3402| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3403| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3404| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3405| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3406| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3407| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3408| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3409| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3410| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3411| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3412| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3413| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3414| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3415| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3416| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3417| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3418| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3419| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3420| [130629] Apache Guacamole Cookie Flag weak encryption
3421| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3422| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3423| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3424| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3425| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3426| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3427| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3428| [130123] Apache Airflow up to 1.8.2 information disclosure
3429| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3430| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3431| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3432| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3433| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3434| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3435| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3436| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3437| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3438| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3439| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3440| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3441| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3442| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3443| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3444| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3445| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3446| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3447| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3448| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3449| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3450| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3451| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3452| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3453| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3454| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3455| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3456| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3457| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3458| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3459| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3460| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3461| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3462| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3463| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3464| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3465| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3466| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3467| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3468| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3469| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3470| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3471| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3472| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3473| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3474| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3475| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3476| [127007] Apache Spark Request Code Execution
3477| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3478| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3479| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3480| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3481| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3482| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3483| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3484| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3485| [126346] Apache Tomcat Path privilege escalation
3486| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3487| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3488| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3489| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3490| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3491| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3492| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3493| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3494| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3495| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3496| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3497| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3498| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3499| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3500| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3501| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3502| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3503| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3504| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3505| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3506| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3507| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3508| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3509| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3510| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3511| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3512| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3513| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3514| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3515| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3516| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3517| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3518| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3519| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3520| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3521| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3522| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3523| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3524| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3525| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3526| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3527| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3528| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3529| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3530| [123197] Apache Sentry up to 2.0.0 privilege escalation
3531| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3532| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3533| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3534| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3535| [122800] Apache Spark 1.3.0 REST API weak authentication
3536| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3537| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3538| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3539| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3540| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3541| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3542| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3543| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3544| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3545| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3546| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3547| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3548| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3549| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3550| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3551| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3552| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3553| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3554| [121354] Apache CouchDB HTTP API Code Execution
3555| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3556| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3557| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
3558| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
3559| [120168] Apache CXF weak authentication
3560| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
3561| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
3562| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
3563| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
3564| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
3565| [119306] Apache MXNet Network Interface privilege escalation
3566| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
3567| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
3568| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
3569| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
3570| [118143] Apache NiFi activemq-client Library Deserialization denial of service
3571| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
3572| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
3573| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
3574| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
3575| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
3576| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
3577| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
3578| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
3579| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
3580| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
3581| [117115] Apache Tika up to 1.17 tika-server command injection
3582| [116929] Apache Fineract getReportType Parameter privilege escalation
3583| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
3584| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
3585| [116926] Apache Fineract REST Parameter privilege escalation
3586| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
3587| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
3588| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
3589| [115883] Apache Hive up to 2.3.2 privilege escalation
3590| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
3591| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
3592| [115518] Apache Ignite 2.3 Deserialization privilege escalation
3593| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
3594| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
3595| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
3596| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
3597| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
3598| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
3599| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
3600| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
3601| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
3602| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
3603| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
3604| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
3605| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
3606| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
3607| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
3608| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
3609| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
3610| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
3611| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
3612| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
3613| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
3614| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
3615| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
3616| [113895] Apache Geode up to 1.3.x Code Execution
3617| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
3618| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
3619| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
3620| [113747] Apache Tomcat Servlets privilege escalation
3621| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
3622| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
3623| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
3624| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
3625| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
3626| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3627| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
3628| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3629| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
3630| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
3631| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
3632| [112885] Apache Allura up to 1.8.0 File information disclosure
3633| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
3634| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
3635| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
3636| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
3637| [112625] Apache POI up to 3.16 Loop denial of service
3638| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
3639| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
3640| [112339] Apache NiFi 1.5.0 Header privilege escalation
3641| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
3642| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
3643| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
3644| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
3645| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
3646| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
3647| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
3648| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
3649| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
3650| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
3651| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
3652| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
3653| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
3654| [112114] Oracle 9.1 Apache Log4j privilege escalation
3655| [112113] Oracle 9.1 Apache Log4j privilege escalation
3656| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
3657| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
3658| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
3659| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
3660| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
3661| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
3662| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
3663| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
3664| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
3665| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
3666| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
3667| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
3668| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
3669| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
3670| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
3671| [110701] Apache Fineract Query Parameter sql injection
3672| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
3673| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
3674| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
3675| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
3676| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
3677| [110106] Apache CXF Fediz Spring cross site request forgery
3678| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
3679| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
3680| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
3681| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
3682| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
3683| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
3684| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
3685| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
3686| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
3687| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
3688| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
3689| [108938] Apple macOS up to 10.13.1 apache denial of service
3690| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
3691| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
3692| [108935] Apple macOS up to 10.13.1 apache denial of service
3693| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
3694| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
3695| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
3696| [108931] Apple macOS up to 10.13.1 apache denial of service
3697| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
3698| [108929] Apple macOS up to 10.13.1 apache denial of service
3699| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
3700| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
3701| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
3702| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
3703| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
3704| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
3705| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
3706| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
3707| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
3708| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
3709| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
3710| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
3711| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
3712| [108782] Apache Xerces2 XML Service denial of service
3713| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
3714| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
3715| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
3716| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
3717| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
3718| [108629] Apache OFBiz up to 10.04.01 privilege escalation
3719| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
3720| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
3721| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
3722| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
3723| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
3724| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
3725| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
3726| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
3727| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
3728| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
3729| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
3730| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
3731| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
3732| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
3733| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3734| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
3735| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
3736| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3737| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
3738| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
3739| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
3740| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
3741| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
3742| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
3743| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
3744| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
3745| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
3746| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
3747| [107639] Apache NiFi 1.4.0 XML External Entity
3748| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
3749| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
3750| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
3751| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
3752| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
3753| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
3754| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
3755| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
3756| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
3757| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
3758| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
3759| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3760| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3761| [107197] Apache Xerces Jelly Parser XML File XML External Entity
3762| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
3763| [107084] Apache Struts up to 2.3.19 cross site scripting
3764| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
3765| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
3766| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
3767| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
3768| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
3769| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
3770| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
3771| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
3772| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
3773| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
3774| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
3775| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
3776| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3777| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3778| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
3779| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
3780| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
3781| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
3782| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
3783| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
3784| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
3785| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
3786| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
3787| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
3788| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
3789| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
3790| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
3791| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
3792| [105878] Apache Struts up to 2.3.24.0 privilege escalation
3793| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
3794| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
3795| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
3796| [105643] Apache Pony Mail up to 0.8b weak authentication
3797| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
3798| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
3799| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
3800| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
3801| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
3802| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
3803| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
3804| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
3805| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
3806| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
3807| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
3808| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
3809| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
3810| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
3811| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
3812| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
3813| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
3814| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
3815| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
3816| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
3817| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
3818| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
3819| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
3820| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
3821| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
3822| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
3823| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
3824| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
3825| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
3826| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
3827| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
3828| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
3829| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
3830| [103690] Apache OpenMeetings 1.0.0 sql injection
3831| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
3832| [103688] Apache OpenMeetings 1.0.0 weak encryption
3833| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
3834| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
3835| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
3836| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
3837| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
3838| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
3839| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
3840| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
3841| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
3842| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
3843| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
3844| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
3845| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
3846| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
3847| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
3848| [103352] Apache Solr Node weak authentication
3849| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
3850| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
3851| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
3852| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
3853| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
3854| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
3855| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
3856| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
3857| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
3858| [102536] Apache Ranger up to 0.6 Stored cross site scripting
3859| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
3860| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
3861| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
3862| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
3863| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
3864| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
3865| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
3866| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
3867| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
3868| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
3869| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
3870| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
3871| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
3872| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
3873| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
3874| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
3875| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
3876| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
3877| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
3878| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3879| [99937] Apache Batik up to 1.8 privilege escalation
3880| [99936] Apache FOP up to 2.1 privilege escalation
3881| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3882| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3883| [99930] Apache Traffic Server up to 6.2.0 denial of service
3884| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3885| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3886| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3887| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3888| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
3889| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
3890| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3891| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3892| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3893| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3894| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3895| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3896| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3897| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3898| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3899| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3900| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3901| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3902| [98605] Apple macOS up to 10.12.3 Apache denial of service
3903| [98604] Apple macOS up to 10.12.3 Apache denial of service
3904| [98603] Apple macOS up to 10.12.3 Apache denial of service
3905| [98602] Apple macOS up to 10.12.3 Apache denial of service
3906| [98601] Apple macOS up to 10.12.3 Apache denial of service
3907| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
3908| [98405] Apache Hadoop up to 0.23.10 privilege escalation
3909| [98199] Apache Camel Validation XML External Entity
3910| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
3911| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
3912| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
3913| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
3914| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
3915| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
3916| [97081] Apache Tomcat HTTPS Request denial of service
3917| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
3918| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
3919| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
3920| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
3921| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
3922| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
3923| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
3924| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
3925| [95311] Apache Storm UI Daemon privilege escalation
3926| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
3927| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
3928| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
3929| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
3930| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
3931| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
3932| [94540] Apache Tika 1.9 tika-server File information disclosure
3933| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
3934| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
3935| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
3936| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
3937| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
3938| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
3939| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3940| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3941| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
3942| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
3943| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
3944| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
3945| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
3946| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
3947| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3948| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3949| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
3950| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
3951| [93532] Apache Commons Collections Library Java privilege escalation
3952| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
3953| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
3954| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
3955| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
3956| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
3957| [93098] Apache Commons FileUpload privilege escalation
3958| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
3959| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
3960| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
3961| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
3962| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
3963| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
3964| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
3965| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
3966| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
3967| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
3968| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
3969| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
3970| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
3971| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
3972| [92549] Apache Tomcat on Red Hat privilege escalation
3973| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
3974| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
3975| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
3976| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
3977| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
3978| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
3979| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
3980| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
3981| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
3982| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
3983| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
3984| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
3985| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
3986| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
3987| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
3988| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
3989| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
3990| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
3991| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
3992| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
3993| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
3994| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
3995| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
3996| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
3997| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
3998| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
3999| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4000| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4001| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4002| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4003| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4004| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4005| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4006| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4007| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4008| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4009| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4010| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4011| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4012| [90263] Apache Archiva Header denial of service
4013| [90262] Apache Archiva Deserialize privilege escalation
4014| [90261] Apache Archiva XML DTD Connection privilege escalation
4015| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4016| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4017| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4018| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4019| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4020| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4021| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4022| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4023| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4024| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4025| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4026| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4027| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4028| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4029| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4030| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4031| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4032| [87765] Apache James Server 2.3.2 Command privilege escalation
4033| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4034| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4035| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4036| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4037| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4038| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4039| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4040| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4041| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4042| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4043| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4044| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4045| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4046| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4047| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4048| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4049| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4050| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
4051| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4052| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4053| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4054| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4055| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4056| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4057| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4058| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4059| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4060| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4061| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4062| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4063| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4064| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4065| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4066| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4067| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4068| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4069| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4070| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4071| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4072| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4073| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4074| [82076] Apache Ranger up to 0.5.1 privilege escalation
4075| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4076| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4077| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4078| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4079| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4080| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4081| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4082| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4083| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4084| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4085| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4086| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4087| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4088| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4089| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4090| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4091| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4092| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4093| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4094| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4095| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4096| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4097| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4098| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4099| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4100| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4101| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4102| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4103| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4104| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4105| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4106| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4107| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4108| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4109| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4110| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4111| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4112| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4113| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4114| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4115| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4116| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4117| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4118| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4119| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4120| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4121| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4122| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4123| [78989] Apache Ambari up to 2.1.1 Open Redirect
4124| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4125| [78987] Apache Ambari up to 2.0.x cross site scripting
4126| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4127| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4128| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4129| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4130| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4131| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4132| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4133| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4134| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4135| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4136| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4137| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4138| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4139| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4140| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4141| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4142| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4143| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4144| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4145| [76567] Apache Struts 2.3.20 unknown vulnerability
4146| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4147| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4148| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4149| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4150| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4151| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4152| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4153| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4154| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4155| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4156| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4157| [74793] Apache Tomcat File Upload denial of service
4158| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4159| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4160| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4161| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4162| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4163| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4164| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4165| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4166| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4167| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4168| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4169| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4170| [74468] Apache Batik up to 1.6 denial of service
4171| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4172| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4173| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4174| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4175| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4176| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4177| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4178| [73731] Apache XML Security unknown vulnerability
4179| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4180| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4181| [73593] Apache Traffic Server up to 5.1.0 denial of service
4182| [73511] Apache POI up to 3.10 Deadlock denial of service
4183| [73510] Apache Solr up to 4.3.0 cross site scripting
4184| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4185| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4186| [73173] Apache CloudStack Stack-Based unknown vulnerability
4187| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4188| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4189| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4190| [72890] Apache Qpid 0.30 unknown vulnerability
4191| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4192| [72878] Apache Cordova 3.5.0 cross site request forgery
4193| [72877] Apache Cordova 3.5.0 cross site request forgery
4194| [72876] Apache Cordova 3.5.0 cross site request forgery
4195| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4196| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4197| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4198| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4199| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4200| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4201| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4202| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4203| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4204| [71629] Apache Axis2/C spoofing
4205| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4206| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4207| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4208| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4209| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4210| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4211| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4212| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4213| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4214| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4215| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4216| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4217| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4218| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4219| [70809] Apache POI up to 3.11 Crash denial of service
4220| [70808] Apache POI up to 3.10 unknown vulnerability
4221| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4222| [70749] Apache Axis up to 1.4 getCN spoofing
4223| [70701] Apache Traffic Server up to 3.3.5 denial of service
4224| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4225| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4226| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4227| [70661] Apache Subversion up to 1.6.17 denial of service
4228| [70660] Apache Subversion up to 1.6.17 spoofing
4229| [70659] Apache Subversion up to 1.6.17 spoofing
4230| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4231| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4232| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4233| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4234| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4235| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4236| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4237| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4238| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4239| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4240| [69846] Apache HBase up to 0.94.8 information disclosure
4241| [69783] Apache CouchDB up to 1.2.0 memory corruption
4242| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4243| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4244| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4245| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4246| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4247| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4248| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4249| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4250| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4251| [69431] Apache Archiva up to 1.3.6 cross site scripting
4252| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4253| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4254| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4255| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4256| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4257| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4258| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4259| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4260| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4261| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4262| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4263| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4264| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4265| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4266| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4267| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4268| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4269| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4270| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4271| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4272| [66356] Apache Wicket up to 6.8.0 information disclosure
4273| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4274| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4275| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4276| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4277| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4278| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4279| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4280| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4281| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4282| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4283| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4284| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4285| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4286| [65668] Apache Solr 4.0.0 Updater denial of service
4287| [65665] Apache Solr up to 4.3.0 denial of service
4288| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4289| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4290| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4291| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4292| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4293| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4294| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4295| [65410] Apache Struts 2.3.15.3 cross site scripting
4296| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4297| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4298| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4299| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4300| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4301| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4302| [65340] Apache Shindig 2.5.0 information disclosure
4303| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4304| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4305| [10826] Apache Struts 2 File privilege escalation
4306| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4307| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4308| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4309| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4310| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4311| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4312| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4313| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4314| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4315| [64722] Apache XML Security for C++ Heap-based memory corruption
4316| [64719] Apache XML Security for C++ Heap-based memory corruption
4317| [64718] Apache XML Security for C++ verify denial of service
4318| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4319| [64716] Apache XML Security for C++ spoofing
4320| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4321| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4322| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4323| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4324| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4325| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4326| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4327| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4328| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4329| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4330| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4331| [64467] Apache Geronimo 3.0 memory corruption
4332| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4333| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4334| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4335| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4336| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4337| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4338| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4339| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4340| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4341| [8873] Apache Struts 2.3.14 privilege escalation
4342| [8872] Apache Struts 2.3.14 privilege escalation
4343| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4344| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4345| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4346| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4347| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4348| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4349| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4350| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4351| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4352| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4353| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4354| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4355| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4356| [8427] Apache Tomcat Session Transaction weak authentication
4357| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4358| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4359| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4360| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4361| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4362| [63747] Apache Rave up to 0.20 User Account information disclosure
4363| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4364| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4365| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4366| [7687] Apache CXF up to 2.7.2 Token weak authentication
4367| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4368| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4369| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4370| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4371| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4372| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4373| [63090] Apache Tomcat up to 4.1.24 denial of service
4374| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4375| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4376| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4377| [62833] Apache CXF -/2.6.0 spoofing
4378| [62832] Apache Axis2 up to 1.6.2 spoofing
4379| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4380| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4381| [62826] Apache Libcloud up to 0.11.0 spoofing
4382| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4383| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4384| [62661] Apache Axis2 unknown vulnerability
4385| [62658] Apache Axis2 unknown vulnerability
4386| [62467] Apache Qpid up to 0.17 denial of service
4387| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4388| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4389| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4390| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4391| [62035] Apache Struts up to 2.3.4 denial of service
4392| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4393| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4394| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4395| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4396| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4397| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4398| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4399| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4400| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4401| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4402| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4403| [61229] Apache Sling up to 2.1.1 denial of service
4404| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4405| [61094] Apache Roller up to 5.0 cross site scripting
4406| [61093] Apache Roller up to 5.0 cross site request forgery
4407| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4408| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4409| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4410| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4411| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4412| [60708] Apache Qpid 0.12 unknown vulnerability
4413| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4414| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4415| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4416| [4882] Apache Wicket up to 1.5.4 directory traversal
4417| [4881] Apache Wicket up to 1.4.19 cross site scripting
4418| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4419| [60352] Apache Struts up to 2.2.3 memory corruption
4420| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4421| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4422| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4423| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4424| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4425| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4426| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4427| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4428| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4429| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4430| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4431| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4432| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4433| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4434| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4435| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4436| [59888] Apache Tomcat up to 6.0.6 denial of service
4437| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4438| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4439| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4440| [59850] Apache Geronimo up to 2.2.1 denial of service
4441| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4442| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4443| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4444| [58413] Apache Tomcat up to 6.0.10 spoofing
4445| [58381] Apache Wicket up to 1.4.17 cross site scripting
4446| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4447| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4448| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4449| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4450| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4451| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4452| [57568] Apache Archiva up to 1.3.4 cross site scripting
4453| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4454| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4455| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4456| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4457| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4458| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4459| [57025] Apache Tomcat up to 7.0.11 information disclosure
4460| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4461| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4462| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4463| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4464| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4465| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4466| [56512] Apache Continuum up to 1.4.0 cross site scripting
4467| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4468| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4469| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4470| [56441] Apache Tomcat up to 7.0.6 denial of service
4471| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4472| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4473| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4474| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4475| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4476| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4477| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4478| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4479| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4480| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4481| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4482| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4483| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4484| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4485| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4486| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4487| [54012] Apache Tomcat up to 6.0.10 denial of service
4488| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4489| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4490| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4491| [52894] Apache Tomcat up to 6.0.7 information disclosure
4492| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4493| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4494| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4495| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4496| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4497| [52584] Apache CouchDB up to 0.10.1 information disclosure
4498| [51757] Apache HTTP Server 2.0.44 cross site scripting
4499| [51756] Apache HTTP Server 2.0.44 spoofing
4500| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4501| [51690] Apache Tomcat up to 6.0 directory traversal
4502| [51689] Apache Tomcat up to 6.0 information disclosure
4503| [51688] Apache Tomcat up to 6.0 directory traversal
4504| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4505| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4506| [50626] Apache Solr 1.0.0 cross site scripting
4507| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4508| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4509| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4510| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4511| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4512| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4513| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4514| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4515| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4516| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4517| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4518| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4519| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4520| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
4521| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4522| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4523| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4524| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4525| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4526| [47214] Apachefriends xampp 1.6.8 spoofing
4527| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4528| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4529| [47065] Apache Tomcat 4.1.23 cross site scripting
4530| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4531| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4532| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4533| [86625] Apache Struts directory traversal
4534| [44461] Apache Tomcat up to 5.5.0 information disclosure
4535| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4536| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4537| [43663] Apache Tomcat up to 6.0.16 directory traversal
4538| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4539| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4540| [43516] Apache Tomcat up to 4.1.20 directory traversal
4541| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4542| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4543| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4544| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4545| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4546| [40924] Apache Tomcat up to 6.0.15 information disclosure
4547| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4548| [40922] Apache Tomcat up to 6.0 information disclosure
4549| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4550| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4551| [40656] Apache Tomcat 5.5.20 information disclosure
4552| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4553| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4554| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4555| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4556| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4557| [40234] Apache Tomcat up to 6.0.15 directory traversal
4558| [40221] Apache HTTP Server 2.2.6 information disclosure
4559| [40027] David Castro Apache Authcas 0.4 sql injection
4560| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
4561| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4562| [3414] Apache Tomcat WebDAV Stored privilege escalation
4563| [39489] Apache Jakarta Slide up to 2.1 directory traversal
4564| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
4565| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
4566| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4567| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
4568| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
4569| [38524] Apache Geronimo 2.0 unknown vulnerability
4570| [3256] Apache Tomcat up to 6.0.13 cross site scripting
4571| [38331] Apache Tomcat 4.1.24 information disclosure
4572| [38330] Apache Tomcat 4.1.24 information disclosure
4573| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
4574| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
4575| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
4576| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
4577| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
4578| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
4579| [37292] Apache Tomcat up to 5.5.1 cross site scripting
4580| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
4581| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4582| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
4583| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
4584| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
4585| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
4586| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
4587| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
4588| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
4589| [36225] XAMPP Apache Distribution 1.6.0a sql injection
4590| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
4591| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
4592| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
4593| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4594| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
4595| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
4596| [34252] Apache HTTP Server denial of service
4597| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
4598| [33877] Apache Opentaps 0.9.3 cross site scripting
4599| [33876] Apache Open For Business Project unknown vulnerability
4600| [33875] Apache Open For Business Project cross site scripting
4601| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
4602| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4603|
4604| MITRE CVE - https://cve.mitre.org:
4605| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
4606| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4607| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4608| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
4609| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4610| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
4611| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4612| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
4613| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
4614| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
4615| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
4616| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
4617| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
4618| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
4619| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
4620| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
4621| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4622| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4623| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
4624| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4625| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4626| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4627| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4628| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4629| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
4630| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4631| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4632| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
4633| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4634| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4635| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4636| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4637| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4638| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
4639| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
4640| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
4641| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
4642| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
4643| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
4644| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
4645| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4646| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4647| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4648| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4649| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4650| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
4651| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
4652| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
4653| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
4654| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4655| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4656| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4657| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4658| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4659| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4660| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
4661| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
4662| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
4663| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4664| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
4665| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
4666| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
4667| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
4668| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
4669| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4670| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
4671| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4672| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
4673| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
4674| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
4675| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4676| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
4677| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
4678| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4679| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4680| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
4681| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
4682| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4683| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
4684| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
4685| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
4686| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4687| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
4688| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
4689| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4690| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
4691| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
4692| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
4693| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
4694| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
4695| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
4696| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
4697| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
4698| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
4699| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4700| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
4701| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
4702| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
4703| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4704| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
4705| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
4706| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
4707| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
4708| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
4709| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
4710| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
4711| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
4712| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
4713| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
4714| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4715| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
4716| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4717| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
4718| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
4719| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
4720| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
4721| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
4722| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
4723| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
4724| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
4725| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4726| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
4727| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
4728| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
4729| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4730| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4731| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
4732| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
4733| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
4734| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
4735| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
4736| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4737| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
4738| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
4739| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
4740| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
4741| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
4742| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
4743| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
4744| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
4745| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
4746| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
4747| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
4748| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
4749| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
4750| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
4751| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
4752| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
4753| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
4754| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
4755| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
4756| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
4757| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
4758| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
4759| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
4760| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4761| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
4762| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
4763| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
4764| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
4765| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
4766| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
4767| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
4768| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4769| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
4770| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
4771| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
4772| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
4773| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
4774| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
4775| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
4776| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
4777| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
4778| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
4779| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
4780| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
4781| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
4782| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
4783| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
4784| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4785| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
4786| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
4787| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
4788| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
4789| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
4790| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
4791| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4792| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
4793| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
4794| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
4795| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4796| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
4797| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
4798| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
4799| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
4800| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
4801| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
4802| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
4803| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
4804| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
4805| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
4806| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
4807| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
4808| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
4809| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
4810| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4811| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4812| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
4813| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
4814| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4815| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
4816| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
4817| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4818| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
4819| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
4820| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4821| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
4822| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4823| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4824| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
4825| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4826| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4827| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
4828| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4829| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4830| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4831| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
4832| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
4833| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4834| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4835| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
4836| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
4837| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
4838| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
4839| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4840| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
4841| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4842| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
4843| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
4844| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4845| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
4846| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
4847| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
4848| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4849| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4850| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4851| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4852| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4853| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
4854| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
4855| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4856| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
4857| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
4858| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4859| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4860| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
4861| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
4862| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4863| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
4864| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
4865| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
4866| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
4867| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
4868| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4869| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4870| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4871| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
4872| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4873| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
4874| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4875| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
4876| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4877| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4878| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4879| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4880| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4881| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4882| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4883| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4884| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4885| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4886| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4887| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4888| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
4889| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4890| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4891| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4892| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4893| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4894| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4895| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4896| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4897| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4898| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4899| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4900| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
4901| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
4902| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
4903| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4904| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4905| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4906| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4907| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4908| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4909| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4910| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4911| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4912| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4913| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
4914| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
4915| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4916| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4917| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
4918| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
4919| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
4920| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
4921| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
4922| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4923| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
4924| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4925| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
4926| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4927| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
4928| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
4929| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
4930| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4931| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4932| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4933| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
4934| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
4935| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
4936| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
4937| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
4938| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
4939| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
4940| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
4941| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
4942| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
4943| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
4944| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
4945| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4946| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
4947| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4948| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4949| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4950| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4951| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4952| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4953| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4954| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4955| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
4956| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4957| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4958| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
4959| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4960| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
4961| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
4962| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
4963| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
4964| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
4965| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
4966| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4967| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4968| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
4969| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4970| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4971| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4972| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4973| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4974| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
4975| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
4976| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
4977| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
4978| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
4979| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4980| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4981| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
4982| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4983| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
4984| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
4985| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
4986| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4987| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
4988| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4989| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4990| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4991| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4992| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4993| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4994| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4995| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4996| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4997| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4998| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
4999| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5000| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5001| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5002| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5003| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5004| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5005| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5006| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5007| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5008| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5009| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5010| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5011| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5012| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5013| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5014| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5015| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5016| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5017| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5018| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5019| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5020| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5021| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5022| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5023| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5024| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5025| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5026| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5027| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5028| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5029| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5030| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5031| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5032| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5033| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5034| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5035| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5036| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5037| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5038| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5039| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5040| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5041| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5042| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5043| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5044| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5045| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5046| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5047| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5048| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5049| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5050| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5051| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5052| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5053| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5054| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5055| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5056| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5057| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5058| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5059| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5060| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5061| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5062| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5063| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5064| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5065| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5066| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5067| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5068| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5069| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5070| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5071| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5072| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5073| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5074| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5075| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5076| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5077| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5078| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5079| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5080| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5081| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5082| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5083| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5084| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5085| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5086| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5087| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5088| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5089| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5090| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5091| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5092| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5093| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5094| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5095| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5096| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5097| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5098| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5099| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5100| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5101| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5102| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5103| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5104| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5105| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5106| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5107| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5108| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5109| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5110| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5111| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5112| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5113| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5114| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5115| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5116| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5117| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5118| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5119| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5120| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5121| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5122| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5123| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5124| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5125| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5126| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5127| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5128| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5129| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5130| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5131| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5132| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5133| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5134| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5135| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5136| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5137| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5138| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5139| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5140| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5141| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5142| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5143| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5144| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5145| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5146| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5147| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5148| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5149| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5150| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5151| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5152| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5153| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5154| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5155| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5156| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5157| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5158| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5159| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5160| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5161| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5162| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5163| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5164| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5165| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5166| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5167| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5168| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5169| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5170| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5171| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5172| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5173| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5174| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5175| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5176| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5177| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5178| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5179| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5180| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5181| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5182| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5183| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5184| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5185| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5186| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5187| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5188| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5189| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5190| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5191| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5192| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5193| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5194| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5195| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5196| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5197| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5198| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5199| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5200| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5201| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5202| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5203| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5204| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5205| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5206| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5207| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5208| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5209| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5210| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5211| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5212| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5213| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5214|
5215| SecurityFocus - https://www.securityfocus.com/bid/:
5216| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5217| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5218| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5219| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5220| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5221| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5222| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5223| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5224| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5225| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5226| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5227| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5228| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5229| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5230| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5231| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5232| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5233| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5234| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5235| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5236| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5237| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5238| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5239| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5240| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5241| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5242| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5243| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5244| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5245| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5246| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5247| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5248| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5249| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5250| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5251| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5252| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5253| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5254| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5255| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5256| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5257| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5258| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5259| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5260| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5261| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5262| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5263| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5264| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5265| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5266| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5267| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5268| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5269| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5270| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5271| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5272| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5273| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5274| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5275| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5276| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5277| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5278| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5279| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5280| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5281| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5282| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5283| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5284| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5285| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5286| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5287| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5288| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5289| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5290| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5291| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5292| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5293| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5294| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5295| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5296| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5297| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5298| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5299| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5300| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5301| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5302| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5303| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5304| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5305| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5306| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5307| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5308| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5309| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5310| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5311| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5312| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5313| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5314| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5315| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5316| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5317| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5318| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5319| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5320| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5321| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5322| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5323| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5324| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5325| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5326| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5327| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5328| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5329| [100447] Apache2Triad Multiple Security Vulnerabilities
5330| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5331| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5332| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5333| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5334| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5335| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5336| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5337| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5338| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5339| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5340| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5341| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5342| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5343| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5344| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5345| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5346| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5347| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5348| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5349| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5350| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5351| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5352| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5353| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5354| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5355| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5356| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5357| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5358| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5359| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5360| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5361| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5362| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5363| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5364| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5365| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5366| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5367| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5368| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5369| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5370| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5371| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5372| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5373| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5374| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5375| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5376| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5377| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5378| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5379| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5380| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5381| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5382| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5383| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5384| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5385| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5386| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5387| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5388| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5389| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5390| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5391| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5392| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5393| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5394| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5395| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5396| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5397| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5398| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5399| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5400| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5401| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5402| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5403| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5404| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5405| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5406| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5407| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5408| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5409| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5410| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5411| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5412| [95675] Apache Struts Remote Code Execution Vulnerability
5413| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5414| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5415| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5416| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5417| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5418| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5419| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5420| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5421| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5422| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5423| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5424| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5425| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5426| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5427| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5428| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5429| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5430| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5431| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5432| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5433| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5434| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5435| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5436| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5437| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5438| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5439| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5440| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5441| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5442| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5443| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5444| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5445| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5446| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5447| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5448| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5449| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5450| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5451| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5452| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5453| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5454| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5455| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5456| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5457| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5458| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5459| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5460| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5461| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5462| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5463| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5464| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5465| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5466| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5467| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5468| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5469| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5470| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5471| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5472| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5473| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5474| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5475| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5476| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5477| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5478| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5479| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5480| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5481| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5482| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5483| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5484| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5485| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5486| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5487| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5488| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5489| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5490| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5491| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5492| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5493| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5494| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5495| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5496| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5497| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5498| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5499| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5500| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5501| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5502| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5503| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5504| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5505| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5506| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5507| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5508| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5509| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5510| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5511| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5512| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5513| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5514| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5515| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5516| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5517| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5518| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5519| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5520| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5521| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5522| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5523| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5524| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5525| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5526| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5527| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5528| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5529| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5530| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5531| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5532| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5533| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5534| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5535| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5536| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5537| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5538| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5539| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5540| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5541| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5542| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5543| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5544| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
5545| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
5546| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
5547| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
5548| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
5549| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
5550| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
5551| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
5552| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
5553| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
5554| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
5555| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
5556| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
5557| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
5558| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
5559| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
5560| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
5561| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
5562| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
5563| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
5564| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
5565| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
5566| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
5567| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
5568| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
5569| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
5570| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
5571| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
5572| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
5573| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
5574| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
5575| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
5576| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
5577| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
5578| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
5579| [76933] Apache James Server Unspecified Command Execution Vulnerability
5580| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
5581| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
5582| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
5583| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
5584| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
5585| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
5586| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
5587| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
5588| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
5589| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
5590| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
5591| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
5592| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
5593| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
5594| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
5595| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
5596| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
5597| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
5598| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
5599| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
5600| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
5601| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
5602| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
5603| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
5604| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
5605| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
5606| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
5607| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
5608| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
5609| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
5610| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
5611| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
5612| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
5613| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
5614| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
5615| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
5616| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
5617| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
5618| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
5619| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
5620| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
5621| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
5622| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
5623| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
5624| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
5625| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
5626| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
5627| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
5628| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
5629| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
5630| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
5631| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
5632| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
5633| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
5634| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
5635| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
5636| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
5637| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
5638| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
5639| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
5640| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
5641| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
5642| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
5643| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
5644| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
5645| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
5646| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
5647| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
5648| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
5649| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
5650| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
5651| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
5652| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
5653| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
5654| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
5655| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
5656| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
5657| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
5658| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
5659| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
5660| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
5661| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
5662| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
5663| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
5664| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
5665| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
5666| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
5667| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
5668| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
5669| [68229] Apache Harmony PRNG Entropy Weakness
5670| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
5671| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
5672| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
5673| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
5674| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
5675| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
5676| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
5677| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
5678| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
5679| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
5680| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
5681| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
5682| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
5683| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
5684| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
5685| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
5686| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
5687| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
5688| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
5689| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
5690| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
5691| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
5692| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
5693| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
5694| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
5695| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
5696| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
5697| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
5698| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
5699| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
5700| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
5701| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
5702| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
5703| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
5704| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
5705| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
5706| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
5707| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
5708| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
5709| [64780] Apache CloudStack Unauthorized Access Vulnerability
5710| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
5711| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
5712| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
5713| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
5714| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
5715| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
5716| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
5717| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
5718| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
5719| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
5720| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
5721| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5722| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
5723| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
5724| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
5725| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
5726| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
5727| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
5728| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
5729| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
5730| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
5731| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
5732| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
5733| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
5734| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
5735| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
5736| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
5737| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
5738| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
5739| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
5740| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
5741| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
5742| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
5743| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
5744| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
5745| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
5746| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
5747| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
5748| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
5749| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
5750| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
5751| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
5752| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
5753| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
5754| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
5755| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
5756| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
5757| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
5758| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
5759| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
5760| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
5761| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
5762| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
5763| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
5764| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
5765| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
5766| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
5767| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
5768| [59670] Apache VCL Multiple Input Validation Vulnerabilities
5769| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
5770| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
5771| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
5772| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
5773| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
5774| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
5775| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
5776| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
5777| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
5778| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
5779| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
5780| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
5781| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
5782| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
5783| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
5784| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
5785| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
5786| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
5787| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
5788| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
5789| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
5790| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
5791| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
5792| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
5793| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
5794| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
5795| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
5796| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
5797| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
5798| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
5799| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
5800| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
5801| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
5802| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
5803| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
5804| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
5805| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
5806| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
5807| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
5808| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
5809| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
5810| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
5811| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
5812| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
5813| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
5814| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
5815| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
5816| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5817| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
5818| [54798] Apache Libcloud Man In The Middle Vulnerability
5819| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
5820| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
5821| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
5822| [54189] Apache Roller Cross Site Request Forgery Vulnerability
5823| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
5824| [53880] Apache CXF Child Policies Security Bypass Vulnerability
5825| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
5826| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
5827| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
5828| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
5829| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
5830| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5831| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
5832| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5833| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
5834| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
5835| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
5836| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
5837| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
5838| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
5839| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
5840| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
5841| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
5842| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
5843| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
5844| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
5845| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5846| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5847| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5848| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
5849| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
5850| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
5851| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5852| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
5853| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
5854| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5855| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
5856| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
5857| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
5858| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
5859| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5860| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5861| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
5862| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5863| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5864| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
5865| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
5866| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5867| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
5868| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
5869| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5870| [49290] Apache Wicket Cross Site Scripting Vulnerability
5871| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
5872| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
5873| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
5874| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
5875| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
5876| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
5877| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
5878| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5879| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5880| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5881| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5882| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5883| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5884| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5885| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5886| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5887| [46953] Apache MPM-ITK Module Security Weakness
5888| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5889| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
5890| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5891| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5892| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5893| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5894| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5895| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5896| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5897| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5898| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
5899| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
5900| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
5901| [44616] Apache Shiro Directory Traversal Vulnerability
5902| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
5903| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
5904| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
5905| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
5906| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
5907| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5908| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
5909| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
5910| [42492] Apache CXF XML DTD Processing Security Vulnerability
5911| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
5912| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5913| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5914| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
5915| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
5916| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5917| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
5918| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
5919| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
5920| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5921| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5922| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
5923| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
5924| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5925| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
5926| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
5927| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
5928| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
5929| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
5930| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
5931| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
5932| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
5933| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
5934| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
5935| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
5936| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
5937| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
5938| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5939| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
5940| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
5941| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5942| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5943| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
5944| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
5945| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
5946| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5947| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
5948| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
5949| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
5950| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
5951| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
5952| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5953| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5954| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
5955| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
5956| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5957| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5958| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
5959| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
5960| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5961| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
5962| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
5963| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5964| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
5965| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5966| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5967| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
5968| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5969| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
5970| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
5971| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5972| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
5973| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
5974| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
5975| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
5976| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
5977| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
5978| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
5979| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
5980| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
5981| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5982| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
5983| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5984| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
5985| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5986| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
5987| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
5988| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
5989| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5990| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
5991| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
5992| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5993| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
5994| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
5995| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
5996| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
5997| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
5998| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5999| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6000| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6001| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6002| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6003| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6004| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6005| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6006| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6007| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6008| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6009| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6010| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6011| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6012| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6013| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6014| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6015| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6016| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6017| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6018| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6019| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6020| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6021| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6022| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6023| [20527] Apache Mod_TCL Remote Format String Vulnerability
6024| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6025| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6026| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6027| [19106] Apache Tomcat Information Disclosure Vulnerability
6028| [18138] Apache James SMTP Denial Of Service Vulnerability
6029| [17342] Apache Struts Multiple Remote Vulnerabilities
6030| [17095] Apache Log4Net Denial Of Service Vulnerability
6031| [16916] Apache mod_python FileSession Code Execution Vulnerability
6032| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6033| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6034| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6035| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6036| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6037| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6038| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6039| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6040| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6041| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6042| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6043| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6044| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6045| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6046| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6047| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6048| [14106] Apache HTTP Request Smuggling Vulnerability
6049| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6050| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6051| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6052| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6053| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6054| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6055| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6056| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6057| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6058| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6059| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6060| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6061| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6062| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6063| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6064| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6065| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6066| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6067| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6068| [11094] Apache mod_ssl Denial Of Service Vulnerability
6069| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6070| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6071| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6072| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6073| [10478] ClueCentral Apache Suexec Patch Security Weakness
6074| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6075| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6076| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6077| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6078| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6079| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6080| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6081| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6082| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6083| [9733] Apache Cygwin Directory Traversal Vulnerability
6084| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6085| [9590] Apache-SSL Client Certificate Forging Vulnerability
6086| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6087| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6088| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6089| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6090| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6091| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6092| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6093| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6094| [8898] Red Hat Apache Directory Index Default Configuration Error
6095| [8883] Apache Cocoon Directory Traversal Vulnerability
6096| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6097| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6098| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6099| [8707] Apache htpasswd Password Entropy Weakness
6100| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6101| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6102| [8226] Apache HTTP Server Multiple Vulnerabilities
6103| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6104| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6105| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6106| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6107| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6108| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6109| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6110| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6111| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6112| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6113| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6114| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6115| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6116| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6117| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6118| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6119| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6120| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6121| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6122| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6123| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6124| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6125| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6126| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6127| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6128| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6129| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6130| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6131| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6132| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6133| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6134| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6135| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6136| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6137| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6138| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6139| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6140| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6141| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6142| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6143| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6144| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6145| [5485] Apache 2.0 Path Disclosure Vulnerability
6146| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6147| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6148| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6149| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6150| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6151| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6152| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6153| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6154| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6155| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6156| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6157| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6158| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6159| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6160| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6161| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6162| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6163| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6164| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6165| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6166| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6167| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6168| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6169| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6170| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6171| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6172| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6173| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6174| [3596] Apache Split-Logfile File Append Vulnerability
6175| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6176| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6177| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6178| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6179| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6180| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6181| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6182| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6183| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6184| [3169] Apache Server Address Disclosure Vulnerability
6185| [3009] Apache Possible Directory Index Disclosure Vulnerability
6186| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6187| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6188| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6189| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6190| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6191| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6192| [2216] Apache Web Server DoS Vulnerability
6193| [2182] Apache /tmp File Race Vulnerability
6194| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6195| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6196| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6197| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6198| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6199| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6200| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6201| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6202| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6203| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6204| [1457] Apache::ASP source.asp Example Script Vulnerability
6205| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6206| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6207|
6208| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6209| [86258] Apache CloudStack text fields cross-site scripting
6210| [85983] Apache Subversion mod_dav_svn module denial of service
6211| [85875] Apache OFBiz UEL code execution
6212| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6213| [85871] Apache HTTP Server mod_session_dbd unspecified
6214| [85756] Apache Struts OGNL expression command execution
6215| [85755] Apache Struts DefaultActionMapper class open redirect
6216| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6217| [85574] Apache HTTP Server mod_dav denial of service
6218| [85573] Apache Struts Showcase App OGNL code execution
6219| [85496] Apache CXF denial of service
6220| [85423] Apache Geronimo RMI classloader code execution
6221| [85326] Apache Santuario XML Security for C++ buffer overflow
6222| [85323] Apache Santuario XML Security for Java spoofing
6223| [85319] Apache Qpid Python client SSL spoofing
6224| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6225| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6226| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6227| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6228| [84952] Apache Tomcat CVE-2012-3544 denial of service
6229| [84763] Apache Struts CVE-2013-2135 security bypass
6230| [84762] Apache Struts CVE-2013-2134 security bypass
6231| [84719] Apache Subversion CVE-2013-2088 command execution
6232| [84718] Apache Subversion CVE-2013-2112 denial of service
6233| [84717] Apache Subversion CVE-2013-1968 denial of service
6234| [84577] Apache Tomcat security bypass
6235| [84576] Apache Tomcat symlink
6236| [84543] Apache Struts CVE-2013-2115 security bypass
6237| [84542] Apache Struts CVE-2013-1966 security bypass
6238| [84154] Apache Tomcat session hijacking
6239| [84144] Apache Tomcat denial of service
6240| [84143] Apache Tomcat information disclosure
6241| [84111] Apache HTTP Server command execution
6242| [84043] Apache Virtual Computing Lab cross-site scripting
6243| [84042] Apache Virtual Computing Lab cross-site scripting
6244| [83782] Apache CloudStack information disclosure
6245| [83781] Apache CloudStack security bypass
6246| [83720] Apache ActiveMQ cross-site scripting
6247| [83719] Apache ActiveMQ denial of service
6248| [83718] Apache ActiveMQ denial of service
6249| [83263] Apache Subversion denial of service
6250| [83262] Apache Subversion denial of service
6251| [83261] Apache Subversion denial of service
6252| [83259] Apache Subversion denial of service
6253| [83035] Apache mod_ruid2 security bypass
6254| [82852] Apache Qpid federation_tag security bypass
6255| [82851] Apache Qpid qpid::framing::Buffer denial of service
6256| [82758] Apache Rave User RPC API information disclosure
6257| [82663] Apache Subversion svn_fs_file_length() denial of service
6258| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6259| [82641] Apache Qpid AMQP denial of service
6260| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6261| [82618] Apache Commons FileUpload symlink
6262| [82360] Apache HTTP Server manager interface cross-site scripting
6263| [82359] Apache HTTP Server hostnames cross-site scripting
6264| [82338] Apache Tomcat log/logdir information disclosure
6265| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6266| [82268] Apache OpenJPA deserialization command execution
6267| [81981] Apache CXF UsernameTokens security bypass
6268| [81980] Apache CXF WS-Security security bypass
6269| [81398] Apache OFBiz cross-site scripting
6270| [81240] Apache CouchDB directory traversal
6271| [81226] Apache CouchDB JSONP code execution
6272| [81225] Apache CouchDB Futon user interface cross-site scripting
6273| [81211] Apache Axis2/C SSL spoofing
6274| [81167] Apache CloudStack DeployVM information disclosure
6275| [81166] Apache CloudStack AddHost API information disclosure
6276| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6277| [80518] Apache Tomcat cross-site request forgery security bypass
6278| [80517] Apache Tomcat FormAuthenticator security bypass
6279| [80516] Apache Tomcat NIO denial of service
6280| [80408] Apache Tomcat replay-countermeasure security bypass
6281| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6282| [80317] Apache Tomcat slowloris denial of service
6283| [79984] Apache Commons HttpClient SSL spoofing
6284| [79983] Apache CXF SSL spoofing
6285| [79830] Apache Axis2/Java SSL spoofing
6286| [79829] Apache Axis SSL spoofing
6287| [79809] Apache Tomcat DIGEST security bypass
6288| [79806] Apache Tomcat parseHeaders() denial of service
6289| [79540] Apache OFBiz unspecified
6290| [79487] Apache Axis2 SAML security bypass
6291| [79212] Apache Cloudstack code execution
6292| [78734] Apache CXF SOAP Action security bypass
6293| [78730] Apache Qpid broker denial of service
6294| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6295| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6296| [78562] Apache mod_pagespeed module security bypass
6297| [78454] Apache Axis2 security bypass
6298| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6299| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6300| [78321] Apache Wicket unspecified cross-site scripting
6301| [78183] Apache Struts parameters denial of service
6302| [78182] Apache Struts cross-site request forgery
6303| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6304| [77987] mod_rpaf module for Apache denial of service
6305| [77958] Apache Struts skill name code execution
6306| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6307| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6308| [77568] Apache Qpid broker security bypass
6309| [77421] Apache Libcloud spoofing
6310| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6311| [77046] Oracle Solaris Apache HTTP Server information disclosure
6312| [76837] Apache Hadoop information disclosure
6313| [76802] Apache Sling CopyFrom denial of service
6314| [76692] Apache Hadoop symlink
6315| [76535] Apache Roller console cross-site request forgery
6316| [76534] Apache Roller weblog cross-site scripting
6317| [76152] Apache CXF elements security bypass
6318| [76151] Apache CXF child policies security bypass
6319| [75983] MapServer for Windows Apache file include
6320| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6321| [75558] Apache POI denial of service
6322| [75545] PHP apache_request_headers() buffer overflow
6323| [75302] Apache Qpid SASL security bypass
6324| [75211] Debian GNU/Linux apache 2 cross-site scripting
6325| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6326| [74871] Apache OFBiz FlexibleStringExpander code execution
6327| [74870] Apache OFBiz multiple cross-site scripting
6328| [74750] Apache Hadoop unspecified spoofing
6329| [74319] Apache Struts XSLTResult.java file upload
6330| [74313] Apache Traffic Server header buffer overflow
6331| [74276] Apache Wicket directory traversal
6332| [74273] Apache Wicket unspecified cross-site scripting
6333| [74181] Apache HTTP Server mod_fcgid module denial of service
6334| [73690] Apache Struts OGNL code execution
6335| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6336| [73100] Apache MyFaces in directory traversal
6337| [73096] Apache APR hash denial of service
6338| [73052] Apache Struts name cross-site scripting
6339| [73030] Apache CXF UsernameToken security bypass
6340| [72888] Apache Struts lastName cross-site scripting
6341| [72758] Apache HTTP Server httpOnly information disclosure
6342| [72757] Apache HTTP Server MPM denial of service
6343| [72585] Apache Struts ParameterInterceptor security bypass
6344| [72438] Apache Tomcat Digest security bypass
6345| [72437] Apache Tomcat Digest security bypass
6346| [72436] Apache Tomcat DIGEST security bypass
6347| [72425] Apache Tomcat parameter denial of service
6348| [72422] Apache Tomcat request object information disclosure
6349| [72377] Apache HTTP Server scoreboard security bypass
6350| [72345] Apache HTTP Server HTTP request denial of service
6351| [72229] Apache Struts ExceptionDelegator command execution
6352| [72089] Apache Struts ParameterInterceptor directory traversal
6353| [72088] Apache Struts CookieInterceptor command execution
6354| [72047] Apache Geronimo hash denial of service
6355| [72016] Apache Tomcat hash denial of service
6356| [71711] Apache Struts OGNL expression code execution
6357| [71654] Apache Struts interfaces security bypass
6358| [71620] Apache ActiveMQ failover denial of service
6359| [71617] Apache HTTP Server mod_proxy module information disclosure
6360| [71508] Apache MyFaces EL security bypass
6361| [71445] Apache HTTP Server mod_proxy security bypass
6362| [71203] Apache Tomcat servlets privilege escalation
6363| [71181] Apache HTTP Server ap_pregsub() denial of service
6364| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6365| [70336] Apache HTTP Server mod_proxy information disclosure
6366| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6367| [69472] Apache Tomcat AJP security bypass
6368| [69396] Apache HTTP Server ByteRange filter denial of service
6369| [69394] Apache Wicket multi window support cross-site scripting
6370| [69176] Apache Tomcat XML information disclosure
6371| [69161] Apache Tomcat jsvc information disclosure
6372| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6373| [68541] Apache Tomcat sendfile information disclosure
6374| [68420] Apache XML Security denial of service
6375| [68238] Apache Tomcat JMX information disclosure
6376| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6377| [67804] Apache Subversion control rules information disclosure
6378| [67803] Apache Subversion control rules denial of service
6379| [67802] Apache Subversion baselined denial of service
6380| [67672] Apache Archiva multiple cross-site scripting
6381| [67671] Apache Archiva multiple cross-site request forgery
6382| [67564] Apache APR apr_fnmatch() denial of service
6383| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6384| [67515] Apache Tomcat annotations security bypass
6385| [67480] Apache Struts s:submit information disclosure
6386| [67414] Apache APR apr_fnmatch() denial of service
6387| [67356] Apache Struts javatemplates cross-site scripting
6388| [67354] Apache Struts Xwork cross-site scripting
6389| [66676] Apache Tomcat HTTP BIO information disclosure
6390| [66675] Apache Tomcat web.xml security bypass
6391| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6392| [66241] Apache HttpComponents information disclosure
6393| [66154] Apache Tomcat ServletSecurity security bypass
6394| [65971] Apache Tomcat ServletSecurity security bypass
6395| [65876] Apache Subversion mod_dav_svn denial of service
6396| [65343] Apache Continuum unspecified cross-site scripting
6397| [65162] Apache Tomcat NIO connector denial of service
6398| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6399| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6400| [65159] Apache Tomcat ServletContect security bypass
6401| [65050] Apache CouchDB web-based administration UI cross-site scripting
6402| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6403| [64473] Apache Subversion blame -g denial of service
6404| [64472] Apache Subversion walk() denial of service
6405| [64407] Apache Axis2 CVE-2010-0219 code execution
6406| [63926] Apache Archiva password privilege escalation
6407| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6408| [63493] Apache Archiva credentials cross-site request forgery
6409| [63477] Apache Tomcat HttpOnly session hijacking
6410| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6411| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6412| [62959] Apache Shiro filters security bypass
6413| [62790] Apache Perl cgi module denial of service
6414| [62576] Apache Qpid exchange denial of service
6415| [62575] Apache Qpid AMQP denial of service
6416| [62354] Apache Qpid SSL denial of service
6417| [62235] Apache APR-util apr_brigade_split_line() denial of service
6418| [62181] Apache XML-RPC SAX Parser information disclosure
6419| [61721] Apache Traffic Server cache poisoning
6420| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6421| [61186] Apache CouchDB Futon cross-site request forgery
6422| [61169] Apache CXF DTD denial of service
6423| [61070] Apache Jackrabbit search.jsp SQL injection
6424| [61006] Apache SLMS Quoting cross-site request forgery
6425| [60962] Apache Tomcat time cross-site scripting
6426| [60883] Apache mod_proxy_http information disclosure
6427| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6428| [60264] Apache Tomcat Transfer-Encoding denial of service
6429| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6430| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6431| [59413] Apache mod_proxy_http timeout information disclosure
6432| [59058] Apache MyFaces unencrypted view state cross-site scripting
6433| [58827] Apache Axis2 xsd file include
6434| [58790] Apache Axis2 modules cross-site scripting
6435| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6436| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6437| [58056] Apache ActiveMQ .jsp source code disclosure
6438| [58055] Apache Tomcat realm name information disclosure
6439| [58046] Apache HTTP Server mod_auth_shadow security bypass
6440| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6441| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6442| [57429] Apache CouchDB algorithms information disclosure
6443| [57398] Apache ActiveMQ Web console cross-site request forgery
6444| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6445| [56653] Apache HTTP Server DNS spoofing
6446| [56652] Apache HTTP Server DNS cross-site scripting
6447| [56625] Apache HTTP Server request header information disclosure
6448| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6449| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6450| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6451| [55857] Apache Tomcat WAR files directory traversal
6452| [55856] Apache Tomcat autoDeploy attribute security bypass
6453| [55855] Apache Tomcat WAR directory traversal
6454| [55210] Intuit component for Joomla! Apache information disclosure
6455| [54533] Apache Tomcat 404 error page cross-site scripting
6456| [54182] Apache Tomcat admin default password
6457| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6458| [53666] Apache HTTP Server Solaris pollset support denial of service
6459| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6460| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6461| [53041] mod_proxy_ftp module for Apache denial of service
6462| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6463| [51953] Apache Tomcat Path Disclosure
6464| [51952] Apache Tomcat Path Traversal
6465| [51951] Apache stronghold-status Information Disclosure
6466| [51950] Apache stronghold-info Information Disclosure
6467| [51949] Apache PHP Source Code Disclosure
6468| [51948] Apache Multiviews Attack
6469| [51946] Apache JServ Environment Status Information Disclosure
6470| [51945] Apache error_log Information Disclosure
6471| [51944] Apache Default Installation Page Pattern Found
6472| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6473| [51942] Apache AXIS XML External Entity File Retrieval
6474| [51941] Apache AXIS Sample Servlet Information Leak
6475| [51940] Apache access_log Information Disclosure
6476| [51626] Apache mod_deflate denial of service
6477| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6478| [51365] Apache Tomcat RequestDispatcher security bypass
6479| [51273] Apache HTTP Server Incomplete Request denial of service
6480| [51195] Apache Tomcat XML information disclosure
6481| [50994] Apache APR-util xml/apr_xml.c denial of service
6482| [50993] Apache APR-util apr_brigade_vprintf denial of service
6483| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6484| [50930] Apache Tomcat j_security_check information disclosure
6485| [50928] Apache Tomcat AJP denial of service
6486| [50884] Apache HTTP Server XML ENTITY denial of service
6487| [50808] Apache HTTP Server AllowOverride privilege escalation
6488| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6489| [50059] Apache mod_proxy_ajp information disclosure
6490| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6491| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6492| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6493| [49921] Apache ActiveMQ Web interface cross-site scripting
6494| [49898] Apache Geronimo Services/Repository directory traversal
6495| [49725] Apache Tomcat mod_jk module information disclosure
6496| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6497| [49712] Apache Struts unspecified cross-site scripting
6498| [49213] Apache Tomcat cal2.jsp cross-site scripting
6499| [48934] Apache Tomcat POST doRead method information disclosure
6500| [48211] Apache Tomcat header HTTP request smuggling
6501| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6502| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6503| [47709] Apache Roller "
6504| [47104] Novell Netware ApacheAdmin console security bypass
6505| [47086] Apache HTTP Server OS fingerprinting unspecified
6506| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6507| [45791] Apache Tomcat RemoteFilterValve security bypass
6508| [44435] Oracle WebLogic Apache Connector buffer overflow
6509| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6510| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6511| [44156] Apache Tomcat RequestDispatcher directory traversal
6512| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6513| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6514| [42987] Apache HTTP Server mod_proxy module denial of service
6515| [42915] Apache Tomcat JSP files path disclosure
6516| [42914] Apache Tomcat MS-DOS path disclosure
6517| [42892] Apache Tomcat unspecified unauthorized access
6518| [42816] Apache Tomcat Host Manager cross-site scripting
6519| [42303] Apache 403 error cross-site scripting
6520| [41618] Apache-SSL ExpandCert() authentication bypass
6521| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6522| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6523| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6524| [40562] Apache Geronimo init information disclosure
6525| [40478] Novell Web Manager webadmin-apache.conf security bypass
6526| [40411] Apache Tomcat exception handling information disclosure
6527| [40409] Apache Tomcat native (APR based) connector weak security
6528| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6529| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6530| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6531| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6532| [39804] Apache Tomcat SingleSignOn information disclosure
6533| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6534| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6535| [39608] Apache HTTP Server balancer manager cross-site request forgery
6536| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6537| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6538| [39472] Apache HTTP Server mod_status cross-site scripting
6539| [39201] Apache Tomcat JULI logging weak security
6540| [39158] Apache HTTP Server Windows SMB shares information disclosure
6541| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6542| [38951] Apache::AuthCAS Perl module cookie SQL injection
6543| [38800] Apache HTTP Server 413 error page cross-site scripting
6544| [38211] Apache Geronimo SQLLoginModule authentication bypass
6545| [37243] Apache Tomcat WebDAV directory traversal
6546| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
6547| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
6548| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
6549| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
6550| [36782] Apache Geronimo MEJB unauthorized access
6551| [36586] Apache HTTP Server UTF-7 cross-site scripting
6552| [36468] Apache Geronimo LoginModule security bypass
6553| [36467] Apache Tomcat functions.jsp cross-site scripting
6554| [36402] Apache Tomcat calendar cross-site request forgery
6555| [36354] Apache HTTP Server mod_proxy module denial of service
6556| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
6557| [36336] Apache Derby lock table privilege escalation
6558| [36335] Apache Derby schema privilege escalation
6559| [36006] Apache Tomcat "
6560| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
6561| [35999] Apache Tomcat \"
6562| [35795] Apache Tomcat CookieExample cross-site scripting
6563| [35536] Apache Tomcat SendMailServlet example cross-site scripting
6564| [35384] Apache HTTP Server mod_cache module denial of service
6565| [35097] Apache HTTP Server mod_status module cross-site scripting
6566| [35095] Apache HTTP Server Prefork MPM module denial of service
6567| [34984] Apache HTTP Server recall_headers information disclosure
6568| [34966] Apache HTTP Server MPM content spoofing
6569| [34965] Apache HTTP Server MPM information disclosure
6570| [34963] Apache HTTP Server MPM multiple denial of service
6571| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
6572| [34869] Apache Tomcat JSP example Web application cross-site scripting
6573| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
6574| [34496] Apache Tomcat JK Connector security bypass
6575| [34377] Apache Tomcat hello.jsp cross-site scripting
6576| [34212] Apache Tomcat SSL configuration security bypass
6577| [34210] Apache Tomcat Accept-Language cross-site scripting
6578| [34209] Apache Tomcat calendar application cross-site scripting
6579| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
6580| [34167] Apache Axis WSDL file path disclosure
6581| [34068] Apache Tomcat AJP connector information disclosure
6582| [33584] Apache HTTP Server suEXEC privilege escalation
6583| [32988] Apache Tomcat proxy module directory traversal
6584| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
6585| [32708] Debian Apache tty privilege escalation
6586| [32441] ApacheStats extract() PHP call unspecified
6587| [32128] Apache Tomcat default account
6588| [31680] Apache Tomcat RequestParamExample cross-site scripting
6589| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
6590| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
6591| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
6592| [30456] Apache mod_auth_kerb off-by-one buffer overflow
6593| [29550] Apache mod_tcl set_var() format string
6594| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
6595| [28357] Apache HTTP Server mod_alias script source information disclosure
6596| [28063] Apache mod_rewrite off-by-one buffer overflow
6597| [27902] Apache Tomcat URL information disclosure
6598| [26786] Apache James SMTP server denial of service
6599| [25680] libapache2 /tmp/svn file upload
6600| [25614] Apache Struts lookupMap cross-site scripting
6601| [25613] Apache Struts ActionForm denial of service
6602| [25612] Apache Struts isCancelled() security bypass
6603| [24965] Apache mod_python FileSession command execution
6604| [24716] Apache James spooler memory leak denial of service
6605| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
6606| [24158] Apache Geronimo jsp-examples cross-site scripting
6607| [24030] Apache auth_ldap module multiple format strings
6608| [24008] Apache mod_ssl custom error message denial of service
6609| [24003] Apache mod_auth_pgsql module multiple syslog format strings
6610| [23612] Apache mod_imap referer field cross-site scripting
6611| [23173] Apache Struts error message cross-site scripting
6612| [22942] Apache Tomcat directory listing denial of service
6613| [22858] Apache Multi-Processing Module code allows denial of service
6614| [22602] RHSA-2005:582 updates for Apache httpd not installed
6615| [22520] Apache mod-auth-shadow "
6616| [22466] ApacheTop symlink
6617| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
6618| [22006] Apache HTTP Server byte-range filter denial of service
6619| [21567] Apache mod_ssl off-by-one buffer overflow
6620| [21195] Apache HTTP Server header HTTP request smuggling
6621| [20383] Apache HTTP Server htdigest buffer overflow
6622| [19681] Apache Tomcat AJP12 request denial of service
6623| [18993] Apache HTTP server check_forensic symlink attack
6624| [18790] Apache Tomcat Manager cross-site scripting
6625| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
6626| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
6627| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
6628| [17961] Apache Web server ServerTokens has not been set
6629| [17930] Apache HTTP Server HTTP GET request denial of service
6630| [17785] Apache mod_include module buffer overflow
6631| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
6632| [17473] Apache HTTP Server Satisfy directive allows access to resources
6633| [17413] Apache htpasswd buffer overflow
6634| [17384] Apache HTTP Server environment variable configuration file buffer overflow
6635| [17382] Apache HTTP Server IPv6 apr_util denial of service
6636| [17366] Apache HTTP Server mod_dav module LOCK denial of service
6637| [17273] Apache HTTP Server speculative mode denial of service
6638| [17200] Apache HTTP Server mod_ssl denial of service
6639| [16890] Apache HTTP Server server-info request has been detected
6640| [16889] Apache HTTP Server server-status request has been detected
6641| [16705] Apache mod_ssl format string attack
6642| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
6643| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
6644| [16230] Apache HTTP Server PHP denial of service
6645| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
6646| [15958] Apache HTTP Server authentication modules memory corruption
6647| [15547] Apache HTTP Server mod_disk_cache local information disclosure
6648| [15540] Apache HTTP Server socket starvation denial of service
6649| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
6650| [15422] Apache HTTP Server mod_access information disclosure
6651| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
6652| [15293] Apache for Cygwin "
6653| [15065] Apache-SSL has a default password
6654| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
6655| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
6656| [14751] Apache Mod_python output filter information disclosure
6657| [14125] Apache HTTP Server mod_userdir module information disclosure
6658| [14075] Apache HTTP Server mod_php file descriptor leak
6659| [13703] Apache HTTP Server account
6660| [13689] Apache HTTP Server configuration allows symlinks
6661| [13688] Apache HTTP Server configuration allows SSI
6662| [13687] Apache HTTP Server Server: header value
6663| [13685] Apache HTTP Server ServerTokens value
6664| [13684] Apache HTTP Server ServerSignature value
6665| [13672] Apache HTTP Server config allows directory autoindexing
6666| [13671] Apache HTTP Server default content
6667| [13670] Apache HTTP Server config file directive references outside content root
6668| [13668] Apache HTTP Server httpd not running in chroot environment
6669| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
6670| [13664] Apache HTTP Server config file contains ScriptAlias entry
6671| [13663] Apache HTTP Server CGI support modules loaded
6672| [13661] Apache HTTP Server config file contains AddHandler entry
6673| [13660] Apache HTTP Server 500 error page not CGI script
6674| [13659] Apache HTTP Server 413 error page not CGI script
6675| [13658] Apache HTTP Server 403 error page not CGI script
6676| [13657] Apache HTTP Server 401 error page not CGI script
6677| [13552] Apache HTTP Server mod_cgid module information disclosure
6678| [13550] Apache GET request directory traversal
6679| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
6680| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
6681| [13429] Apache Tomcat non-HTTP request denial of service
6682| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
6683| [13295] Apache weak password encryption
6684| [13254] Apache Tomcat .jsp cross-site scripting
6685| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
6686| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
6687| [12681] Apache HTTP Server mod_proxy could allow mail relaying
6688| [12662] Apache HTTP Server rotatelogs denial of service
6689| [12554] Apache Tomcat stores password in plain text
6690| [12553] Apache HTTP Server redirects and subrequests denial of service
6691| [12552] Apache HTTP Server FTP proxy server denial of service
6692| [12551] Apache HTTP Server prefork MPM denial of service
6693| [12550] Apache HTTP Server weaker than expected encryption
6694| [12549] Apache HTTP Server type-map file denial of service
6695| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
6696| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
6697| [12091] Apache HTTP Server apr_password_validate denial of service
6698| [12090] Apache HTTP Server apr_psprintf code execution
6699| [11804] Apache HTTP Server mod_access_referer denial of service
6700| [11750] Apache HTTP Server could leak sensitive file descriptors
6701| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
6702| [11703] Apache long slash path allows directory listing
6703| [11695] Apache HTTP Server LF (Line Feed) denial of service
6704| [11694] Apache HTTP Server filestat.c denial of service
6705| [11438] Apache HTTP Server MIME message boundaries information disclosure
6706| [11412] Apache HTTP Server error log terminal escape sequence injection
6707| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
6708| [11195] Apache Tomcat web.xml could be used to read files
6709| [11194] Apache Tomcat URL appended with a null character could list directories
6710| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
6711| [11126] Apache HTTP Server illegal character file disclosure
6712| [11125] Apache HTTP Server DOS device name HTTP POST code execution
6713| [11124] Apache HTTP Server DOS device name denial of service
6714| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
6715| [10938] Apache HTTP Server printenv test CGI cross-site scripting
6716| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
6717| [10575] Apache mod_php module could allow an attacker to take over the httpd process
6718| [10499] Apache HTTP Server WebDAV HTTP POST view source
6719| [10457] Apache HTTP Server mod_ssl "
6720| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
6721| [10414] Apache HTTP Server htdigest multiple buffer overflows
6722| [10413] Apache HTTP Server htdigest temporary file race condition
6723| [10412] Apache HTTP Server htpasswd temporary file race condition
6724| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
6725| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
6726| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
6727| [10280] Apache HTTP Server shared memory scorecard overwrite
6728| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
6729| [10241] Apache HTTP Server Host: header cross-site scripting
6730| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
6731| [10208] Apache HTTP Server mod_dav denial of service
6732| [10206] HP VVOS Apache mod_ssl denial of service
6733| [10200] Apache HTTP Server stderr denial of service
6734| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
6735| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
6736| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
6737| [10098] Slapper worm targets OpenSSL/Apache systems
6738| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
6739| [9875] Apache HTTP Server .var file request could disclose installation path
6740| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
6741| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
6742| [9623] Apache HTTP Server ap_log_rerror() path disclosure
6743| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
6744| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
6745| [9396] Apache Tomcat null character to threads denial of service
6746| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
6747| [9249] Apache HTTP Server chunked encoding heap buffer overflow
6748| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
6749| [8932] Apache Tomcat example class information disclosure
6750| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
6751| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
6752| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
6753| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
6754| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
6755| [8400] Apache HTTP Server mod_frontpage buffer overflows
6756| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
6757| [8308] Apache "
6758| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
6759| [8119] Apache and PHP OPTIONS request reveals "
6760| [8054] Apache is running on the system
6761| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
6762| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
6763| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
6764| [7836] Apache HTTP Server log directory denial of service
6765| [7815] Apache for Windows "
6766| [7810] Apache HTTP request could result in unexpected behavior
6767| [7599] Apache Tomcat reveals installation path
6768| [7494] Apache "
6769| [7419] Apache Web Server could allow remote attackers to overwrite .log files
6770| [7363] Apache Web Server hidden HTTP requests
6771| [7249] Apache mod_proxy denial of service
6772| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
6773| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
6774| [7059] Apache "
6775| [7057] Apache "
6776| [7056] Apache "
6777| [7055] Apache "
6778| [7054] Apache "
6779| [6997] Apache Jakarta Tomcat error message may reveal information
6780| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
6781| [6970] Apache crafted HTTP request could reveal the internal IP address
6782| [6921] Apache long slash path allows directory listing
6783| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
6784| [6527] Apache Web Server for Windows and OS2 denial of service
6785| [6316] Apache Jakarta Tomcat may reveal JSP source code
6786| [6305] Apache Jakarta Tomcat directory traversal
6787| [5926] Linux Apache symbolic link
6788| [5659] Apache Web server discloses files when used with php script
6789| [5310] Apache mod_rewrite allows attacker to view arbitrary files
6790| [5204] Apache WebDAV directory listings
6791| [5197] Apache Web server reveals CGI script source code
6792| [5160] Apache Jakarta Tomcat default installation
6793| [5099] Trustix Secure Linux installs Apache with world writable access
6794| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
6795| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
6796| [4931] Apache source.asp example file allows users to write to files
6797| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
6798| [4205] Apache Jakarta Tomcat delivers file contents
6799| [2084] Apache on Debian by default serves the /usr/doc directory
6800| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
6801| [697] Apache HTTP server beck exploit
6802| [331] Apache cookies buffer overflow
6803|
6804| Exploit-DB - https://www.exploit-db.com:
6805| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
6806| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6807| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6808| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
6809| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
6810| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
6811| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
6812| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
6813| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
6814| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6815| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
6816| [29859] Apache Roller OGNL Injection
6817| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
6818| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
6819| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
6820| [29290] Apache / PHP 5.x Remote Code Execution Exploit
6821| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
6822| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
6823| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
6824| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
6825| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
6826| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
6827| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
6828| [27096] Apache Geronimo 1.0 Error Page XSS
6829| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
6830| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
6831| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
6832| [25986] Plesk Apache Zeroday Remote Exploit
6833| [25980] Apache Struts includeParams Remote Code Execution
6834| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
6835| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
6836| [24874] Apache Struts ParametersInterceptor Remote Code Execution
6837| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
6838| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
6839| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
6840| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
6841| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
6842| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
6843| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
6844| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
6845| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
6846| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
6847| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
6848| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
6849| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
6850| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
6851| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
6852| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
6853| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6854| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
6855| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
6856| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6857| [21719] Apache 2.0 Path Disclosure Vulnerability
6858| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6859| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
6860| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
6861| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
6862| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
6863| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
6864| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
6865| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
6866| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
6867| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
6868| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
6869| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6870| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6871| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
6872| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6873| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6874| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6875| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6876| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6877| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6878| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6879| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6880| [20558] Apache 1.2 Web Server DoS Vulnerability
6881| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6882| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6883| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6884| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6885| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6886| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6887| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6888| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
6889| [19231] PHP apache_request_headers Function Buffer Overflow
6890| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6891| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6892| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6893| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6894| [18442] Apache httpOnly Cookie Disclosure
6895| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6896| [18221] Apache HTTP Server Denial of Service
6897| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6898| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6899| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6900| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6901| [16782] Apache Win32 Chunked Encoding
6902| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6903| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6904| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6905| [15319] Apache 2.2 (Windows) Local Denial of Service
6906| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6907| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6908| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6909| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6910| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6911| [12330] Apache OFBiz - Multiple XSS
6912| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6913| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6914| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6915| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6916| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6917| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6918| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6919| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6920| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6921| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6922| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6923| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6924| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6925| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6926| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6927| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6928| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6929| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6930| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6931| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6932| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6933| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6934| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6935| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6936| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6937| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6938| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6939| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
6940| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
6941| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
6942| [466] htpasswd Apache 1.3.31 - Local Exploit
6943| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
6944| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
6945| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
6946| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
6947| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
6948| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
6949| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
6950| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
6951| [9] Apache HTTP Server 2.x Memory Leak Exploit
6952|
6953| OpenVAS (Nessus) - http://www.openvas.org:
6954| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
6955| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
6956| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6957| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
6958| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
6959| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6960| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6961| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
6962| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
6963| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
6964| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
6965| [900571] Apache APR-Utils Version Detection
6966| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
6967| [900496] Apache Tiles Multiple XSS Vulnerability
6968| [900493] Apache Tiles Version Detection
6969| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
6970| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
6971| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
6972| [870175] RedHat Update for apache RHSA-2008:0004-01
6973| [864591] Fedora Update for apache-poi FEDORA-2012-10835
6974| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
6975| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
6976| [864250] Fedora Update for apache-poi FEDORA-2012-7683
6977| [864249] Fedora Update for apache-poi FEDORA-2012-7686
6978| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
6979| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
6980| [855821] Solaris Update for Apache 1.3 122912-19
6981| [855812] Solaris Update for Apache 1.3 122911-19
6982| [855737] Solaris Update for Apache 1.3 122911-17
6983| [855731] Solaris Update for Apache 1.3 122912-17
6984| [855695] Solaris Update for Apache 1.3 122911-16
6985| [855645] Solaris Update for Apache 1.3 122912-16
6986| [855587] Solaris Update for kernel update and Apache 108529-29
6987| [855566] Solaris Update for Apache 116973-07
6988| [855531] Solaris Update for Apache 116974-07
6989| [855524] Solaris Update for Apache 2 120544-14
6990| [855494] Solaris Update for Apache 1.3 122911-15
6991| [855478] Solaris Update for Apache Security 114145-11
6992| [855472] Solaris Update for Apache Security 113146-12
6993| [855179] Solaris Update for Apache 1.3 122912-15
6994| [855147] Solaris Update for kernel update and Apache 108528-29
6995| [855077] Solaris Update for Apache 2 120543-14
6996| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
6997| [850088] SuSE Update for apache2 SUSE-SA:2007:061
6998| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
6999| [841209] Ubuntu Update for apache2 USN-1627-1
7000| [840900] Ubuntu Update for apache2 USN-1368-1
7001| [840798] Ubuntu Update for apache2 USN-1259-1
7002| [840734] Ubuntu Update for apache2 USN-1199-1
7003| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7004| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7005| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7006| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7007| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7008| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7009| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7010| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7011| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7012| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7013| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7014| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7015| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7016| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7017| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7018| [835188] HP-UX Update for Apache HPSBUX02308
7019| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7020| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7021| [835172] HP-UX Update for Apache HPSBUX02365
7022| [835168] HP-UX Update for Apache HPSBUX02313
7023| [835148] HP-UX Update for Apache HPSBUX01064
7024| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7025| [835131] HP-UX Update for Apache HPSBUX00256
7026| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7027| [835104] HP-UX Update for Apache HPSBUX00224
7028| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7029| [835101] HP-UX Update for Apache HPSBUX01232
7030| [835080] HP-UX Update for Apache HPSBUX02273
7031| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7032| [835044] HP-UX Update for Apache HPSBUX01019
7033| [835040] HP-UX Update for Apache PHP HPSBUX00207
7034| [835025] HP-UX Update for Apache HPSBUX00197
7035| [835023] HP-UX Update for Apache HPSBUX01022
7036| [835022] HP-UX Update for Apache HPSBUX02292
7037| [835005] HP-UX Update for Apache HPSBUX02262
7038| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7039| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7040| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7041| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7042| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7043| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7044| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7045| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7046| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7047| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7048| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7049| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7050| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7051| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7052| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7053| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7054| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7055| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7056| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7057| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7058| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7059| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7060| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7061| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7062| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7063| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7064| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7065| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7066| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7067| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7068| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7069| [801942] Apache Archiva Multiple Vulnerabilities
7070| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7071| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7072| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7073| [801284] Apache Derby Information Disclosure Vulnerability
7074| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7075| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7076| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7077| [800680] Apache APR Version Detection
7078| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7079| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7080| [800677] Apache Roller Version Detection
7081| [800279] Apache mod_jk Module Version Detection
7082| [800278] Apache Struts Cross Site Scripting Vulnerability
7083| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7084| [800276] Apache Struts Version Detection
7085| [800271] Apache Struts Directory Traversal Vulnerability
7086| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7087| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7088| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7089| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7090| [103074] Apache Continuum Cross Site Scripting Vulnerability
7091| [103073] Apache Continuum Detection
7092| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7093| [101023] Apache Open For Business Weak Password security check
7094| [101020] Apache Open For Business HTML injection vulnerability
7095| [101019] Apache Open For Business service detection
7096| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7097| [100923] Apache Archiva Detection
7098| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7099| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7100| [100813] Apache Axis2 Detection
7101| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7102| [100795] Apache Derby Detection
7103| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7104| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7105| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7106| [100514] Apache Multiple Security Vulnerabilities
7107| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7108| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7109| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7110| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7111| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7112| [72612] FreeBSD Ports: apache22
7113| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7114| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7115| [71512] FreeBSD Ports: apache
7116| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7117| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7118| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7119| [70737] FreeBSD Ports: apache
7120| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7121| [70600] FreeBSD Ports: apache
7122| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7123| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7124| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7125| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7126| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7127| [67868] FreeBSD Ports: apache
7128| [66816] FreeBSD Ports: apache
7129| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7130| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7131| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7132| [66081] SLES11: Security update for Apache 2
7133| [66074] SLES10: Security update for Apache 2
7134| [66070] SLES9: Security update for Apache 2
7135| [65998] SLES10: Security update for apache2-mod_python
7136| [65893] SLES10: Security update for Apache 2
7137| [65888] SLES10: Security update for Apache 2
7138| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7139| [65510] SLES9: Security update for Apache 2
7140| [65472] SLES9: Security update for Apache
7141| [65467] SLES9: Security update for Apache
7142| [65450] SLES9: Security update for apache2
7143| [65390] SLES9: Security update for Apache2
7144| [65363] SLES9: Security update for Apache2
7145| [65309] SLES9: Security update for Apache and mod_ssl
7146| [65296] SLES9: Security update for webdav apache module
7147| [65283] SLES9: Security update for Apache2
7148| [65249] SLES9: Security update for Apache 2
7149| [65230] SLES9: Security update for Apache 2
7150| [65228] SLES9: Security update for Apache 2
7151| [65212] SLES9: Security update for apache2-mod_python
7152| [65209] SLES9: Security update for apache2-worker
7153| [65207] SLES9: Security update for Apache 2
7154| [65168] SLES9: Security update for apache2-mod_python
7155| [65142] SLES9: Security update for Apache2
7156| [65136] SLES9: Security update for Apache 2
7157| [65132] SLES9: Security update for apache
7158| [65131] SLES9: Security update for Apache 2 oes/CORE
7159| [65113] SLES9: Security update for apache2
7160| [65072] SLES9: Security update for apache and mod_ssl
7161| [65017] SLES9: Security update for Apache 2
7162| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7163| [64783] FreeBSD Ports: apache
7164| [64774] Ubuntu USN-802-2 (apache2)
7165| [64653] Ubuntu USN-813-2 (apache2)
7166| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7167| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7168| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7169| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7170| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7171| [64443] Ubuntu USN-802-1 (apache2)
7172| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7173| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7174| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7175| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7176| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7177| [64201] Ubuntu USN-787-1 (apache2)
7178| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7179| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7180| [63565] FreeBSD Ports: apache
7181| [63562] Ubuntu USN-731-1 (apache2)
7182| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7183| [61185] FreeBSD Ports: apache
7184| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7185| [60387] Slackware Advisory SSA:2008-045-02 apache
7186| [58826] FreeBSD Ports: apache-tomcat
7187| [58825] FreeBSD Ports: apache-tomcat
7188| [58804] FreeBSD Ports: apache
7189| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7190| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7191| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7192| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7193| [57335] Debian Security Advisory DSA 1167-1 (apache)
7194| [57201] Debian Security Advisory DSA 1131-1 (apache)
7195| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7196| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7197| [57145] FreeBSD Ports: apache
7198| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7199| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7200| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7201| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7202| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7203| [56067] FreeBSD Ports: apache
7204| [55803] Slackware Advisory SSA:2005-310-04 apache
7205| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7206| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7207| [55355] FreeBSD Ports: apache
7208| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7209| [55261] Debian Security Advisory DSA 805-1 (apache2)
7210| [55259] Debian Security Advisory DSA 803-1 (apache)
7211| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7212| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7213| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7214| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7215| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7216| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7217| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7218| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7219| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7220| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7221| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7222| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7223| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7224| [54439] FreeBSD Ports: apache
7225| [53931] Slackware Advisory SSA:2004-133-01 apache
7226| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7227| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7228| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7229| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7230| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7231| [53848] Debian Security Advisory DSA 131-1 (apache)
7232| [53784] Debian Security Advisory DSA 021-1 (apache)
7233| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7234| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7235| [53735] Debian Security Advisory DSA 187-1 (apache)
7236| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7237| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7238| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7239| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7240| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7241| [53282] Debian Security Advisory DSA 594-1 (apache)
7242| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7243| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7244| [53215] Debian Security Advisory DSA 525-1 (apache)
7245| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7246| [52529] FreeBSD Ports: apache+ssl
7247| [52501] FreeBSD Ports: apache
7248| [52461] FreeBSD Ports: apache
7249| [52390] FreeBSD Ports: apache
7250| [52389] FreeBSD Ports: apache
7251| [52388] FreeBSD Ports: apache
7252| [52383] FreeBSD Ports: apache
7253| [52339] FreeBSD Ports: apache+mod_ssl
7254| [52331] FreeBSD Ports: apache
7255| [52329] FreeBSD Ports: ru-apache+mod_ssl
7256| [52314] FreeBSD Ports: apache
7257| [52310] FreeBSD Ports: apache
7258| [15588] Detect Apache HTTPS
7259| [15555] Apache mod_proxy content-length buffer overflow
7260| [15554] Apache mod_include priviledge escalation
7261| [14771] Apache <= 1.3.33 htpasswd local overflow
7262| [14177] Apache mod_access rule bypass
7263| [13644] Apache mod_rootme Backdoor
7264| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7265| [12280] Apache Connection Blocking Denial of Service
7266| [12239] Apache Error Log Escape Sequence Injection
7267| [12123] Apache Tomcat source.jsp malformed request information disclosure
7268| [12085] Apache Tomcat servlet/JSP container default files
7269| [11438] Apache Tomcat Directory Listing and File disclosure
7270| [11204] Apache Tomcat Default Accounts
7271| [11092] Apache 2.0.39 Win32 directory traversal
7272| [11046] Apache Tomcat TroubleShooter Servlet Installed
7273| [11042] Apache Tomcat DOS Device Name XSS
7274| [11041] Apache Tomcat /servlet Cross Site Scripting
7275| [10938] Apache Remote Command Execution via .bat files
7276| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7277| [10773] MacOS X Finder reveals contents of Apache Web files
7278| [10766] Apache UserDir Sensitive Information Disclosure
7279| [10756] MacOS X Finder reveals contents of Apache Web directories
7280| [10752] Apache Auth Module SQL Insertion Attack
7281| [10704] Apache Directory Listing
7282| [10678] Apache /server-info accessible
7283| [10677] Apache /server-status accessible
7284| [10440] Check for Apache Multiple / vulnerability
7285|
7286| SecurityTracker - https://www.securitytracker.com:
7287| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7288| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7289| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7290| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7291| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7292| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7293| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7294| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7295| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7296| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7297| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7298| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7299| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7300| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7301| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7302| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7303| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7304| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7305| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7306| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7307| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7308| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7309| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7310| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7311| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7312| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7313| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7314| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7315| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7316| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7317| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7318| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7319| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7320| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7321| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7322| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7323| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7324| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7325| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7326| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7327| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7328| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7329| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7330| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7331| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7332| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7333| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7334| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7335| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7336| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7337| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7338| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7339| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7340| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7341| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7342| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7343| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7344| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7345| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7346| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7347| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7348| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7349| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7350| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7351| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7352| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7353| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7354| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7355| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7356| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7357| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7358| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7359| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7360| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7361| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7362| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7363| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7364| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7365| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7366| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7367| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7368| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7369| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7370| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7371| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7372| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7373| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7374| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7375| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7376| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7377| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7378| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7379| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7380| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7381| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7382| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7383| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7384| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7385| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7386| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7387| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7388| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7389| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7390| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7391| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7392| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7393| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7394| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7395| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7396| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7397| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7398| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7399| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7400| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7401| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7402| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7403| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7404| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7405| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7406| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7407| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7408| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7409| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7410| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7411| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7412| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7413| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7414| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7415| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7416| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7417| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7418| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7419| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7420| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7421| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7422| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7423| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7424| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7425| [1008920] Apache mod_digest May Validate Replayed Client Responses
7426| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7427| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7428| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7429| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7430| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7431| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7432| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7433| [1008029] Apache mod_alias Contains a Buffer Overflow
7434| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7435| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7436| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7437| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7438| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7439| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7440| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7441| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7442| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7443| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7444| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7445| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7446| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7447| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7448| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7449| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7450| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7451| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7452| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7453| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7454| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7455| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7456| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7457| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7458| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7459| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7460| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7461| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7462| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7463| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7464| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7465| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7466| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7467| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7468| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7469| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7470| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7471| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7472| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7473| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7474| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7475| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7476| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7477| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7478| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7479| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7480| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7481| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7482| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7483| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7484| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7485| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7486| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7487| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7488| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7489| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7490|
7491| OSVDB - http://www.osvdb.org:
7492| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7493| [96077] Apache CloudStack Global Settings Multiple Field XSS
7494| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7495| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7496| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7497| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7498| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7499| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7500| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7501| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7502| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7503| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7504| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7505| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7506| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7507| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7508| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7509| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7510| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7511| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7512| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7513| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7514| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7515| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7516| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7517| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7518| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7519| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7520| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7521| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7522| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7523| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7524| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7525| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7526| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7527| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7528| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7529| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7530| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7531| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7532| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7533| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7534| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7535| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7536| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7537| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7538| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7539| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7540| [94279] Apache Qpid CA Certificate Validation Bypass
7541| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7542| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7543| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7544| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7545| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7546| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7547| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7548| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7549| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
7550| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
7551| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
7552| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
7553| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
7554| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
7555| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
7556| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
7557| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
7558| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7559| [93541] Apache Solr json.wrf Callback XSS
7560| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
7561| [93521] Apache jUDDI Security API Token Session Persistence Weakness
7562| [93520] Apache CloudStack Default SSL Key Weakness
7563| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
7564| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
7565| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
7566| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
7567| [93515] Apache HBase table.jsp name Parameter XSS
7568| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7569| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
7570| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
7571| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
7572| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
7573| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
7574| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7575| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
7576| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
7577| [93252] Apache Tomcat FORM Authenticator Session Fixation
7578| [93172] Apache Camel camel/endpoints/ Endpoint XSS
7579| [93171] Apache Sling HtmlResponse Error Message XSS
7580| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
7581| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
7582| [93168] Apache Click ErrorReport.java id Parameter XSS
7583| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
7584| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
7585| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
7586| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
7587| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
7588| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
7589| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
7590| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
7591| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
7592| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
7593| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
7594| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
7595| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
7596| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7597| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
7598| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
7599| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
7600| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
7601| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
7602| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7603| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
7604| [93144] Apache Solr Admin Command Execution CSRF
7605| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
7606| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
7607| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
7608| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
7609| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
7610| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
7611| [92748] Apache CloudStack VM Console Access Restriction Bypass
7612| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
7613| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
7614| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
7615| [92706] Apache ActiveMQ Debug Log Rendering XSS
7616| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
7617| [92270] Apache Tomcat Unspecified CSRF
7618| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7619| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7620| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7621| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7622| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7623| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
7624| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7625| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
7626| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
7627| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
7628| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
7629| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
7630| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
7631| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
7632| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
7633| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
7634| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
7635| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
7636| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7637| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
7638| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
7639| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
7640| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7641| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7642| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
7643| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
7644| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7645| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
7646| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
7647| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7648| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7649| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
7650| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
7651| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
7652| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
7653| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
7654| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
7655| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
7656| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
7657| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
7658| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7659| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
7660| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7661| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
7662| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
7663| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
7664| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
7665| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
7666| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
7667| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
7668| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
7669| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
7670| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
7671| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
7672| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
7673| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
7674| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
7675| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
7676| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
7677| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7678| [86901] Apache Tomcat Error Message Path Disclosure
7679| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
7680| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
7681| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
7682| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
7683| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
7684| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
7685| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
7686| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
7687| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
7688| [85430] Apache mod_pagespeed Module Unspecified XSS
7689| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
7690| [85249] Apache Wicket Unspecified XSS
7691| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
7692| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7693| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7694| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
7695| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
7696| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7697| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
7698| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7699| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7700| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
7701| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
7702| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
7703| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
7704| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
7705| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
7706| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
7707| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
7708| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
7709| [83339] Apache Roller Blogger Roll Unspecified XSS
7710| [83270] Apache Roller Unspecified Admin Action CSRF
7711| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
7712| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
7713| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
7714| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
7715| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
7716| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
7717| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
7718| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
7719| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
7720| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
7721| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
7722| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
7723| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
7724| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
7725| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
7726| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
7727| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
7728| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
7729| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
7730| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
7731| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
7732| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
7733| [80300] Apache Wicket wicket:pageMapName Parameter XSS
7734| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
7735| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
7736| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
7737| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
7738| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
7739| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
7740| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
7741| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
7742| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
7743| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
7744| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
7745| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
7746| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
7747| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
7748| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
7749| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
7750| [78331] Apache Tomcat Request Object Recycling Information Disclosure
7751| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
7752| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
7753| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
7754| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
7755| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
7756| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
7757| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
7758| [77593] Apache Struts Conversion Error OGNL Expression Injection
7759| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
7760| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
7761| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
7762| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
7763| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
7764| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
7765| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
7766| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
7767| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
7768| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
7769| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
7770| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
7771| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
7772| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
7773| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
7774| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
7775| [74725] Apache Wicket Multi Window Support Unspecified XSS
7776| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
7777| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
7778| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
7779| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
7780| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
7781| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
7782| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
7783| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
7784| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
7785| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
7786| [73644] Apache XML Security Signature Key Parsing Overflow DoS
7787| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
7788| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
7789| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
7790| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
7791| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
7792| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
7793| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
7794| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
7795| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
7796| [73154] Apache Archiva Multiple Unspecified CSRF
7797| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
7798| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
7799| [72238] Apache Struts Action / Method Names <
7800| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
7801| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
7802| [71557] Apache Tomcat HTML Manager Multiple XSS
7803| [71075] Apache Archiva User Management Page XSS
7804| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
7805| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
7806| [70924] Apache Continuum Multiple Admin Function CSRF
7807| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
7808| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
7809| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7810| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7811| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7812| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
7813| [69520] Apache Archiva Administrator Credential Manipulation CSRF
7814| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
7815| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
7816| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
7817| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
7818| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
7819| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
7820| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
7821| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
7822| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
7823| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
7824| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
7825| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7826| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7827| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
7828| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
7829| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
7830| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7831| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
7832| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7833| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
7834| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
7835| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7836| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
7837| [65054] Apache ActiveMQ Jetty Error Handler XSS
7838| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
7839| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
7840| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
7841| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
7842| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
7843| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
7844| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
7845| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
7846| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
7847| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7848| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
7849| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
7850| [63895] Apache HTTP Server mod_headers Unspecified Issue
7851| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
7852| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
7853| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
7854| [63140] Apache Thrift Service Malformed Data Remote DoS
7855| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7856| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7857| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7858| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7859| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7860| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
7861| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
7862| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
7863| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7864| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
7865| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
7866| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
7867| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
7868| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
7869| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
7870| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
7871| [60678] Apache Roller Comment Email Notification Manipulation DoS
7872| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
7873| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
7874| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
7875| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
7876| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7877| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7878| [60232] PHP on Apache php.exe Direct Request Remote DoS
7879| [60176] Apache Tomcat Windows Installer Admin Default Password
7880| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7881| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7882| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7883| [59944] Apache Hadoop jobhistory.jsp XSS
7884| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7885| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7886| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7887| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7888| [59019] Apache mod_python Cookie Salting Weakness
7889| [59018] Apache Harmony Error Message Handling Overflow
7890| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7891| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7892| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7893| [59010] Apache Solr get-file.jsp XSS
7894| [59009] Apache Solr action.jsp XSS
7895| [59008] Apache Solr analysis.jsp XSS
7896| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7897| [59006] Apache Beehive select / checkbox Tag XSS
7898| [59005] Apache Beehive jpfScopeID Global Parameter XSS
7899| [59004] Apache Beehive Error Message XSS
7900| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
7901| [59002] Apache Jetspeed default-page.psml URI XSS
7902| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
7903| [59000] Apache CXF Unsigned Message Policy Bypass
7904| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
7905| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
7906| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
7907| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
7908| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
7909| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
7910| [58993] Apache Hadoop browseBlock.jsp XSS
7911| [58991] Apache Hadoop browseDirectory.jsp XSS
7912| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
7913| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
7914| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
7915| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
7916| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
7917| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
7918| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
7919| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
7920| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
7921| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
7922| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
7923| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
7924| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
7925| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
7926| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
7927| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
7928| [58974] Apache Sling /apps Script User Session Management Access Weakness
7929| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
7930| [58931] Apache Geronimo Cookie Parameters Validation Weakness
7931| [58930] Apache Xalan-C++ XPath Handling Remote DoS
7932| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
7933| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
7934| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
7935| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
7936| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
7937| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
7938| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
7939| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
7940| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
7941| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7942| [58805] Apache Derby Unauthenticated Database / Admin Access
7943| [58804] Apache Wicket Header Contribution Unspecified Issue
7944| [58803] Apache Wicket Session Fixation
7945| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7946| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
7947| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
7948| [58799] Apache Tapestry Logging Cleartext Password Disclosure
7949| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
7950| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
7951| [58796] Apache Jetspeed Unsalted Password Storage Weakness
7952| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
7953| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
7954| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
7955| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
7956| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
7957| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
7958| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
7959| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
7960| [58775] Apache JSPWiki preview.jsp action Parameter XSS
7961| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7962| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
7963| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
7964| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
7965| [58770] Apache JSPWiki Group.jsp group Parameter XSS
7966| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
7967| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
7968| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
7969| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
7970| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7971| [58763] Apache JSPWiki Include Tag Multiple Script XSS
7972| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
7973| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
7974| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
7975| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
7976| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
7977| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
7978| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
7979| [58755] Apache Harmony DRLVM Non-public Class Member Access
7980| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
7981| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
7982| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
7983| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
7984| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
7985| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
7986| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
7987| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
7988| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
7989| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
7990| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
7991| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7992| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
7993| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
7994| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
7995| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
7996| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
7997| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
7998| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
7999| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8000| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8001| [58724] Apache Roller Logout Functionality Failure Session Persistence
8002| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8003| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8004| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8005| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8006| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8007| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8008| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8009| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8010| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8011| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8012| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8013| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8014| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8015| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8016| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8017| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8018| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8019| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8020| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8021| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8022| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8023| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8024| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8025| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8026| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8027| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8028| [58687] Apache Axis Invalid wsdl Request XSS
8029| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8030| [58685] Apache Velocity Template Designer Privileged Code Execution
8031| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8032| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8033| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8034| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8035| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8036| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8037| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8038| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8039| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8040| [58667] Apache Roller Database Cleartext Passwords Disclosure
8041| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8042| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8043| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8044| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8045| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8046| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8047| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8048| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8049| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8050| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8051| [56984] Apache Xerces2 Java Malformed XML Input DoS
8052| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8053| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8054| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8055| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8056| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8057| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8058| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8059| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8060| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8061| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8062| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8063| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8064| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8065| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8066| [55056] Apache Tomcat Cross-application TLD File Manipulation
8067| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8068| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8069| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8070| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8071| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8072| [54589] Apache Jserv Nonexistent JSP Request XSS
8073| [54122] Apache Struts s:a / s:url Tag href Element XSS
8074| [54093] Apache ActiveMQ Web Console JMS Message XSS
8075| [53932] Apache Geronimo Multiple Admin Function CSRF
8076| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8077| [53930] Apache Geronimo /console/portal/ URI XSS
8078| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8079| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8080| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8081| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8082| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8083| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8084| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8085| [53380] Apache Struts Unspecified XSS
8086| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8087| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8088| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8089| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8090| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8091| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8092| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8093| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8094| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8095| [51151] Apache Roller Search Function q Parameter XSS
8096| [50482] PHP with Apache php_value Order Unspecified Issue
8097| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8098| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8099| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8100| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8101| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8102| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8103| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8104| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8105| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8106| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8107| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8108| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8109| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8110| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8111| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8112| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8113| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8114| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8115| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8116| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8117| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8118| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8119| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8120| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8121| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8122| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8123| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8124| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8125| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8126| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8127| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8128| [43452] Apache Tomcat HTTP Request Smuggling
8129| [43309] Apache Geronimo LoginModule Login Method Bypass
8130| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8131| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8132| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8133| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8134| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8135| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8136| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8137| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8138| [42091] Apache Maven Site Plugin Installation Permission Weakness
8139| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8140| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8141| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8142| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8143| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8144| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8145| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8146| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8147| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8148| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8149| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8150| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8151| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8152| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8153| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8154| [40262] Apache HTTP Server mod_status refresh XSS
8155| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8156| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8157| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8158| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8159| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8160| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8161| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8162| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8163| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8164| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8165| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8166| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8167| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8168| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8169| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8170| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8171| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8172| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8173| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8174| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8175| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8176| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8177| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8178| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8179| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8180| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8181| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8182| [36079] Apache Tomcat Manager Uploaded Filename XSS
8183| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8184| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8185| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8186| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8187| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8188| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8189| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8190| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8191| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8192| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8193| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8194| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8195| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8196| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8197| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8198| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8199| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8200| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8201| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8202| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8203| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8204| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8205| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8206| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8207| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8208| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8209| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8210| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8211| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8212| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8213| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8214| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8215| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8216| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8217| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8218| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8219| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8220| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8221| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8222| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8223| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8224| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8225| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8226| [24365] Apache Struts Multiple Function Error Message XSS
8227| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8228| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8229| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8230| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8231| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8232| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8233| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8234| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8235| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8236| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8237| [22459] Apache Geronimo Error Page XSS
8238| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8239| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8240| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8241| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8242| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8243| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8244| [21021] Apache Struts Error Message XSS
8245| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8246| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8247| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8248| [20439] Apache Tomcat Directory Listing Saturation DoS
8249| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8250| [20285] Apache HTTP Server Log File Control Character Injection
8251| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8252| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8253| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8254| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8255| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8256| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8257| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8258| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8259| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8260| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8261| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8262| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8263| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8264| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8265| [18233] Apache HTTP Server htdigest user Variable Overfow
8266| [17738] Apache HTTP Server HTTP Request Smuggling
8267| [16586] Apache HTTP Server Win32 GET Overflow DoS
8268| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8269| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8270| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8271| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8272| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8273| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8274| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8275| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8276| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8277| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8278| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8279| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8280| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8281| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8282| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8283| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8284| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8285| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8286| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8287| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8288| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8289| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8290| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8291| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8292| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8293| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8294| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8295| [13304] Apache Tomcat realPath.jsp Path Disclosure
8296| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8297| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8298| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8299| [12848] Apache HTTP Server htdigest realm Variable Overflow
8300| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8301| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8302| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8303| [12557] Apache HTTP Server prefork MPM accept Error DoS
8304| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8305| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8306| [12231] Apache Tomcat web.xml Arbitrary File Access
8307| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8308| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8309| [12178] Apache Jakarta Lucene results.jsp XSS
8310| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8311| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8312| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8313| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8314| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8315| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8316| [10471] Apache Xerces-C++ XML Parser DoS
8317| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8318| [10068] Apache HTTP Server htpasswd Local Overflow
8319| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8320| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8321| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8322| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8323| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8324| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8325| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8326| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8327| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8328| [9714] Apache Authentication Module Threaded MPM DoS
8329| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8330| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8331| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8332| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8333| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8334| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8335| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8336| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8337| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8338| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8339| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8340| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8341| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8342| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8343| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8344| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8345| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8346| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8347| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8348| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8349| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8350| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8351| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8352| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8353| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8354| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8355| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8356| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8357| [9208] Apache Tomcat .jsp Encoded Newline XSS
8358| [9204] Apache Tomcat ROOT Application XSS
8359| [9203] Apache Tomcat examples Application XSS
8360| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8361| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8362| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8363| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8364| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8365| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8366| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8367| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8368| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8369| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8370| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8371| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8372| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8373| [7611] Apache HTTP Server mod_alias Local Overflow
8374| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8375| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8376| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8377| [6882] Apache mod_python Malformed Query String Variant DoS
8378| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8379| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8380| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8381| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8382| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8383| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8384| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8385| [5278] Apache Tomcat web.xml Restriction Bypass
8386| [5051] Apache Tomcat Null Character DoS
8387| [4973] Apache Tomcat servlet Mapping XSS
8388| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8389| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8390| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8391| [4568] mod_survey For Apache ENV Tags SQL Injection
8392| [4553] Apache HTTP Server ApacheBench Overflow DoS
8393| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8394| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8395| [4383] Apache HTTP Server Socket Race Condition DoS
8396| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8397| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8398| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8399| [4231] Apache Cocoon Error Page Server Path Disclosure
8400| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8401| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8402| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8403| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8404| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8405| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8406| [3322] mod_php for Apache HTTP Server Process Hijack
8407| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8408| [2885] Apache mod_python Malformed Query String DoS
8409| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8410| [2733] Apache HTTP Server mod_rewrite Local Overflow
8411| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8412| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8413| [2149] Apache::Gallery Privilege Escalation
8414| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8415| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8416| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8417| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8418| [872] Apache Tomcat Multiple Default Accounts
8419| [862] Apache HTTP Server SSI Error Page XSS
8420| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8421| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8422| [845] Apache Tomcat MSDOS Device XSS
8423| [844] Apache Tomcat Java Servlet Error Page XSS
8424| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8425| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8426| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8427| [775] Apache mod_python Module Importing Privilege Function Execution
8428| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8429| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8430| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8431| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8432| [637] Apache HTTP Server UserDir Directive Username Enumeration
8433| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8434| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8435| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8436| [561] Apache Web Servers mod_status /server-status Information Disclosure
8437| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8438| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8439| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8440| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8441| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8442| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8443| [376] Apache Tomcat contextAdmin Arbitrary File Access
8444| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8445| [222] Apache HTTP Server test-cgi Arbitrary File Access
8446| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8447| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8448|_
8449110/tcp open pop3 Dovecot pop3d
8450| vulscan: VulDB - https://vuldb.com:
8451| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8452| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
8453| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
8454| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
8455| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
8456| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
8457| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
8458| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
8459| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
8460| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
8461| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
8462| [69835] Dovecot 2.2.0/2.2.1 denial of service
8463| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
8464| [65684] Dovecot up to 2.2.6 unknown vulnerability
8465| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
8466| [63692] Dovecot up to 2.0.15 spoofing
8467| [7062] Dovecot 2.1.10 mail-search.c denial of service
8468| [57517] Dovecot up to 2.0.12 Login directory traversal
8469| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
8470| [57515] Dovecot up to 2.0.12 Crash denial of service
8471| [54944] Dovecot up to 1.2.14 denial of service
8472| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
8473| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
8474| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
8475| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
8476| [53277] Dovecot up to 1.2.10 denial of service
8477| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
8478| [45256] Dovecot up to 1.1.5 directory traversal
8479| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
8480| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8481| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8482| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
8483| [40356] Dovecot 1.0.9 Cache unknown vulnerability
8484| [38222] Dovecot 1.0.2 directory traversal
8485| [36376] Dovecot up to 1.0.x directory traversal
8486| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
8487|
8488| MITRE CVE - https://cve.mitre.org:
8489| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
8490| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
8491| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
8492| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
8493| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
8494| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
8495| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
8496| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8497| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8498| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
8499| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
8500| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
8501| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
8502| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
8503| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
8504| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
8505| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
8506| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
8507| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
8508| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
8509| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
8510| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
8511| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
8512| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
8513| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
8514| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
8515| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
8516| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
8517| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
8518| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
8519| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
8520| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
8521| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
8522| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
8523| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
8524| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
8525| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
8526|
8527| SecurityFocus - https://www.securityfocus.com/bid/:
8528| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
8529| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
8530| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
8531| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
8532| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
8533| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
8534| [67306] Dovecot Denial of Service Vulnerability
8535| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
8536| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
8537| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
8538| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8539| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
8540| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
8541| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
8542| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
8543| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
8544| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
8545| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
8546| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
8547| [39838] tpop3d Remote Denial of Service Vulnerability
8548| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
8549| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
8550| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
8551| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
8552| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
8553| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
8554| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
8555| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
8556| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
8557| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
8558| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
8559| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
8560| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
8561| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
8562| [17961] Dovecot Remote Information Disclosure Vulnerability
8563| [16672] Dovecot Double Free Denial of Service Vulnerability
8564| [8495] akpop3d User Name SQL Injection Vulnerability
8565| [8473] Vpop3d Remote Denial Of Service Vulnerability
8566| [3990] ZPop3D Bad Login Logging Failure Vulnerability
8567| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
8568|
8569| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8570| [86382] Dovecot POP3 Service denial of service
8571| [84396] Dovecot IMAP APPEND denial of service
8572| [80453] Dovecot mail-search.c denial of service
8573| [71354] Dovecot SSL Common Name (CN) weak security
8574| [67675] Dovecot script-login security bypass
8575| [67674] Dovecot script-login directory traversal
8576| [67589] Dovecot header name denial of service
8577| [63267] Apple Mac OS X Dovecot information disclosure
8578| [62340] Dovecot mailbox security bypass
8579| [62339] Dovecot IMAP or POP3 denial of service
8580| [62256] Dovecot mailbox security bypass
8581| [62255] Dovecot ACL entry security bypass
8582| [60639] Dovecot ACL plugin weak security
8583| [57267] Apple Mac OS X Dovecot Kerberos security bypass
8584| [56763] Dovecot header denial of service
8585| [54363] Dovecot base_dir privilege escalation
8586| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
8587| [46323] Dovecot dovecot.conf information disclosure
8588| [46227] Dovecot message parsing denial of service
8589| [45669] Dovecot ACL mailbox security bypass
8590| [45667] Dovecot ACL plugin rights security bypass
8591| [41085] Dovecot TAB characters authentication bypass
8592| [41009] Dovecot mail_extra_groups option unauthorized access
8593| [39342] Dovecot LDAP auth cache configuration security bypass
8594| [35767] Dovecot ACL plugin security bypass
8595| [34082] Dovecot mbox-storage.c directory traversal
8596| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
8597| [26578] Cyrus IMAP pop3d buffer overflow
8598| [26536] Dovecot IMAP LIST information disclosure
8599| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
8600| [24709] Dovecot APPEND command denial of service
8601| [13018] akpop3d authentication code SQL injection
8602| [7345] Slackware Linux imapd and ipop3d core dump
8603| [6269] imap, ipop2d and ipop3d buffer overflows
8604| [5923] Linuxconf vpop3d symbolic link
8605| [4918] IPOP3D, Buffer overflow attack
8606| [1560] IPOP3D, user login successful
8607| [1559] IPOP3D user login to remote host successful
8608| [1525] IPOP3D, user logout
8609| [1524] IPOP3D, user auto-logout
8610| [1523] IPOP3D, user login failure
8611| [1522] IPOP3D, brute force attack
8612| [1521] IPOP3D, user kiss of death logout
8613| [418] pop3d mktemp creates insecure temporary files
8614|
8615| Exploit-DB - https://www.exploit-db.com:
8616| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
8617| [23053] Vpop3d Remote Denial of Service Vulnerability
8618| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
8619| [11893] tPop3d 1.5.3 DoS
8620| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
8621| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
8622| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
8623| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
8624|
8625| OpenVAS (Nessus) - http://www.openvas.org:
8626| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
8627| [901025] Dovecot Version Detection
8628| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
8629| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
8630| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
8631| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
8632| [870607] RedHat Update for dovecot RHSA-2011:0600-01
8633| [870471] RedHat Update for dovecot RHSA-2011:1187-01
8634| [870153] RedHat Update for dovecot RHSA-2008:0297-02
8635| [863272] Fedora Update for dovecot FEDORA-2011-7612
8636| [863115] Fedora Update for dovecot FEDORA-2011-7258
8637| [861525] Fedora Update for dovecot FEDORA-2007-664
8638| [861394] Fedora Update for dovecot FEDORA-2007-493
8639| [861333] Fedora Update for dovecot FEDORA-2007-1485
8640| [860845] Fedora Update for dovecot FEDORA-2008-9202
8641| [860663] Fedora Update for dovecot FEDORA-2008-2475
8642| [860169] Fedora Update for dovecot FEDORA-2008-2464
8643| [860089] Fedora Update for dovecot FEDORA-2008-9232
8644| [840950] Ubuntu Update for dovecot USN-1295-1
8645| [840668] Ubuntu Update for dovecot USN-1143-1
8646| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
8647| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
8648| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
8649| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
8650| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
8651| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
8652| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
8653| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
8654| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
8655| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
8656| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
8657| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
8658| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
8659| [70259] FreeBSD Ports: dovecot
8660| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
8661| [66522] FreeBSD Ports: dovecot
8662| [65010] Ubuntu USN-838-1 (dovecot)
8663| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
8664| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
8665| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
8666| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
8667| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
8668| [62854] FreeBSD Ports: dovecot-managesieve
8669| [61916] FreeBSD Ports: dovecot
8670| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
8671| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
8672| [60528] FreeBSD Ports: dovecot
8673| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
8674| [60089] FreeBSD Ports: dovecot
8675| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
8676| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
8677|
8678| SecurityTracker - https://www.securitytracker.com:
8679| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
8680| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
8681| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
8682|
8683| OSVDB - http://www.osvdb.org:
8684| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
8685| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
8686| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8687| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
8688| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
8689| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
8690| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
8691| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
8692| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
8693| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
8694| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
8695| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
8696| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
8697| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
8698| [66113] Dovecot Mail Root Directory Creation Permission Weakness
8699| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
8700| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
8701| [66110] Dovecot Multiple Unspecified Buffer Overflows
8702| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
8703| [64783] Dovecot E-mail Message Header Unspecified DoS
8704| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
8705| [62796] Dovecot mbox Format Email Header Handling DoS
8706| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
8707| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
8708| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
8709| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
8710| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
8711| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
8712| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
8713| [43137] Dovecot mail_extra_groups Symlink File Manipulation
8714| [42979] Dovecot passdbs Argument Injection Authentication Bypass
8715| [39876] Dovecot LDAP Auth Cache Security Bypass
8716| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
8717| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
8718| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
8719| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
8720| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
8721| [23281] Dovecot imap/pop3-login dovecot-auth DoS
8722| [23280] Dovecot Malformed APPEND Command DoS
8723| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
8724| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
8725| [5857] Linux pop3d Arbitrary Mail File Access
8726| [2471] akpop3d username SQL Injection
8727|_
8728143/tcp open imap Dovecot imapd
8729| vulscan: VulDB - https://vuldb.com:
8730| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8731| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
8732| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
8733| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
8734| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
8735| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
8736| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
8737| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
8738| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
8739| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
8740| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
8741| [69835] Dovecot 2.2.0/2.2.1 denial of service
8742| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
8743| [65684] Dovecot up to 2.2.6 unknown vulnerability
8744| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
8745| [63692] Dovecot up to 2.0.15 spoofing
8746| [7062] Dovecot 2.1.10 mail-search.c denial of service
8747| [59792] Cyrus IMAPd 2.4.11 weak authentication
8748| [57517] Dovecot up to 2.0.12 Login directory traversal
8749| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
8750| [57515] Dovecot up to 2.0.12 Crash denial of service
8751| [54944] Dovecot up to 1.2.14 denial of service
8752| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
8753| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
8754| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
8755| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
8756| [53277] Dovecot up to 1.2.10 denial of service
8757| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
8758| [45256] Dovecot up to 1.1.5 directory traversal
8759| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
8760| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8761| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8762| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
8763| [40356] Dovecot 1.0.9 Cache unknown vulnerability
8764| [38222] Dovecot 1.0.2 directory traversal
8765| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
8766| [36376] Dovecot up to 1.0.x directory traversal
8767| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
8768| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
8769|
8770| MITRE CVE - https://cve.mitre.org:
8771| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
8772| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
8773| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
8774| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
8775| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
8776| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
8777| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
8778| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
8779| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
8780| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
8781| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8782| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8783| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
8784| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
8785| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
8786| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
8787| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
8788| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
8789| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
8790| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
8791| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
8792| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
8793| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
8794| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
8795| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
8796| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
8797| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
8798| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
8799| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
8800| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
8801| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
8802| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
8803| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
8804| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
8805| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
8806| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
8807| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
8808| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
8809| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
8810| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
8811| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
8812| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
8813| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
8814| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
8815| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
8816| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
8817| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
8818| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
8819| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
8820| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
8821| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
8822| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
8823| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
8824| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
8825| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
8826| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
8827| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
8828| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
8829| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
8830|
8831| SecurityFocus - https://www.securityfocus.com/bid/:
8832| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
8833| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
8834| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
8835| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
8836| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
8837| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
8838| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
8839| [67306] Dovecot Denial of Service Vulnerability
8840| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
8841| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
8842| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
8843| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8844| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
8845| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
8846| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
8847| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
8848| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
8849| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
8850| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
8851| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
8852| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
8853| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
8854| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
8855| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
8856| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
8857| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
8858| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
8859| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
8860| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
8861| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
8862| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
8863| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
8864| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
8865| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
8866| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
8867| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
8868| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
8869| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
8870| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
8871| [17961] Dovecot Remote Information Disclosure Vulnerability
8872| [16672] Dovecot Double Free Denial of Service Vulnerability
8873| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
8874| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
8875| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
8876| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
8877| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
8878| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
8879| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
8880| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
8881| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
8882| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
8883| [130] imapd Buffer Overflow Vulnerability
8884|
8885| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8886| [86382] Dovecot POP3 Service denial of service
8887| [84396] Dovecot IMAP APPEND denial of service
8888| [80453] Dovecot mail-search.c denial of service
8889| [71354] Dovecot SSL Common Name (CN) weak security
8890| [70325] Cyrus IMAPd NNTP security bypass
8891| [67675] Dovecot script-login security bypass
8892| [67674] Dovecot script-login directory traversal
8893| [67589] Dovecot header name denial of service
8894| [63267] Apple Mac OS X Dovecot information disclosure
8895| [62340] Dovecot mailbox security bypass
8896| [62339] Dovecot IMAP or POP3 denial of service
8897| [62256] Dovecot mailbox security bypass
8898| [62255] Dovecot ACL entry security bypass
8899| [60639] Dovecot ACL plugin weak security
8900| [57267] Apple Mac OS X Dovecot Kerberos security bypass
8901| [56763] Dovecot header denial of service
8902| [54363] Dovecot base_dir privilege escalation
8903| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
8904| [47526] UW-imapd rfc822_output_char() denial of service
8905| [46323] Dovecot dovecot.conf information disclosure
8906| [46227] Dovecot message parsing denial of service
8907| [45669] Dovecot ACL mailbox security bypass
8908| [45667] Dovecot ACL plugin rights security bypass
8909| [41085] Dovecot TAB characters authentication bypass
8910| [41009] Dovecot mail_extra_groups option unauthorized access
8911| [39342] Dovecot LDAP auth cache configuration security bypass
8912| [35767] Dovecot ACL plugin security bypass
8913| [34082] Dovecot mbox-storage.c directory traversal
8914| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
8915| [26536] Dovecot IMAP LIST information disclosure
8916| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
8917| [24709] Dovecot APPEND command denial of service
8918| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
8919| [19460] Cyrus IMAP imapd buffer overflow
8920| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
8921| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
8922| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
8923| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
8924| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
8925| [7345] Slackware Linux imapd and ipop3d core dump
8926| [573] Imapd denial of service
8927|
8928| Exploit-DB - https://www.exploit-db.com:
8929| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
8930| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
8931| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
8932| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
8933| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
8934| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
8935| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
8936| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
8937| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
8938| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
8939| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
8940| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
8941| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
8942| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
8943| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
8944| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
8945| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
8946| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
8947| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
8948| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
8949| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
8950| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
8951| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
8952| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
8953| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
8954| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
8955| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
8956| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
8957| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
8958| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
8959| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
8960| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
8961| [340] Linux imapd Remote Overflow File Retrieve Exploit
8962|
8963| OpenVAS (Nessus) - http://www.openvas.org:
8964| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
8965| [901025] Dovecot Version Detection
8966| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
8967| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
8968| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
8969| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
8970| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
8971| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
8972| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
8973| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
8974| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
8975| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
8976| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
8977| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
8978| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
8979| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
8980| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
8981| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
8982| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
8983| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
8984| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
8985| [870607] RedHat Update for dovecot RHSA-2011:0600-01
8986| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
8987| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
8988| [870471] RedHat Update for dovecot RHSA-2011:1187-01
8989| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
8990| [870153] RedHat Update for dovecot RHSA-2008:0297-02
8991| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
8992| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
8993| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
8994| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
8995| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
8996| [863272] Fedora Update for dovecot FEDORA-2011-7612
8997| [863115] Fedora Update for dovecot FEDORA-2011-7258
8998| [861525] Fedora Update for dovecot FEDORA-2007-664
8999| [861394] Fedora Update for dovecot FEDORA-2007-493
9000| [861333] Fedora Update for dovecot FEDORA-2007-1485
9001| [860845] Fedora Update for dovecot FEDORA-2008-9202
9002| [860663] Fedora Update for dovecot FEDORA-2008-2475
9003| [860169] Fedora Update for dovecot FEDORA-2008-2464
9004| [860089] Fedora Update for dovecot FEDORA-2008-9232
9005| [840950] Ubuntu Update for dovecot USN-1295-1
9006| [840668] Ubuntu Update for dovecot USN-1143-1
9007| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9008| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9009| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9010| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9011| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9012| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
9013| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
9014| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
9015| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9016| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9017| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
9018| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9019| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9020| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9021| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9022| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
9023| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9024| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9025| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
9026| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
9027| [70259] FreeBSD Ports: dovecot
9028| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
9029| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9030| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
9031| [66522] FreeBSD Ports: dovecot
9032| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
9033| [66233] SLES10: Security update for Cyrus IMAPD
9034| [66226] SLES11: Security update for Cyrus IMAPD
9035| [66222] SLES9: Security update for Cyrus IMAPD
9036| [65938] SLES10: Security update for Cyrus IMAPD
9037| [65723] SLES11: Security update for Cyrus IMAPD
9038| [65523] SLES9: Security update for Cyrus IMAPD
9039| [65479] SLES9: Security update for cyrus-imapd
9040| [65094] SLES9: Security update for cyrus-imapd
9041| [65010] Ubuntu USN-838-1 (dovecot)
9042| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
9043| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9044| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
9045| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
9046| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
9047| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9048| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9049| [64898] FreeBSD Ports: cyrus-imapd
9050| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
9051| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9052| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
9053| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
9054| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
9055| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
9056| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9057| [62854] FreeBSD Ports: dovecot-managesieve
9058| [61916] FreeBSD Ports: dovecot
9059| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9060| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9061| [60528] FreeBSD Ports: dovecot
9062| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9063| [60089] FreeBSD Ports: dovecot
9064| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9065| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9066| [55807] Slackware Advisory SSA:2005-310-06 imapd
9067| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
9068| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
9069| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
9070| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
9071| [52297] FreeBSD Ports: cyrus-imapd
9072| [52296] FreeBSD Ports: cyrus-imapd
9073| [52295] FreeBSD Ports: cyrus-imapd
9074| [52294] FreeBSD Ports: cyrus-imapd
9075| [52172] FreeBSD Ports: cyrus-imapd
9076|
9077| SecurityTracker - https://www.securitytracker.com:
9078| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9079| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9080| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9081| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
9082|
9083| OSVDB - http://www.osvdb.org:
9084| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9085| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9086| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9087| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9088| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
9089| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9090| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
9091| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9092| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9093| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9094| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9095| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9096| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9097| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9098| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9099| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9100| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9101| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9102| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9103| [66110] Dovecot Multiple Unspecified Buffer Overflows
9104| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9105| [64783] Dovecot E-mail Message Header Unspecified DoS
9106| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9107| [62796] Dovecot mbox Format Email Header Handling DoS
9108| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9109| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9110| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
9111| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
9112| [52906] UW-imapd c-client Initial Request Remote Format String
9113| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
9114| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
9115| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9116| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9117| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
9118| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
9119| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9120| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9121| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9122| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9123| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9124| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
9125| [39876] Dovecot LDAP Auth Cache Security Bypass
9126| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
9127| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9128| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9129| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
9130| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
9131| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
9132| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9133| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9134| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9135| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9136| [23280] Dovecot Malformed APPEND Command DoS
9137| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
9138| [13242] UW-imapd CRAM-MD5 Authentication Bypass
9139| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
9140| [12042] UoW imapd Multiple Unspecified Overflows
9141| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
9142| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9143| [911] UoW imapd AUTHENTICATE Command Remote Overflow
9144| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
9145| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
9146|_
9147443/tcp open ssl/http Apache httpd
9148|_http-server-header: Apache
9149| vulscan: VulDB - https://vuldb.com:
9150| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
9151| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
9152| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
9153| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
9154| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
9155| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
9156| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
9157| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
9158| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
9159| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
9160| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
9161| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
9162| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
9163| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
9164| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
9165| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
9166| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
9167| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
9168| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
9169| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
9170| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
9171| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
9172| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
9173| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
9174| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9175| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
9176| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
9177| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
9178| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
9179| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
9180| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
9181| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
9182| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9183| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9184| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
9185| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9186| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
9187| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
9188| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
9189| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
9190| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9191| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9192| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
9193| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
9194| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
9195| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9196| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9197| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
9198| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
9199| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9200| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9201| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
9202| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
9203| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
9204| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
9205| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
9206| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
9207| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
9208| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
9209| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
9210| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
9211| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9212| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9213| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
9214| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
9215| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9216| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
9217| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
9218| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
9219| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
9220| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
9221| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
9222| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
9223| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
9224| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
9225| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
9226| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
9227| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
9228| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
9229| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
9230| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
9231| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
9232| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
9233| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
9234| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
9235| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
9236| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
9237| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
9238| [136370] Apache Fineract up to 1.2.x sql injection
9239| [136369] Apache Fineract up to 1.2.x sql injection
9240| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
9241| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
9242| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
9243| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
9244| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
9245| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9246| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9247| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9248| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9249| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9250| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9251| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9252| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9253| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9254| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9255| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9256| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9257| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9258| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9259| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9260| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9261| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9262| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9263| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9264| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9265| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9266| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9267| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9268| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9269| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9270| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9271| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9272| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9273| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9274| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9275| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9276| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9277| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9278| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9279| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9280| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9281| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9282| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9283| [130629] Apache Guacamole Cookie Flag weak encryption
9284| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9285| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9286| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9287| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9288| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9289| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9290| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9291| [130123] Apache Airflow up to 1.8.2 information disclosure
9292| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9293| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9294| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9295| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9296| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9297| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9298| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9299| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9300| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9301| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9302| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9303| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9304| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9305| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9306| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9307| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9308| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9309| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9310| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9311| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9312| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9313| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9314| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9315| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9316| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9317| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9318| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9319| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9320| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9321| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9322| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9323| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9324| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9325| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9326| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9327| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9328| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9329| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9330| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9331| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9332| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9333| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9334| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9335| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9336| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9337| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9338| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9339| [127007] Apache Spark Request Code Execution
9340| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9341| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9342| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9343| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9344| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9345| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9346| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9347| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9348| [126346] Apache Tomcat Path privilege escalation
9349| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9350| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9351| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9352| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9353| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9354| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9355| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9356| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9357| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9358| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9359| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9360| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9361| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9362| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9363| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9364| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9365| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9366| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9367| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9368| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9369| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9370| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9371| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9372| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9373| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9374| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9375| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9376| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9377| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9378| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9379| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9380| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9381| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9382| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9383| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9384| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9385| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9386| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9387| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9388| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9389| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9390| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9391| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9392| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9393| [123197] Apache Sentry up to 2.0.0 privilege escalation
9394| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9395| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9396| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9397| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9398| [122800] Apache Spark 1.3.0 REST API weak authentication
9399| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9400| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9401| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9402| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9403| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9404| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9405| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9406| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9407| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9408| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9409| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9410| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9411| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9412| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9413| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9414| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9415| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9416| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9417| [121354] Apache CouchDB HTTP API Code Execution
9418| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9419| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9420| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9421| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9422| [120168] Apache CXF weak authentication
9423| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9424| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9425| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9426| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9427| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9428| [119306] Apache MXNet Network Interface privilege escalation
9429| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9430| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9431| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9432| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9433| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9434| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9435| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9436| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9437| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9438| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9439| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9440| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9441| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9442| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9443| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9444| [117115] Apache Tika up to 1.17 tika-server command injection
9445| [116929] Apache Fineract getReportType Parameter privilege escalation
9446| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9447| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9448| [116926] Apache Fineract REST Parameter privilege escalation
9449| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9450| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9451| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9452| [115883] Apache Hive up to 2.3.2 privilege escalation
9453| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9454| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9455| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9456| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9457| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9458| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9459| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9460| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9461| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9462| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9463| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9464| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9465| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9466| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9467| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9468| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9469| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9470| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9471| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9472| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9473| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9474| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9475| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9476| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9477| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9478| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9479| [113895] Apache Geode up to 1.3.x Code Execution
9480| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9481| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9482| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9483| [113747] Apache Tomcat Servlets privilege escalation
9484| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9485| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9486| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9487| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9488| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9489| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9490| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9491| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9492| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9493| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9494| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9495| [112885] Apache Allura up to 1.8.0 File information disclosure
9496| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9497| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9498| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9499| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9500| [112625] Apache POI up to 3.16 Loop denial of service
9501| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9502| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9503| [112339] Apache NiFi 1.5.0 Header privilege escalation
9504| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9505| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9506| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9507| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9508| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9509| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9510| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9511| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9512| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9513| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9514| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9515| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9516| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9517| [112114] Oracle 9.1 Apache Log4j privilege escalation
9518| [112113] Oracle 9.1 Apache Log4j privilege escalation
9519| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9520| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9521| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9522| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9523| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9524| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9525| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9526| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9527| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9528| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9529| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9530| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9531| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9532| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9533| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9534| [110701] Apache Fineract Query Parameter sql injection
9535| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9536| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9537| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9538| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9539| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
9540| [110106] Apache CXF Fediz Spring cross site request forgery
9541| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
9542| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
9543| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
9544| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
9545| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
9546| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
9547| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
9548| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
9549| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
9550| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
9551| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
9552| [108938] Apple macOS up to 10.13.1 apache denial of service
9553| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
9554| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
9555| [108935] Apple macOS up to 10.13.1 apache denial of service
9556| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
9557| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
9558| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
9559| [108931] Apple macOS up to 10.13.1 apache denial of service
9560| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
9561| [108929] Apple macOS up to 10.13.1 apache denial of service
9562| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
9563| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
9564| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
9565| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
9566| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
9567| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
9568| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
9569| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
9570| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
9571| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
9572| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
9573| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
9574| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
9575| [108782] Apache Xerces2 XML Service denial of service
9576| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
9577| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
9578| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
9579| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
9580| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
9581| [108629] Apache OFBiz up to 10.04.01 privilege escalation
9582| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
9583| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
9584| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
9585| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
9586| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
9587| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
9588| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
9589| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
9590| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
9591| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
9592| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
9593| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
9594| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
9595| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
9596| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9597| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
9598| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
9599| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9600| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
9601| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
9602| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
9603| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
9604| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
9605| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
9606| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
9607| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
9608| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
9609| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
9610| [107639] Apache NiFi 1.4.0 XML External Entity
9611| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9612| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9613| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9614| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9615| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9616| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9617| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9618| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9619| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9620| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9621| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9622| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9623| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9624| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9625| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9626| [107084] Apache Struts up to 2.3.19 cross site scripting
9627| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9628| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9629| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9630| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9631| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9632| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9633| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9634| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9635| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9636| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9637| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9638| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9639| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9640| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9641| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9642| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9643| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9644| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9645| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9646| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9647| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9648| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9649| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9650| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9651| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9652| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9653| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9654| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9655| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9656| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9657| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9658| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9659| [105643] Apache Pony Mail up to 0.8b weak authentication
9660| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9661| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9662| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9663| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9664| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9665| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9666| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9667| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9668| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9669| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9670| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9671| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9672| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9673| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9674| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9675| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9676| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9677| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9678| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9679| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9680| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9681| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9682| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9683| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9684| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9685| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9686| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9687| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9688| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9689| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9690| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9691| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9692| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9693| [103690] Apache OpenMeetings 1.0.0 sql injection
9694| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9695| [103688] Apache OpenMeetings 1.0.0 weak encryption
9696| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9697| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9698| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9699| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9700| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9701| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9702| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9703| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9704| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9705| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9706| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9707| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9708| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9709| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9710| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9711| [103352] Apache Solr Node weak authentication
9712| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9713| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9714| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9715| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
9716| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9717| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9718| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9719| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9720| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9721| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9722| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9723| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9724| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9725| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9726| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9727| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9728| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9729| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9730| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9731| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
9732| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9733| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9734| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9735| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9736| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9737| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9738| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9739| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9740| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9741| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9742| [99937] Apache Batik up to 1.8 privilege escalation
9743| [99936] Apache FOP up to 2.1 privilege escalation
9744| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9745| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9746| [99930] Apache Traffic Server up to 6.2.0 denial of service
9747| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9748| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9749| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9750| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9751| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9752| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9753| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9754| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9755| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9756| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9757| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9758| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9759| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9760| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9761| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9762| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9763| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9764| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9765| [98605] Apple macOS up to 10.12.3 Apache denial of service
9766| [98604] Apple macOS up to 10.12.3 Apache denial of service
9767| [98603] Apple macOS up to 10.12.3 Apache denial of service
9768| [98602] Apple macOS up to 10.12.3 Apache denial of service
9769| [98601] Apple macOS up to 10.12.3 Apache denial of service
9770| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9771| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9772| [98199] Apache Camel Validation XML External Entity
9773| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9774| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9775| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9776| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9777| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9778| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9779| [97081] Apache Tomcat HTTPS Request denial of service
9780| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9781| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9782| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9783| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9784| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9785| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9786| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9787| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9788| [95311] Apache Storm UI Daemon privilege escalation
9789| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9790| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9791| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9792| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9793| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9794| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9795| [94540] Apache Tika 1.9 tika-server File information disclosure
9796| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9797| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9798| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9799| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9800| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9801| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9802| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9803| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9804| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9805| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9806| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9807| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9808| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9809| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9810| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9811| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9812| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9813| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9814| [93532] Apache Commons Collections Library Java privilege escalation
9815| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9816| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9817| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9818| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9819| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9820| [93098] Apache Commons FileUpload privilege escalation
9821| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9822| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9823| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9824| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9825| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9826| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9827| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9828| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9829| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9830| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9831| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9832| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9833| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9834| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9835| [92549] Apache Tomcat on Red Hat privilege escalation
9836| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9837| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9838| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9839| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9840| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9841| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9842| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9843| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9844| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9845| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9846| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9847| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9848| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9849| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9850| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9851| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9852| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9853| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9854| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9855| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9856| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9857| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9858| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9859| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9860| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9861| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9862| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9863| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9864| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9865| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9866| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9867| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9868| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9869| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9870| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9871| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9872| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9873| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9874| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9875| [90263] Apache Archiva Header denial of service
9876| [90262] Apache Archiva Deserialize privilege escalation
9877| [90261] Apache Archiva XML DTD Connection privilege escalation
9878| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9879| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9880| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9881| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9882| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9883| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9884| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9885| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9886| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9887| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9888| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9889| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9890| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9891| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9892| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9893| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9894| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9895| [87765] Apache James Server 2.3.2 Command privilege escalation
9896| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9897| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9898| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9899| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9900| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9901| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9902| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9903| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9904| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9905| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9906| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9907| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9908| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9909| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9910| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9911| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9912| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9913| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
9914| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9915| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9916| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9917| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9918| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9919| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9920| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9921| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9922| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9923| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9924| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9925| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9926| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9927| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9928| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9929| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9930| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9931| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9932| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9933| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9934| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9935| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9936| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9937| [82076] Apache Ranger up to 0.5.1 privilege escalation
9938| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9939| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9940| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9941| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9942| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9943| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9944| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9945| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9946| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9947| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9948| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9949| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9950| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9951| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9952| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9953| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9954| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9955| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9956| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9957| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9958| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9959| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9960| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9961| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9962| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9963| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9964| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9965| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9966| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9967| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9968| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9969| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9970| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9971| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9972| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9973| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9974| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9975| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9976| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9977| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9978| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9979| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9980| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9981| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9982| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9983| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9984| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9985| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9986| [78989] Apache Ambari up to 2.1.1 Open Redirect
9987| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9988| [78987] Apache Ambari up to 2.0.x cross site scripting
9989| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9990| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9991| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9992| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9993| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9994| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9995| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9996| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9997| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9998| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9999| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
10000| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
10001| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
10002| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
10003| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
10004| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
10005| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
10006| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
10007| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
10008| [76567] Apache Struts 2.3.20 unknown vulnerability
10009| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
10010| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
10011| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
10012| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
10013| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
10014| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
10015| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
10016| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
10017| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
10018| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
10019| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
10020| [74793] Apache Tomcat File Upload denial of service
10021| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
10022| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
10023| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
10024| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
10025| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
10026| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
10027| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
10028| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
10029| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
10030| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
10031| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
10032| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
10033| [74468] Apache Batik up to 1.6 denial of service
10034| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
10035| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
10036| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
10037| [74174] Apache WSS4J up to 2.0.0 privilege escalation
10038| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
10039| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
10040| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
10041| [73731] Apache XML Security unknown vulnerability
10042| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
10043| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
10044| [73593] Apache Traffic Server up to 5.1.0 denial of service
10045| [73511] Apache POI up to 3.10 Deadlock denial of service
10046| [73510] Apache Solr up to 4.3.0 cross site scripting
10047| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
10048| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
10049| [73173] Apache CloudStack Stack-Based unknown vulnerability
10050| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
10051| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
10052| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
10053| [72890] Apache Qpid 0.30 unknown vulnerability
10054| [72887] Apache Hive 0.13.0 File Permission privilege escalation
10055| [72878] Apache Cordova 3.5.0 cross site request forgery
10056| [72877] Apache Cordova 3.5.0 cross site request forgery
10057| [72876] Apache Cordova 3.5.0 cross site request forgery
10058| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
10059| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
10060| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
10061| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
10062| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10063| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10064| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
10065| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
10066| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
10067| [71629] Apache Axis2/C spoofing
10068| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
10069| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
10070| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
10071| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
10072| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
10073| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10074| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10075| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10076| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10077| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10078| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10079| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10080| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10081| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10082| [70809] Apache POI up to 3.11 Crash denial of service
10083| [70808] Apache POI up to 3.10 unknown vulnerability
10084| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10085| [70749] Apache Axis up to 1.4 getCN spoofing
10086| [70701] Apache Traffic Server up to 3.3.5 denial of service
10087| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10088| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10089| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10090| [70661] Apache Subversion up to 1.6.17 denial of service
10091| [70660] Apache Subversion up to 1.6.17 spoofing
10092| [70659] Apache Subversion up to 1.6.17 spoofing
10093| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10094| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10095| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10096| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10097| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10098| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10099| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10100| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10101| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10102| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10103| [69846] Apache HBase up to 0.94.8 information disclosure
10104| [69783] Apache CouchDB up to 1.2.0 memory corruption
10105| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10106| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
10107| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10108| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10109| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10110| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10111| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10112| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10113| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10114| [69431] Apache Archiva up to 1.3.6 cross site scripting
10115| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10116| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10117| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
10118| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10119| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10120| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10121| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10122| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10123| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10124| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10125| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10126| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10127| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10128| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10129| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10130| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10131| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10132| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10133| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10134| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10135| [66356] Apache Wicket up to 6.8.0 information disclosure
10136| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10137| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10138| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10139| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10140| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10141| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10142| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10143| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10144| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10145| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10146| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10147| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10148| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10149| [65668] Apache Solr 4.0.0 Updater denial of service
10150| [65665] Apache Solr up to 4.3.0 denial of service
10151| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10152| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10153| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10154| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10155| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10156| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10157| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10158| [65410] Apache Struts 2.3.15.3 cross site scripting
10159| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10160| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10161| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10162| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10163| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10164| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10165| [65340] Apache Shindig 2.5.0 information disclosure
10166| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10167| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10168| [10826] Apache Struts 2 File privilege escalation
10169| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10170| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10171| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10172| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10173| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
10174| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10175| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10176| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10177| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10178| [64722] Apache XML Security for C++ Heap-based memory corruption
10179| [64719] Apache XML Security for C++ Heap-based memory corruption
10180| [64718] Apache XML Security for C++ verify denial of service
10181| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10182| [64716] Apache XML Security for C++ spoofing
10183| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10184| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10185| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10186| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10187| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10188| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10189| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10190| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10191| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10192| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10193| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10194| [64467] Apache Geronimo 3.0 memory corruption
10195| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10196| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10197| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10198| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10199| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10200| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10201| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10202| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10203| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10204| [8873] Apache Struts 2.3.14 privilege escalation
10205| [8872] Apache Struts 2.3.14 privilege escalation
10206| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10207| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10208| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10209| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10210| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10211| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10212| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10213| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10214| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10215| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10216| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10217| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10218| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10219| [8427] Apache Tomcat Session Transaction weak authentication
10220| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10221| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10222| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10223| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10224| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10225| [63747] Apache Rave up to 0.20 User Account information disclosure
10226| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10227| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10228| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10229| [7687] Apache CXF up to 2.7.2 Token weak authentication
10230| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10231| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10232| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10233| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10234| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10235| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10236| [63090] Apache Tomcat up to 4.1.24 denial of service
10237| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10238| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10239| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10240| [62833] Apache CXF -/2.6.0 spoofing
10241| [62832] Apache Axis2 up to 1.6.2 spoofing
10242| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10243| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10244| [62826] Apache Libcloud up to 0.11.0 spoofing
10245| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10246| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10247| [62661] Apache Axis2 unknown vulnerability
10248| [62658] Apache Axis2 unknown vulnerability
10249| [62467] Apache Qpid up to 0.17 denial of service
10250| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10251| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10252| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10253| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10254| [62035] Apache Struts up to 2.3.4 denial of service
10255| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
10256| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10257| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10258| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10259| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10260| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10261| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10262| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10263| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10264| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10265| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10266| [61229] Apache Sling up to 2.1.1 denial of service
10267| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10268| [61094] Apache Roller up to 5.0 cross site scripting
10269| [61093] Apache Roller up to 5.0 cross site request forgery
10270| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10271| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10272| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
10273| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10274| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10275| [60708] Apache Qpid 0.12 unknown vulnerability
10276| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10277| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10278| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10279| [4882] Apache Wicket up to 1.5.4 directory traversal
10280| [4881] Apache Wicket up to 1.4.19 cross site scripting
10281| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10282| [60352] Apache Struts up to 2.2.3 memory corruption
10283| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10284| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10285| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10286| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10287| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10288| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10289| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10290| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10291| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10292| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10293| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10294| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10295| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10296| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10297| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10298| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10299| [59888] Apache Tomcat up to 6.0.6 denial of service
10300| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10301| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10302| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
10303| [59850] Apache Geronimo up to 2.2.1 denial of service
10304| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10305| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10306| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10307| [58413] Apache Tomcat up to 6.0.10 spoofing
10308| [58381] Apache Wicket up to 1.4.17 cross site scripting
10309| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10310| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10311| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10312| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10313| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10314| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10315| [57568] Apache Archiva up to 1.3.4 cross site scripting
10316| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10317| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10318| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10319| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10320| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10321| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10322| [57025] Apache Tomcat up to 7.0.11 information disclosure
10323| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10324| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10325| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10326| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10327| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10328| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10329| [56512] Apache Continuum up to 1.4.0 cross site scripting
10330| [4285] Apache Tomcat 5.x JVM getLocale denial of service
10331| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
10332| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10333| [56441] Apache Tomcat up to 7.0.6 denial of service
10334| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10335| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10336| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10337| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10338| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10339| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10340| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10341| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10342| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10343| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10344| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10345| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10346| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10347| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10348| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10349| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10350| [54012] Apache Tomcat up to 6.0.10 denial of service
10351| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10352| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10353| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10354| [52894] Apache Tomcat up to 6.0.7 information disclosure
10355| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10356| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10357| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10358| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10359| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10360| [52584] Apache CouchDB up to 0.10.1 information disclosure
10361| [51757] Apache HTTP Server 2.0.44 cross site scripting
10362| [51756] Apache HTTP Server 2.0.44 spoofing
10363| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10364| [51690] Apache Tomcat up to 6.0 directory traversal
10365| [51689] Apache Tomcat up to 6.0 information disclosure
10366| [51688] Apache Tomcat up to 6.0 directory traversal
10367| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10368| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10369| [50626] Apache Solr 1.0.0 cross site scripting
10370| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10371| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10372| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10373| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10374| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10375| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10376| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10377| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10378| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10379| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10380| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10381| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10382| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10383| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10384| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10385| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10386| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10387| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10388| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10389| [47214] Apachefriends xampp 1.6.8 spoofing
10390| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10391| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10392| [47065] Apache Tomcat 4.1.23 cross site scripting
10393| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10394| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10395| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10396| [86625] Apache Struts directory traversal
10397| [44461] Apache Tomcat up to 5.5.0 information disclosure
10398| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10399| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10400| [43663] Apache Tomcat up to 6.0.16 directory traversal
10401| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10402| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10403| [43516] Apache Tomcat up to 4.1.20 directory traversal
10404| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10405| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10406| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10407| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10408| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10409| [40924] Apache Tomcat up to 6.0.15 information disclosure
10410| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10411| [40922] Apache Tomcat up to 6.0 information disclosure
10412| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10413| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10414| [40656] Apache Tomcat 5.5.20 information disclosure
10415| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10416| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10417| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10418| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10419| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10420| [40234] Apache Tomcat up to 6.0.15 directory traversal
10421| [40221] Apache HTTP Server 2.2.6 information disclosure
10422| [40027] David Castro Apache Authcas 0.4 sql injection
10423| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
10424| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10425| [3414] Apache Tomcat WebDAV Stored privilege escalation
10426| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10427| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10428| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10429| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10430| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10431| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10432| [38524] Apache Geronimo 2.0 unknown vulnerability
10433| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10434| [38331] Apache Tomcat 4.1.24 information disclosure
10435| [38330] Apache Tomcat 4.1.24 information disclosure
10436| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10437| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10438| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10439| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10440| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10441| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10442| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10443| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10444| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10445| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10446| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10447| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10448| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10449| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10450| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10451| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10452| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10453| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10454| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10455| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10456| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10457| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10458| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10459| [34252] Apache HTTP Server denial of service
10460| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10461| [33877] Apache Opentaps 0.9.3 cross site scripting
10462| [33876] Apache Open For Business Project unknown vulnerability
10463| [33875] Apache Open For Business Project cross site scripting
10464| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
10465| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10466|
10467| MITRE CVE - https://cve.mitre.org:
10468| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10469| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10470| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10471| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10472| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10473| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10474| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10475| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10476| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10477| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10478| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10479| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10480| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10481| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10482| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10483| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10484| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10485| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10486| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10487| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10488| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10489| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10490| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10491| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10492| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10493| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10494| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10495| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10496| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10497| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10498| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10499| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10500| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10501| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10502| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10503| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10504| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10505| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10506| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10507| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10508| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10509| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10510| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10511| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10512| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10513| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10514| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10515| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10516| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10517| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10518| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10519| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10520| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10521| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10522| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10523| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10524| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10525| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10526| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10527| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10528| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10529| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10530| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10531| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10532| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10533| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10534| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10535| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10536| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10537| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10538| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10539| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
10540| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
10541| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
10542| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
10543| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
10544| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
10545| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
10546| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
10547| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
10548| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
10549| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10550| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
10551| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
10552| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
10553| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
10554| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
10555| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
10556| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
10557| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
10558| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
10559| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
10560| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
10561| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
10562| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
10563| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
10564| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
10565| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
10566| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
10567| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
10568| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
10569| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
10570| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
10571| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
10572| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
10573| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
10574| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
10575| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
10576| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
10577| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
10578| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
10579| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
10580| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
10581| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
10582| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
10583| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
10584| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
10585| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
10586| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
10587| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
10588| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
10589| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
10590| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
10591| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
10592| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10593| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10594| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
10595| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
10596| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
10597| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
10598| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
10599| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
10600| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
10601| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
10602| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
10603| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
10604| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
10605| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
10606| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
10607| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
10608| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
10609| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
10610| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10611| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10612| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10613| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10614| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10615| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10616| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10617| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10618| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10619| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10620| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10621| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10622| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10623| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10624| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10625| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10626| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10627| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10628| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10629| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10630| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10631| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10632| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10633| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10634| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10635| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10636| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10637| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10638| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10639| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10640| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10641| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10642| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10643| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10644| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10645| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10646| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10647| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10648| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10649| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10650| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10651| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10652| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10653| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10654| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10655| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10656| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10657| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10658| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10659| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10660| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10661| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10662| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10663| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10664| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10665| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10666| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10667| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10668| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10669| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10670| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10671| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10672| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10673| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10674| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10675| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10676| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10677| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10678| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10679| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10680| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10681| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10682| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10683| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10684| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10685| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10686| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10687| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10688| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10689| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10690| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10691| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10692| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10693| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10694| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10695| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10696| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10697| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10698| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10699| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10700| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10701| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10702| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10703| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10704| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10705| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10706| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10707| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10708| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10709| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10710| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10711| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10712| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10713| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10714| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10715| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10716| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10717| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10718| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10719| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10720| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10721| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10722| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10723| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10724| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10725| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10726| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10727| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10728| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10729| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10730| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10731| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10732| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10733| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10734| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10735| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10736| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10737| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10738| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10739| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10740| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10741| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10742| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10743| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10744| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10745| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10746| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10747| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10748| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10749| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10750| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10751| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10752| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10753| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10754| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10755| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10756| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10757| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10758| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10759| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10760| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10761| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10762| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10763| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10764| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10765| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10766| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10767| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10768| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10769| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10770| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10771| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10772| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10773| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10774| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10775| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10776| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10777| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10778| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10779| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10780| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10781| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10782| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10783| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10784| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10785| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10786| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10787| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10788| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10789| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10790| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10791| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10792| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10793| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10794| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10795| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10796| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10797| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10798| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10799| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10800| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10801| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10802| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10803| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10804| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10805| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10806| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10807| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10808| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10809| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10810| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10811| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10812| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10813| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10814| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10815| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10816| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10817| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10818| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10819| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10820| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10821| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10822| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10823| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10824| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10825| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10826| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10827| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10828| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10829| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10830| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10831| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10832| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10833| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10834| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10835| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10836| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10837| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10838| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10839| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10840| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10841| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10842| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10843| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10844| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10845| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10846| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10847| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10848| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10849| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10850| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10851| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10852| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10853| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10854| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10855| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10856| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10857| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10858| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10859| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10860| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10861| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10862| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10863| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10864| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10865| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10866| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10867| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10868| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10869| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10870| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10871| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10872| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10873| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10874| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10875| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10876| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10877| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10878| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10879| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10880| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10881| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10882| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10883| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10884| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10885| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10886| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10887| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10888| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10889| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10890| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10891| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10892| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10893| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10894| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10895| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10896| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10897| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10898| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10899| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10900| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10901| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10902| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10903| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10904| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10905| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10906| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10907| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10908| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10909| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10910| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10911| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10912| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10913| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10914| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10915| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10916| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10917| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10918| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10919| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10920| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10921| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10922| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10923| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10924| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10925| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10926| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10927| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10928| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10929| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10930| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10931| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10932| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10933| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10934| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10935| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10936| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10937| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10938| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10939| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10940| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10941| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10942| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10943| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10944| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10945| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10946| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10947| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10948| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10949| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10950| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10951| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10952| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10953| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10954| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10955| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10956| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10957| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10958| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10959| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10960| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10961| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10962| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10963| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10964| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10965| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10966| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10967| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10968| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10969| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10970| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10971| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10972| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10973| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10974| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10975| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10976| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10977| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10978| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10979| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10980| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10981| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10982| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10983| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10984| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10985| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10986| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10987| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10988| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10989| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10990| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10991| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10992| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10993| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10994| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10995| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10996| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10997| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10998| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10999| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
11000| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
11001| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
11002| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11003| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
11004| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
11005| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
11006| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
11007| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
11008| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
11009| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
11010| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
11011| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
11012| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
11013| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
11014| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
11015| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
11016| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
11017| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
11018| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
11019| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
11020| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
11021| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
11022| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
11023| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
11024| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
11025| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
11026| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
11027| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
11028| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
11029| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
11030| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
11031| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
11032| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
11033| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
11034| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
11035| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
11036| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
11037| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
11038| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
11039| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
11040| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
11041| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
11042| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
11043| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
11044| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
11045| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
11046| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
11047| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
11048| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
11049| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
11050| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
11051| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
11052| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
11053| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
11054| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
11055| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
11056| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
11057| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
11058| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
11059| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
11060| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
11061| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
11062| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
11063| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
11064| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11065| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
11066| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11067| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11068| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11069| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11070| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11071| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11072| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11073| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11074| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11075| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11076| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11077|
11078| SecurityFocus - https://www.securityfocus.com/bid/:
11079| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11080| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11081| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11082| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11083| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11084| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11085| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11086| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11087| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11088| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11089| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11090| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11091| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11092| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11093| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11094| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11095| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11096| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11097| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11098| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11099| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11100| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11101| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11102| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11103| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11104| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11105| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11106| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11107| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11108| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11109| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11110| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11111| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11112| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11113| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11114| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11115| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11116| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11117| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11118| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11119| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11120| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11121| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11122| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11123| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11124| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11125| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11126| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11127| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11128| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11129| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11130| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11131| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11132| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11133| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11134| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11135| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11136| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11137| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11138| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
11139| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11140| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11141| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11142| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11143| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11144| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11145| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11146| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11147| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11148| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11149| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11150| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11151| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11152| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11153| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11154| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11155| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11156| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11157| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11158| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11159| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11160| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11161| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11162| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
11163| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11164| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11165| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11166| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11167| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11168| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11169| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11170| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11171| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11172| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11173| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11174| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11175| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11176| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11177| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11178| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11179| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11180| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11181| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11182| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11183| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11184| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11185| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11186| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11187| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11188| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11189| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11190| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11191| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11192| [100447] Apache2Triad Multiple Security Vulnerabilities
11193| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11194| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11195| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11196| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11197| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11198| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11199| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11200| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11201| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11202| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11203| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11204| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11205| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11206| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11207| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11208| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11209| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11210| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11211| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11212| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11213| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11214| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11215| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11216| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11217| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11218| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11219| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11220| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11221| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11222| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11223| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11224| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11225| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11226| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11227| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11228| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11229| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11230| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11231| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11232| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11233| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11234| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11235| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11236| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11237| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11238| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11239| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11240| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11241| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11242| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11243| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11244| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11245| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11246| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11247| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11248| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11249| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11250| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11251| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11252| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11253| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11254| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11255| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11256| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11257| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11258| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11259| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11260| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11261| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11262| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11263| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11264| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11265| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11266| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11267| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11268| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11269| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11270| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11271| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11272| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11273| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11274| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11275| [95675] Apache Struts Remote Code Execution Vulnerability
11276| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11277| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11278| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11279| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11280| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11281| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11282| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11283| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11284| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11285| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11286| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11287| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11288| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11289| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11290| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11291| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11292| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11293| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11294| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11295| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11296| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11297| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11298| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11299| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11300| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11301| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11302| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11303| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11304| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11305| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11306| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11307| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11308| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11309| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11310| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11311| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11312| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11313| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11314| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11315| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11316| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11317| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11318| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11319| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11320| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11321| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11322| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11323| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11324| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11325| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11326| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11327| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11328| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11329| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11330| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11331| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11332| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11333| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11334| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11335| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11336| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11337| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11338| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11339| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11340| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11341| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11342| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11343| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11344| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11345| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11346| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11347| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11348| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11349| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11350| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11351| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11352| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11353| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11354| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11355| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11356| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11357| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11358| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11359| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11360| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11361| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11362| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11363| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11364| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11365| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11366| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11367| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11368| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11369| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11370| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11371| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11372| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11373| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11374| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11375| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11376| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11377| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11378| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11379| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11380| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11381| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11382| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11383| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11384| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11385| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11386| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11387| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11388| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11389| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11390| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11391| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11392| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11393| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11394| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11395| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11396| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11397| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11398| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11399| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11400| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11401| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11402| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11403| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11404| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11405| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11406| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11407| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11408| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11409| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11410| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11411| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11412| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11413| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11414| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11415| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11416| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11417| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11418| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11419| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11420| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11421| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11422| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11423| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11424| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11425| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11426| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11427| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11428| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11429| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11430| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11431| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11432| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11433| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11434| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11435| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11436| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11437| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11438| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11439| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11440| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11441| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11442| [76933] Apache James Server Unspecified Command Execution Vulnerability
11443| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11444| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11445| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11446| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11447| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11448| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11449| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11450| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11451| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11452| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11453| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11454| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11455| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11456| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11457| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11458| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11459| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11460| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11461| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11462| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11463| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11464| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11465| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11466| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11467| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11468| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11469| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11470| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11471| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11472| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11473| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11474| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11475| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11476| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11477| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11478| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11479| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11480| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11481| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11482| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11483| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11484| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11485| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11486| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11487| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11488| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11489| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11490| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11491| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11492| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11493| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11494| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11495| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11496| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11497| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11498| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11499| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11500| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11501| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11502| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11503| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11504| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11505| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11506| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11507| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11508| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11509| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11510| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11511| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11512| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11513| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11514| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11515| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11516| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11517| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11518| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11519| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11520| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11521| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11522| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11523| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11524| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11525| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11526| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11527| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11528| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11529| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11530| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11531| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11532| [68229] Apache Harmony PRNG Entropy Weakness
11533| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11534| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11535| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11536| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11537| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11538| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11539| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
11540| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
11541| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
11542| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
11543| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
11544| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
11545| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
11546| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
11547| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
11548| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
11549| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
11550| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
11551| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
11552| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
11553| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
11554| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
11555| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
11556| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
11557| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
11558| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
11559| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
11560| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
11561| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
11562| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
11563| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
11564| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
11565| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
11566| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
11567| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
11568| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
11569| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
11570| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
11571| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
11572| [64780] Apache CloudStack Unauthorized Access Vulnerability
11573| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
11574| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
11575| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
11576| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
11577| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
11578| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
11579| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
11580| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
11581| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
11582| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
11583| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
11584| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11585| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
11586| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
11587| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
11588| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
11589| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
11590| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
11591| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
11592| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
11593| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
11594| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
11595| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
11596| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
11597| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
11598| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
11599| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
11600| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
11601| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
11602| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
11603| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
11604| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
11605| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
11606| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
11607| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
11608| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
11609| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
11610| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11611| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11612| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11613| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11614| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11615| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11616| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11617| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11618| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11619| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11620| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11621| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11622| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11623| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11624| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11625| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11626| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11627| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11628| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11629| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11630| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11631| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11632| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11633| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11634| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11635| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11636| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11637| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11638| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11639| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11640| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11641| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11642| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11643| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11644| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11645| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11646| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11647| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11648| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11649| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11650| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11651| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11652| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11653| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11654| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11655| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11656| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11657| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11658| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11659| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11660| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11661| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11662| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11663| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11664| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11665| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11666| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11667| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11668| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11669| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11670| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11671| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11672| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11673| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11674| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11675| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11676| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11677| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11678| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11679| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11680| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11681| [54798] Apache Libcloud Man In The Middle Vulnerability
11682| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11683| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11684| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11685| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11686| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11687| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11688| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11689| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11690| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11691| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11692| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11693| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11694| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11695| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11696| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11697| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11698| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11699| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11700| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11701| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11702| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11703| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11704| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11705| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11706| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11707| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11708| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11709| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11710| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11711| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11712| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11713| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11714| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11715| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11716| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11717| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11718| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11719| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11720| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11721| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11722| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11723| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11724| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11725| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11726| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11727| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11728| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11729| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11730| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11731| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11732| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11733| [49290] Apache Wicket Cross Site Scripting Vulnerability
11734| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11735| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11736| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11737| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11738| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11739| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11740| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11741| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11742| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11743| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11744| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11745| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11746| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11747| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11748| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11749| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11750| [46953] Apache MPM-ITK Module Security Weakness
11751| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11752| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11753| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11754| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11755| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11756| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11757| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11758| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11759| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11760| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11761| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11762| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11763| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11764| [44616] Apache Shiro Directory Traversal Vulnerability
11765| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11766| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11767| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11768| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11769| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11770| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11771| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11772| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11773| [42492] Apache CXF XML DTD Processing Security Vulnerability
11774| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11775| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11776| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11777| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11778| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11779| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11780| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11781| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11782| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11783| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11784| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11785| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11786| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11787| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11788| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11789| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11790| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11791| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11792| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11793| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11794| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11795| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11796| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11797| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11798| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11799| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11800| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11801| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11802| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11803| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11804| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11805| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11806| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11807| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11808| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11809| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11810| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11811| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11812| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11813| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11814| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11815| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11816| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11817| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11818| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11819| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11820| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11821| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11822| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11823| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11824| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11825| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11826| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11827| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11828| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11829| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11830| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11831| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11832| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11833| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11834| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11835| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11836| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11837| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11838| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11839| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11840| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11841| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11842| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11843| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11844| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11845| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11846| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11847| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11848| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11849| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11850| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11851| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11852| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11853| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11854| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11855| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11856| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11857| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11858| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11859| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11860| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11861| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11862| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11863| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11864| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11865| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11866| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11867| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11868| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11869| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11870| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11871| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11872| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11873| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11874| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11875| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11876| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11877| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11878| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11879| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11880| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11881| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11882| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11883| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11884| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11885| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11886| [20527] Apache Mod_TCL Remote Format String Vulnerability
11887| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11888| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11889| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11890| [19106] Apache Tomcat Information Disclosure Vulnerability
11891| [18138] Apache James SMTP Denial Of Service Vulnerability
11892| [17342] Apache Struts Multiple Remote Vulnerabilities
11893| [17095] Apache Log4Net Denial Of Service Vulnerability
11894| [16916] Apache mod_python FileSession Code Execution Vulnerability
11895| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11896| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11897| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11898| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11899| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11900| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11901| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11902| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11903| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11904| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11905| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11906| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11907| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11908| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11909| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11910| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11911| [14106] Apache HTTP Request Smuggling Vulnerability
11912| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11913| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11914| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11915| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11916| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11917| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11918| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11919| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11920| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11921| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11922| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11923| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11924| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11925| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11926| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11927| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11928| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11929| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11930| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11931| [11094] Apache mod_ssl Denial Of Service Vulnerability
11932| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11933| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11934| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11935| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11936| [10478] ClueCentral Apache Suexec Patch Security Weakness
11937| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11938| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11939| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11940| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11941| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11942| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11943| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11944| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11945| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11946| [9733] Apache Cygwin Directory Traversal Vulnerability
11947| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11948| [9590] Apache-SSL Client Certificate Forging Vulnerability
11949| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11950| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11951| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11952| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11953| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11954| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11955| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11956| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11957| [8898] Red Hat Apache Directory Index Default Configuration Error
11958| [8883] Apache Cocoon Directory Traversal Vulnerability
11959| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11960| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11961| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11962| [8707] Apache htpasswd Password Entropy Weakness
11963| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11964| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11965| [8226] Apache HTTP Server Multiple Vulnerabilities
11966| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11967| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11968| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11969| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11970| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11971| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11972| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11973| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11974| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11975| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11976| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11977| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11978| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11979| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11980| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11981| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11982| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11983| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11984| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11985| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11986| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11987| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11988| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11989| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11990| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11991| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11992| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11993| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11994| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11995| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11996| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11997| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11998| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11999| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
12000| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
12001| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12002| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
12003| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
12004| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
12005| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
12006| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12007| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
12008| [5485] Apache 2.0 Path Disclosure Vulnerability
12009| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12010| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
12011| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
12012| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
12013| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
12014| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
12015| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
12016| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
12017| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
12018| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
12019| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
12020| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
12021| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
12022| [4437] Apache Error Message Cross-Site Scripting Vulnerability
12023| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
12024| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
12025| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
12026| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
12027| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
12028| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
12029| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
12030| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
12031| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
12032| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
12033| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
12034| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
12035| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
12036| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
12037| [3596] Apache Split-Logfile File Append Vulnerability
12038| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
12039| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
12040| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
12041| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
12042| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
12043| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
12044| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
12045| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
12046| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
12047| [3169] Apache Server Address Disclosure Vulnerability
12048| [3009] Apache Possible Directory Index Disclosure Vulnerability
12049| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
12050| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
12051| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
12052| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
12053| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
12054| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
12055| [2216] Apache Web Server DoS Vulnerability
12056| [2182] Apache /tmp File Race Vulnerability
12057| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
12058| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
12059| [1821] Apache mod_cookies Buffer Overflow Vulnerability
12060| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
12061| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
12062| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
12063| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
12064| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
12065| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12066| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12067| [1457] Apache::ASP source.asp Example Script Vulnerability
12068| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12069| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12070|
12071| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12072| [86258] Apache CloudStack text fields cross-site scripting
12073| [85983] Apache Subversion mod_dav_svn module denial of service
12074| [85875] Apache OFBiz UEL code execution
12075| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12076| [85871] Apache HTTP Server mod_session_dbd unspecified
12077| [85756] Apache Struts OGNL expression command execution
12078| [85755] Apache Struts DefaultActionMapper class open redirect
12079| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12080| [85574] Apache HTTP Server mod_dav denial of service
12081| [85573] Apache Struts Showcase App OGNL code execution
12082| [85496] Apache CXF denial of service
12083| [85423] Apache Geronimo RMI classloader code execution
12084| [85326] Apache Santuario XML Security for C++ buffer overflow
12085| [85323] Apache Santuario XML Security for Java spoofing
12086| [85319] Apache Qpid Python client SSL spoofing
12087| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12088| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12089| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12090| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12091| [84952] Apache Tomcat CVE-2012-3544 denial of service
12092| [84763] Apache Struts CVE-2013-2135 security bypass
12093| [84762] Apache Struts CVE-2013-2134 security bypass
12094| [84719] Apache Subversion CVE-2013-2088 command execution
12095| [84718] Apache Subversion CVE-2013-2112 denial of service
12096| [84717] Apache Subversion CVE-2013-1968 denial of service
12097| [84577] Apache Tomcat security bypass
12098| [84576] Apache Tomcat symlink
12099| [84543] Apache Struts CVE-2013-2115 security bypass
12100| [84542] Apache Struts CVE-2013-1966 security bypass
12101| [84154] Apache Tomcat session hijacking
12102| [84144] Apache Tomcat denial of service
12103| [84143] Apache Tomcat information disclosure
12104| [84111] Apache HTTP Server command execution
12105| [84043] Apache Virtual Computing Lab cross-site scripting
12106| [84042] Apache Virtual Computing Lab cross-site scripting
12107| [83782] Apache CloudStack information disclosure
12108| [83781] Apache CloudStack security bypass
12109| [83720] Apache ActiveMQ cross-site scripting
12110| [83719] Apache ActiveMQ denial of service
12111| [83718] Apache ActiveMQ denial of service
12112| [83263] Apache Subversion denial of service
12113| [83262] Apache Subversion denial of service
12114| [83261] Apache Subversion denial of service
12115| [83259] Apache Subversion denial of service
12116| [83035] Apache mod_ruid2 security bypass
12117| [82852] Apache Qpid federation_tag security bypass
12118| [82851] Apache Qpid qpid::framing::Buffer denial of service
12119| [82758] Apache Rave User RPC API information disclosure
12120| [82663] Apache Subversion svn_fs_file_length() denial of service
12121| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12122| [82641] Apache Qpid AMQP denial of service
12123| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
12124| [82618] Apache Commons FileUpload symlink
12125| [82360] Apache HTTP Server manager interface cross-site scripting
12126| [82359] Apache HTTP Server hostnames cross-site scripting
12127| [82338] Apache Tomcat log/logdir information disclosure
12128| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12129| [82268] Apache OpenJPA deserialization command execution
12130| [81981] Apache CXF UsernameTokens security bypass
12131| [81980] Apache CXF WS-Security security bypass
12132| [81398] Apache OFBiz cross-site scripting
12133| [81240] Apache CouchDB directory traversal
12134| [81226] Apache CouchDB JSONP code execution
12135| [81225] Apache CouchDB Futon user interface cross-site scripting
12136| [81211] Apache Axis2/C SSL spoofing
12137| [81167] Apache CloudStack DeployVM information disclosure
12138| [81166] Apache CloudStack AddHost API information disclosure
12139| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12140| [80518] Apache Tomcat cross-site request forgery security bypass
12141| [80517] Apache Tomcat FormAuthenticator security bypass
12142| [80516] Apache Tomcat NIO denial of service
12143| [80408] Apache Tomcat replay-countermeasure security bypass
12144| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12145| [80317] Apache Tomcat slowloris denial of service
12146| [79984] Apache Commons HttpClient SSL spoofing
12147| [79983] Apache CXF SSL spoofing
12148| [79830] Apache Axis2/Java SSL spoofing
12149| [79829] Apache Axis SSL spoofing
12150| [79809] Apache Tomcat DIGEST security bypass
12151| [79806] Apache Tomcat parseHeaders() denial of service
12152| [79540] Apache OFBiz unspecified
12153| [79487] Apache Axis2 SAML security bypass
12154| [79212] Apache Cloudstack code execution
12155| [78734] Apache CXF SOAP Action security bypass
12156| [78730] Apache Qpid broker denial of service
12157| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12158| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12159| [78562] Apache mod_pagespeed module security bypass
12160| [78454] Apache Axis2 security bypass
12161| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12162| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12163| [78321] Apache Wicket unspecified cross-site scripting
12164| [78183] Apache Struts parameters denial of service
12165| [78182] Apache Struts cross-site request forgery
12166| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12167| [77987] mod_rpaf module for Apache denial of service
12168| [77958] Apache Struts skill name code execution
12169| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12170| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12171| [77568] Apache Qpid broker security bypass
12172| [77421] Apache Libcloud spoofing
12173| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12174| [77046] Oracle Solaris Apache HTTP Server information disclosure
12175| [76837] Apache Hadoop information disclosure
12176| [76802] Apache Sling CopyFrom denial of service
12177| [76692] Apache Hadoop symlink
12178| [76535] Apache Roller console cross-site request forgery
12179| [76534] Apache Roller weblog cross-site scripting
12180| [76152] Apache CXF elements security bypass
12181| [76151] Apache CXF child policies security bypass
12182| [75983] MapServer for Windows Apache file include
12183| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12184| [75558] Apache POI denial of service
12185| [75545] PHP apache_request_headers() buffer overflow
12186| [75302] Apache Qpid SASL security bypass
12187| [75211] Debian GNU/Linux apache 2 cross-site scripting
12188| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12189| [74871] Apache OFBiz FlexibleStringExpander code execution
12190| [74870] Apache OFBiz multiple cross-site scripting
12191| [74750] Apache Hadoop unspecified spoofing
12192| [74319] Apache Struts XSLTResult.java file upload
12193| [74313] Apache Traffic Server header buffer overflow
12194| [74276] Apache Wicket directory traversal
12195| [74273] Apache Wicket unspecified cross-site scripting
12196| [74181] Apache HTTP Server mod_fcgid module denial of service
12197| [73690] Apache Struts OGNL code execution
12198| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12199| [73100] Apache MyFaces in directory traversal
12200| [73096] Apache APR hash denial of service
12201| [73052] Apache Struts name cross-site scripting
12202| [73030] Apache CXF UsernameToken security bypass
12203| [72888] Apache Struts lastName cross-site scripting
12204| [72758] Apache HTTP Server httpOnly information disclosure
12205| [72757] Apache HTTP Server MPM denial of service
12206| [72585] Apache Struts ParameterInterceptor security bypass
12207| [72438] Apache Tomcat Digest security bypass
12208| [72437] Apache Tomcat Digest security bypass
12209| [72436] Apache Tomcat DIGEST security bypass
12210| [72425] Apache Tomcat parameter denial of service
12211| [72422] Apache Tomcat request object information disclosure
12212| [72377] Apache HTTP Server scoreboard security bypass
12213| [72345] Apache HTTP Server HTTP request denial of service
12214| [72229] Apache Struts ExceptionDelegator command execution
12215| [72089] Apache Struts ParameterInterceptor directory traversal
12216| [72088] Apache Struts CookieInterceptor command execution
12217| [72047] Apache Geronimo hash denial of service
12218| [72016] Apache Tomcat hash denial of service
12219| [71711] Apache Struts OGNL expression code execution
12220| [71654] Apache Struts interfaces security bypass
12221| [71620] Apache ActiveMQ failover denial of service
12222| [71617] Apache HTTP Server mod_proxy module information disclosure
12223| [71508] Apache MyFaces EL security bypass
12224| [71445] Apache HTTP Server mod_proxy security bypass
12225| [71203] Apache Tomcat servlets privilege escalation
12226| [71181] Apache HTTP Server ap_pregsub() denial of service
12227| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12228| [70336] Apache HTTP Server mod_proxy information disclosure
12229| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12230| [69472] Apache Tomcat AJP security bypass
12231| [69396] Apache HTTP Server ByteRange filter denial of service
12232| [69394] Apache Wicket multi window support cross-site scripting
12233| [69176] Apache Tomcat XML information disclosure
12234| [69161] Apache Tomcat jsvc information disclosure
12235| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12236| [68541] Apache Tomcat sendfile information disclosure
12237| [68420] Apache XML Security denial of service
12238| [68238] Apache Tomcat JMX information disclosure
12239| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12240| [67804] Apache Subversion control rules information disclosure
12241| [67803] Apache Subversion control rules denial of service
12242| [67802] Apache Subversion baselined denial of service
12243| [67672] Apache Archiva multiple cross-site scripting
12244| [67671] Apache Archiva multiple cross-site request forgery
12245| [67564] Apache APR apr_fnmatch() denial of service
12246| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12247| [67515] Apache Tomcat annotations security bypass
12248| [67480] Apache Struts s:submit information disclosure
12249| [67414] Apache APR apr_fnmatch() denial of service
12250| [67356] Apache Struts javatemplates cross-site scripting
12251| [67354] Apache Struts Xwork cross-site scripting
12252| [66676] Apache Tomcat HTTP BIO information disclosure
12253| [66675] Apache Tomcat web.xml security bypass
12254| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12255| [66241] Apache HttpComponents information disclosure
12256| [66154] Apache Tomcat ServletSecurity security bypass
12257| [65971] Apache Tomcat ServletSecurity security bypass
12258| [65876] Apache Subversion mod_dav_svn denial of service
12259| [65343] Apache Continuum unspecified cross-site scripting
12260| [65162] Apache Tomcat NIO connector denial of service
12261| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12262| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12263| [65159] Apache Tomcat ServletContect security bypass
12264| [65050] Apache CouchDB web-based administration UI cross-site scripting
12265| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12266| [64473] Apache Subversion blame -g denial of service
12267| [64472] Apache Subversion walk() denial of service
12268| [64407] Apache Axis2 CVE-2010-0219 code execution
12269| [63926] Apache Archiva password privilege escalation
12270| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12271| [63493] Apache Archiva credentials cross-site request forgery
12272| [63477] Apache Tomcat HttpOnly session hijacking
12273| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12274| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12275| [62959] Apache Shiro filters security bypass
12276| [62790] Apache Perl cgi module denial of service
12277| [62576] Apache Qpid exchange denial of service
12278| [62575] Apache Qpid AMQP denial of service
12279| [62354] Apache Qpid SSL denial of service
12280| [62235] Apache APR-util apr_brigade_split_line() denial of service
12281| [62181] Apache XML-RPC SAX Parser information disclosure
12282| [61721] Apache Traffic Server cache poisoning
12283| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12284| [61186] Apache CouchDB Futon cross-site request forgery
12285| [61169] Apache CXF DTD denial of service
12286| [61070] Apache Jackrabbit search.jsp SQL injection
12287| [61006] Apache SLMS Quoting cross-site request forgery
12288| [60962] Apache Tomcat time cross-site scripting
12289| [60883] Apache mod_proxy_http information disclosure
12290| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12291| [60264] Apache Tomcat Transfer-Encoding denial of service
12292| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12293| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12294| [59413] Apache mod_proxy_http timeout information disclosure
12295| [59058] Apache MyFaces unencrypted view state cross-site scripting
12296| [58827] Apache Axis2 xsd file include
12297| [58790] Apache Axis2 modules cross-site scripting
12298| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12299| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12300| [58056] Apache ActiveMQ .jsp source code disclosure
12301| [58055] Apache Tomcat realm name information disclosure
12302| [58046] Apache HTTP Server mod_auth_shadow security bypass
12303| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12304| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12305| [57429] Apache CouchDB algorithms information disclosure
12306| [57398] Apache ActiveMQ Web console cross-site request forgery
12307| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12308| [56653] Apache HTTP Server DNS spoofing
12309| [56652] Apache HTTP Server DNS cross-site scripting
12310| [56625] Apache HTTP Server request header information disclosure
12311| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12312| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12313| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12314| [55857] Apache Tomcat WAR files directory traversal
12315| [55856] Apache Tomcat autoDeploy attribute security bypass
12316| [55855] Apache Tomcat WAR directory traversal
12317| [55210] Intuit component for Joomla! Apache information disclosure
12318| [54533] Apache Tomcat 404 error page cross-site scripting
12319| [54182] Apache Tomcat admin default password
12320| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12321| [53666] Apache HTTP Server Solaris pollset support denial of service
12322| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12323| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12324| [53041] mod_proxy_ftp module for Apache denial of service
12325| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12326| [51953] Apache Tomcat Path Disclosure
12327| [51952] Apache Tomcat Path Traversal
12328| [51951] Apache stronghold-status Information Disclosure
12329| [51950] Apache stronghold-info Information Disclosure
12330| [51949] Apache PHP Source Code Disclosure
12331| [51948] Apache Multiviews Attack
12332| [51946] Apache JServ Environment Status Information Disclosure
12333| [51945] Apache error_log Information Disclosure
12334| [51944] Apache Default Installation Page Pattern Found
12335| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12336| [51942] Apache AXIS XML External Entity File Retrieval
12337| [51941] Apache AXIS Sample Servlet Information Leak
12338| [51940] Apache access_log Information Disclosure
12339| [51626] Apache mod_deflate denial of service
12340| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12341| [51365] Apache Tomcat RequestDispatcher security bypass
12342| [51273] Apache HTTP Server Incomplete Request denial of service
12343| [51195] Apache Tomcat XML information disclosure
12344| [50994] Apache APR-util xml/apr_xml.c denial of service
12345| [50993] Apache APR-util apr_brigade_vprintf denial of service
12346| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12347| [50930] Apache Tomcat j_security_check information disclosure
12348| [50928] Apache Tomcat AJP denial of service
12349| [50884] Apache HTTP Server XML ENTITY denial of service
12350| [50808] Apache HTTP Server AllowOverride privilege escalation
12351| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12352| [50059] Apache mod_proxy_ajp information disclosure
12353| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12354| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12355| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12356| [49921] Apache ActiveMQ Web interface cross-site scripting
12357| [49898] Apache Geronimo Services/Repository directory traversal
12358| [49725] Apache Tomcat mod_jk module information disclosure
12359| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12360| [49712] Apache Struts unspecified cross-site scripting
12361| [49213] Apache Tomcat cal2.jsp cross-site scripting
12362| [48934] Apache Tomcat POST doRead method information disclosure
12363| [48211] Apache Tomcat header HTTP request smuggling
12364| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12365| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12366| [47709] Apache Roller "
12367| [47104] Novell Netware ApacheAdmin console security bypass
12368| [47086] Apache HTTP Server OS fingerprinting unspecified
12369| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12370| [45791] Apache Tomcat RemoteFilterValve security bypass
12371| [44435] Oracle WebLogic Apache Connector buffer overflow
12372| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12373| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12374| [44156] Apache Tomcat RequestDispatcher directory traversal
12375| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12376| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12377| [42987] Apache HTTP Server mod_proxy module denial of service
12378| [42915] Apache Tomcat JSP files path disclosure
12379| [42914] Apache Tomcat MS-DOS path disclosure
12380| [42892] Apache Tomcat unspecified unauthorized access
12381| [42816] Apache Tomcat Host Manager cross-site scripting
12382| [42303] Apache 403 error cross-site scripting
12383| [41618] Apache-SSL ExpandCert() authentication bypass
12384| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12385| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12386| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12387| [40562] Apache Geronimo init information disclosure
12388| [40478] Novell Web Manager webadmin-apache.conf security bypass
12389| [40411] Apache Tomcat exception handling information disclosure
12390| [40409] Apache Tomcat native (APR based) connector weak security
12391| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12392| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12393| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12394| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12395| [39804] Apache Tomcat SingleSignOn information disclosure
12396| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12397| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12398| [39608] Apache HTTP Server balancer manager cross-site request forgery
12399| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12400| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12401| [39472] Apache HTTP Server mod_status cross-site scripting
12402| [39201] Apache Tomcat JULI logging weak security
12403| [39158] Apache HTTP Server Windows SMB shares information disclosure
12404| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12405| [38951] Apache::AuthCAS Perl module cookie SQL injection
12406| [38800] Apache HTTP Server 413 error page cross-site scripting
12407| [38211] Apache Geronimo SQLLoginModule authentication bypass
12408| [37243] Apache Tomcat WebDAV directory traversal
12409| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12410| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12411| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12412| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12413| [36782] Apache Geronimo MEJB unauthorized access
12414| [36586] Apache HTTP Server UTF-7 cross-site scripting
12415| [36468] Apache Geronimo LoginModule security bypass
12416| [36467] Apache Tomcat functions.jsp cross-site scripting
12417| [36402] Apache Tomcat calendar cross-site request forgery
12418| [36354] Apache HTTP Server mod_proxy module denial of service
12419| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12420| [36336] Apache Derby lock table privilege escalation
12421| [36335] Apache Derby schema privilege escalation
12422| [36006] Apache Tomcat "
12423| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12424| [35999] Apache Tomcat \"
12425| [35795] Apache Tomcat CookieExample cross-site scripting
12426| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12427| [35384] Apache HTTP Server mod_cache module denial of service
12428| [35097] Apache HTTP Server mod_status module cross-site scripting
12429| [35095] Apache HTTP Server Prefork MPM module denial of service
12430| [34984] Apache HTTP Server recall_headers information disclosure
12431| [34966] Apache HTTP Server MPM content spoofing
12432| [34965] Apache HTTP Server MPM information disclosure
12433| [34963] Apache HTTP Server MPM multiple denial of service
12434| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12435| [34869] Apache Tomcat JSP example Web application cross-site scripting
12436| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12437| [34496] Apache Tomcat JK Connector security bypass
12438| [34377] Apache Tomcat hello.jsp cross-site scripting
12439| [34212] Apache Tomcat SSL configuration security bypass
12440| [34210] Apache Tomcat Accept-Language cross-site scripting
12441| [34209] Apache Tomcat calendar application cross-site scripting
12442| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12443| [34167] Apache Axis WSDL file path disclosure
12444| [34068] Apache Tomcat AJP connector information disclosure
12445| [33584] Apache HTTP Server suEXEC privilege escalation
12446| [32988] Apache Tomcat proxy module directory traversal
12447| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12448| [32708] Debian Apache tty privilege escalation
12449| [32441] ApacheStats extract() PHP call unspecified
12450| [32128] Apache Tomcat default account
12451| [31680] Apache Tomcat RequestParamExample cross-site scripting
12452| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12453| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12454| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12455| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12456| [29550] Apache mod_tcl set_var() format string
12457| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12458| [28357] Apache HTTP Server mod_alias script source information disclosure
12459| [28063] Apache mod_rewrite off-by-one buffer overflow
12460| [27902] Apache Tomcat URL information disclosure
12461| [26786] Apache James SMTP server denial of service
12462| [25680] libapache2 /tmp/svn file upload
12463| [25614] Apache Struts lookupMap cross-site scripting
12464| [25613] Apache Struts ActionForm denial of service
12465| [25612] Apache Struts isCancelled() security bypass
12466| [24965] Apache mod_python FileSession command execution
12467| [24716] Apache James spooler memory leak denial of service
12468| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12469| [24158] Apache Geronimo jsp-examples cross-site scripting
12470| [24030] Apache auth_ldap module multiple format strings
12471| [24008] Apache mod_ssl custom error message denial of service
12472| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12473| [23612] Apache mod_imap referer field cross-site scripting
12474| [23173] Apache Struts error message cross-site scripting
12475| [22942] Apache Tomcat directory listing denial of service
12476| [22858] Apache Multi-Processing Module code allows denial of service
12477| [22602] RHSA-2005:582 updates for Apache httpd not installed
12478| [22520] Apache mod-auth-shadow "
12479| [22466] ApacheTop symlink
12480| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12481| [22006] Apache HTTP Server byte-range filter denial of service
12482| [21567] Apache mod_ssl off-by-one buffer overflow
12483| [21195] Apache HTTP Server header HTTP request smuggling
12484| [20383] Apache HTTP Server htdigest buffer overflow
12485| [19681] Apache Tomcat AJP12 request denial of service
12486| [18993] Apache HTTP server check_forensic symlink attack
12487| [18790] Apache Tomcat Manager cross-site scripting
12488| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12489| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12490| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12491| [17961] Apache Web server ServerTokens has not been set
12492| [17930] Apache HTTP Server HTTP GET request denial of service
12493| [17785] Apache mod_include module buffer overflow
12494| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12495| [17473] Apache HTTP Server Satisfy directive allows access to resources
12496| [17413] Apache htpasswd buffer overflow
12497| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12498| [17382] Apache HTTP Server IPv6 apr_util denial of service
12499| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12500| [17273] Apache HTTP Server speculative mode denial of service
12501| [17200] Apache HTTP Server mod_ssl denial of service
12502| [16890] Apache HTTP Server server-info request has been detected
12503| [16889] Apache HTTP Server server-status request has been detected
12504| [16705] Apache mod_ssl format string attack
12505| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12506| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12507| [16230] Apache HTTP Server PHP denial of service
12508| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12509| [15958] Apache HTTP Server authentication modules memory corruption
12510| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12511| [15540] Apache HTTP Server socket starvation denial of service
12512| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12513| [15422] Apache HTTP Server mod_access information disclosure
12514| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12515| [15293] Apache for Cygwin "
12516| [15065] Apache-SSL has a default password
12517| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12518| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12519| [14751] Apache Mod_python output filter information disclosure
12520| [14125] Apache HTTP Server mod_userdir module information disclosure
12521| [14075] Apache HTTP Server mod_php file descriptor leak
12522| [13703] Apache HTTP Server account
12523| [13689] Apache HTTP Server configuration allows symlinks
12524| [13688] Apache HTTP Server configuration allows SSI
12525| [13687] Apache HTTP Server Server: header value
12526| [13685] Apache HTTP Server ServerTokens value
12527| [13684] Apache HTTP Server ServerSignature value
12528| [13672] Apache HTTP Server config allows directory autoindexing
12529| [13671] Apache HTTP Server default content
12530| [13670] Apache HTTP Server config file directive references outside content root
12531| [13668] Apache HTTP Server httpd not running in chroot environment
12532| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12533| [13664] Apache HTTP Server config file contains ScriptAlias entry
12534| [13663] Apache HTTP Server CGI support modules loaded
12535| [13661] Apache HTTP Server config file contains AddHandler entry
12536| [13660] Apache HTTP Server 500 error page not CGI script
12537| [13659] Apache HTTP Server 413 error page not CGI script
12538| [13658] Apache HTTP Server 403 error page not CGI script
12539| [13657] Apache HTTP Server 401 error page not CGI script
12540| [13552] Apache HTTP Server mod_cgid module information disclosure
12541| [13550] Apache GET request directory traversal
12542| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
12543| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
12544| [13429] Apache Tomcat non-HTTP request denial of service
12545| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
12546| [13295] Apache weak password encryption
12547| [13254] Apache Tomcat .jsp cross-site scripting
12548| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
12549| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
12550| [12681] Apache HTTP Server mod_proxy could allow mail relaying
12551| [12662] Apache HTTP Server rotatelogs denial of service
12552| [12554] Apache Tomcat stores password in plain text
12553| [12553] Apache HTTP Server redirects and subrequests denial of service
12554| [12552] Apache HTTP Server FTP proxy server denial of service
12555| [12551] Apache HTTP Server prefork MPM denial of service
12556| [12550] Apache HTTP Server weaker than expected encryption
12557| [12549] Apache HTTP Server type-map file denial of service
12558| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
12559| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
12560| [12091] Apache HTTP Server apr_password_validate denial of service
12561| [12090] Apache HTTP Server apr_psprintf code execution
12562| [11804] Apache HTTP Server mod_access_referer denial of service
12563| [11750] Apache HTTP Server could leak sensitive file descriptors
12564| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
12565| [11703] Apache long slash path allows directory listing
12566| [11695] Apache HTTP Server LF (Line Feed) denial of service
12567| [11694] Apache HTTP Server filestat.c denial of service
12568| [11438] Apache HTTP Server MIME message boundaries information disclosure
12569| [11412] Apache HTTP Server error log terminal escape sequence injection
12570| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
12571| [11195] Apache Tomcat web.xml could be used to read files
12572| [11194] Apache Tomcat URL appended with a null character could list directories
12573| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
12574| [11126] Apache HTTP Server illegal character file disclosure
12575| [11125] Apache HTTP Server DOS device name HTTP POST code execution
12576| [11124] Apache HTTP Server DOS device name denial of service
12577| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
12578| [10938] Apache HTTP Server printenv test CGI cross-site scripting
12579| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
12580| [10575] Apache mod_php module could allow an attacker to take over the httpd process
12581| [10499] Apache HTTP Server WebDAV HTTP POST view source
12582| [10457] Apache HTTP Server mod_ssl "
12583| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
12584| [10414] Apache HTTP Server htdigest multiple buffer overflows
12585| [10413] Apache HTTP Server htdigest temporary file race condition
12586| [10412] Apache HTTP Server htpasswd temporary file race condition
12587| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
12588| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
12589| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
12590| [10280] Apache HTTP Server shared memory scorecard overwrite
12591| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
12592| [10241] Apache HTTP Server Host: header cross-site scripting
12593| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
12594| [10208] Apache HTTP Server mod_dav denial of service
12595| [10206] HP VVOS Apache mod_ssl denial of service
12596| [10200] Apache HTTP Server stderr denial of service
12597| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
12598| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
12599| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
12600| [10098] Slapper worm targets OpenSSL/Apache systems
12601| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
12602| [9875] Apache HTTP Server .var file request could disclose installation path
12603| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
12604| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
12605| [9623] Apache HTTP Server ap_log_rerror() path disclosure
12606| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
12607| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
12608| [9396] Apache Tomcat null character to threads denial of service
12609| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
12610| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12611| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12612| [8932] Apache Tomcat example class information disclosure
12613| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12614| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12615| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12616| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12617| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12618| [8400] Apache HTTP Server mod_frontpage buffer overflows
12619| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12620| [8308] Apache "
12621| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12622| [8119] Apache and PHP OPTIONS request reveals "
12623| [8054] Apache is running on the system
12624| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12625| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12626| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12627| [7836] Apache HTTP Server log directory denial of service
12628| [7815] Apache for Windows "
12629| [7810] Apache HTTP request could result in unexpected behavior
12630| [7599] Apache Tomcat reveals installation path
12631| [7494] Apache "
12632| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12633| [7363] Apache Web Server hidden HTTP requests
12634| [7249] Apache mod_proxy denial of service
12635| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12636| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12637| [7059] Apache "
12638| [7057] Apache "
12639| [7056] Apache "
12640| [7055] Apache "
12641| [7054] Apache "
12642| [6997] Apache Jakarta Tomcat error message may reveal information
12643| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12644| [6970] Apache crafted HTTP request could reveal the internal IP address
12645| [6921] Apache long slash path allows directory listing
12646| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12647| [6527] Apache Web Server for Windows and OS2 denial of service
12648| [6316] Apache Jakarta Tomcat may reveal JSP source code
12649| [6305] Apache Jakarta Tomcat directory traversal
12650| [5926] Linux Apache symbolic link
12651| [5659] Apache Web server discloses files when used with php script
12652| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12653| [5204] Apache WebDAV directory listings
12654| [5197] Apache Web server reveals CGI script source code
12655| [5160] Apache Jakarta Tomcat default installation
12656| [5099] Trustix Secure Linux installs Apache with world writable access
12657| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12658| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12659| [4931] Apache source.asp example file allows users to write to files
12660| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12661| [4205] Apache Jakarta Tomcat delivers file contents
12662| [2084] Apache on Debian by default serves the /usr/doc directory
12663| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12664| [697] Apache HTTP server beck exploit
12665| [331] Apache cookies buffer overflow
12666|
12667| Exploit-DB - https://www.exploit-db.com:
12668| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12669| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12670| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12671| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12672| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12673| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12674| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12675| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12676| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12677| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12678| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12679| [29859] Apache Roller OGNL Injection
12680| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12681| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12682| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12683| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12684| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12685| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12686| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12687| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12688| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12689| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12690| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12691| [27096] Apache Geronimo 1.0 Error Page XSS
12692| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12693| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12694| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12695| [25986] Plesk Apache Zeroday Remote Exploit
12696| [25980] Apache Struts includeParams Remote Code Execution
12697| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12698| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12699| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12700| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12701| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12702| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12703| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12704| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12705| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12706| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12707| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12708| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12709| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12710| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12711| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12712| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12713| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12714| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12715| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12716| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12717| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12718| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12719| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12720| [21719] Apache 2.0 Path Disclosure Vulnerability
12721| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12722| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12723| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12724| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12725| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12726| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12727| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12728| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12729| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12730| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12731| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12732| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12733| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12734| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12735| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12736| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12737| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12738| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12739| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12740| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12741| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12742| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12743| [20558] Apache 1.2 Web Server DoS Vulnerability
12744| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12745| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12746| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12747| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12748| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12749| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12750| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12751| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12752| [19231] PHP apache_request_headers Function Buffer Overflow
12753| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12754| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12755| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12756| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12757| [18442] Apache httpOnly Cookie Disclosure
12758| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12759| [18221] Apache HTTP Server Denial of Service
12760| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12761| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12762| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12763| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12764| [16782] Apache Win32 Chunked Encoding
12765| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12766| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12767| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12768| [15319] Apache 2.2 (Windows) Local Denial of Service
12769| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12770| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12771| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12772| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12773| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12774| [12330] Apache OFBiz - Multiple XSS
12775| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12776| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12777| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12778| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12779| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12780| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12781| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12782| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12783| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12784| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12785| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12786| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12787| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12788| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12789| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12790| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12791| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12792| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12793| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12794| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12795| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12796| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12797| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12798| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12799| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12800| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12801| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12802| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12803| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12804| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12805| [466] htpasswd Apache 1.3.31 - Local Exploit
12806| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12807| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12808| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12809| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12810| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12811| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12812| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12813| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12814| [9] Apache HTTP Server 2.x Memory Leak Exploit
12815|
12816| OpenVAS (Nessus) - http://www.openvas.org:
12817| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12818| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12819| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12820| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12821| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12822| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12823| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12824| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12825| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12826| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12827| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12828| [900571] Apache APR-Utils Version Detection
12829| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12830| [900496] Apache Tiles Multiple XSS Vulnerability
12831| [900493] Apache Tiles Version Detection
12832| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12833| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12834| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12835| [870175] RedHat Update for apache RHSA-2008:0004-01
12836| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12837| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12838| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12839| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12840| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12841| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12842| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12843| [855821] Solaris Update for Apache 1.3 122912-19
12844| [855812] Solaris Update for Apache 1.3 122911-19
12845| [855737] Solaris Update for Apache 1.3 122911-17
12846| [855731] Solaris Update for Apache 1.3 122912-17
12847| [855695] Solaris Update for Apache 1.3 122911-16
12848| [855645] Solaris Update for Apache 1.3 122912-16
12849| [855587] Solaris Update for kernel update and Apache 108529-29
12850| [855566] Solaris Update for Apache 116973-07
12851| [855531] Solaris Update for Apache 116974-07
12852| [855524] Solaris Update for Apache 2 120544-14
12853| [855494] Solaris Update for Apache 1.3 122911-15
12854| [855478] Solaris Update for Apache Security 114145-11
12855| [855472] Solaris Update for Apache Security 113146-12
12856| [855179] Solaris Update for Apache 1.3 122912-15
12857| [855147] Solaris Update for kernel update and Apache 108528-29
12858| [855077] Solaris Update for Apache 2 120543-14
12859| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12860| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12861| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12862| [841209] Ubuntu Update for apache2 USN-1627-1
12863| [840900] Ubuntu Update for apache2 USN-1368-1
12864| [840798] Ubuntu Update for apache2 USN-1259-1
12865| [840734] Ubuntu Update for apache2 USN-1199-1
12866| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12867| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12868| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12869| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12870| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12871| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12872| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12873| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12874| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12875| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12876| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12877| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12878| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12879| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12880| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12881| [835188] HP-UX Update for Apache HPSBUX02308
12882| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12883| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12884| [835172] HP-UX Update for Apache HPSBUX02365
12885| [835168] HP-UX Update for Apache HPSBUX02313
12886| [835148] HP-UX Update for Apache HPSBUX01064
12887| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12888| [835131] HP-UX Update for Apache HPSBUX00256
12889| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12890| [835104] HP-UX Update for Apache HPSBUX00224
12891| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12892| [835101] HP-UX Update for Apache HPSBUX01232
12893| [835080] HP-UX Update for Apache HPSBUX02273
12894| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12895| [835044] HP-UX Update for Apache HPSBUX01019
12896| [835040] HP-UX Update for Apache PHP HPSBUX00207
12897| [835025] HP-UX Update for Apache HPSBUX00197
12898| [835023] HP-UX Update for Apache HPSBUX01022
12899| [835022] HP-UX Update for Apache HPSBUX02292
12900| [835005] HP-UX Update for Apache HPSBUX02262
12901| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12902| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12903| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12904| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12905| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12906| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12907| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12908| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12909| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12910| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12911| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12912| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12913| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12914| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12915| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12916| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12917| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12918| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12919| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12920| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12921| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12922| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12923| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12924| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12925| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12926| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12927| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12928| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12929| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12930| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12931| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12932| [801942] Apache Archiva Multiple Vulnerabilities
12933| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12934| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12935| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12936| [801284] Apache Derby Information Disclosure Vulnerability
12937| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12938| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12939| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12940| [800680] Apache APR Version Detection
12941| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12942| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12943| [800677] Apache Roller Version Detection
12944| [800279] Apache mod_jk Module Version Detection
12945| [800278] Apache Struts Cross Site Scripting Vulnerability
12946| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12947| [800276] Apache Struts Version Detection
12948| [800271] Apache Struts Directory Traversal Vulnerability
12949| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12950| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12951| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12952| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12953| [103074] Apache Continuum Cross Site Scripting Vulnerability
12954| [103073] Apache Continuum Detection
12955| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12956| [101023] Apache Open For Business Weak Password security check
12957| [101020] Apache Open For Business HTML injection vulnerability
12958| [101019] Apache Open For Business service detection
12959| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12960| [100923] Apache Archiva Detection
12961| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12962| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12963| [100813] Apache Axis2 Detection
12964| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12965| [100795] Apache Derby Detection
12966| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12967| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12968| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12969| [100514] Apache Multiple Security Vulnerabilities
12970| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12971| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12972| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12973| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12974| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12975| [72612] FreeBSD Ports: apache22
12976| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12977| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12978| [71512] FreeBSD Ports: apache
12979| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12980| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12981| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12982| [70737] FreeBSD Ports: apache
12983| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12984| [70600] FreeBSD Ports: apache
12985| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12986| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12987| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12988| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12989| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12990| [67868] FreeBSD Ports: apache
12991| [66816] FreeBSD Ports: apache
12992| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12993| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12994| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12995| [66081] SLES11: Security update for Apache 2
12996| [66074] SLES10: Security update for Apache 2
12997| [66070] SLES9: Security update for Apache 2
12998| [65998] SLES10: Security update for apache2-mod_python
12999| [65893] SLES10: Security update for Apache 2
13000| [65888] SLES10: Security update for Apache 2
13001| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
13002| [65510] SLES9: Security update for Apache 2
13003| [65472] SLES9: Security update for Apache
13004| [65467] SLES9: Security update for Apache
13005| [65450] SLES9: Security update for apache2
13006| [65390] SLES9: Security update for Apache2
13007| [65363] SLES9: Security update for Apache2
13008| [65309] SLES9: Security update for Apache and mod_ssl
13009| [65296] SLES9: Security update for webdav apache module
13010| [65283] SLES9: Security update for Apache2
13011| [65249] SLES9: Security update for Apache 2
13012| [65230] SLES9: Security update for Apache 2
13013| [65228] SLES9: Security update for Apache 2
13014| [65212] SLES9: Security update for apache2-mod_python
13015| [65209] SLES9: Security update for apache2-worker
13016| [65207] SLES9: Security update for Apache 2
13017| [65168] SLES9: Security update for apache2-mod_python
13018| [65142] SLES9: Security update for Apache2
13019| [65136] SLES9: Security update for Apache 2
13020| [65132] SLES9: Security update for apache
13021| [65131] SLES9: Security update for Apache 2 oes/CORE
13022| [65113] SLES9: Security update for apache2
13023| [65072] SLES9: Security update for apache and mod_ssl
13024| [65017] SLES9: Security update for Apache 2
13025| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
13026| [64783] FreeBSD Ports: apache
13027| [64774] Ubuntu USN-802-2 (apache2)
13028| [64653] Ubuntu USN-813-2 (apache2)
13029| [64559] Debian Security Advisory DSA 1834-2 (apache2)
13030| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
13031| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
13032| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
13033| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
13034| [64443] Ubuntu USN-802-1 (apache2)
13035| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
13036| [64423] Debian Security Advisory DSA 1834-1 (apache2)
13037| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
13038| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
13039| [64251] Debian Security Advisory DSA 1816-1 (apache2)
13040| [64201] Ubuntu USN-787-1 (apache2)
13041| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
13042| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
13043| [63565] FreeBSD Ports: apache
13044| [63562] Ubuntu USN-731-1 (apache2)
13045| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
13046| [61185] FreeBSD Ports: apache
13047| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
13048| [60387] Slackware Advisory SSA:2008-045-02 apache
13049| [58826] FreeBSD Ports: apache-tomcat
13050| [58825] FreeBSD Ports: apache-tomcat
13051| [58804] FreeBSD Ports: apache
13052| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
13053| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
13054| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
13055| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
13056| [57335] Debian Security Advisory DSA 1167-1 (apache)
13057| [57201] Debian Security Advisory DSA 1131-1 (apache)
13058| [57200] Debian Security Advisory DSA 1132-1 (apache2)
13059| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
13060| [57145] FreeBSD Ports: apache
13061| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
13062| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
13063| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
13064| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
13065| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
13066| [56067] FreeBSD Ports: apache
13067| [55803] Slackware Advisory SSA:2005-310-04 apache
13068| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13069| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13070| [55355] FreeBSD Ports: apache
13071| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13072| [55261] Debian Security Advisory DSA 805-1 (apache2)
13073| [55259] Debian Security Advisory DSA 803-1 (apache)
13074| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13075| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13076| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13077| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13078| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13079| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13080| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13081| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13082| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13083| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13084| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13085| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13086| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13087| [54439] FreeBSD Ports: apache
13088| [53931] Slackware Advisory SSA:2004-133-01 apache
13089| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
13090| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
13091| [53878] Slackware Advisory SSA:2003-308-01 apache security update
13092| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13093| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13094| [53848] Debian Security Advisory DSA 131-1 (apache)
13095| [53784] Debian Security Advisory DSA 021-1 (apache)
13096| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13097| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13098| [53735] Debian Security Advisory DSA 187-1 (apache)
13099| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13100| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13101| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13102| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13103| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13104| [53282] Debian Security Advisory DSA 594-1 (apache)
13105| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13106| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13107| [53215] Debian Security Advisory DSA 525-1 (apache)
13108| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13109| [52529] FreeBSD Ports: apache+ssl
13110| [52501] FreeBSD Ports: apache
13111| [52461] FreeBSD Ports: apache
13112| [52390] FreeBSD Ports: apache
13113| [52389] FreeBSD Ports: apache
13114| [52388] FreeBSD Ports: apache
13115| [52383] FreeBSD Ports: apache
13116| [52339] FreeBSD Ports: apache+mod_ssl
13117| [52331] FreeBSD Ports: apache
13118| [52329] FreeBSD Ports: ru-apache+mod_ssl
13119| [52314] FreeBSD Ports: apache
13120| [52310] FreeBSD Ports: apache
13121| [15588] Detect Apache HTTPS
13122| [15555] Apache mod_proxy content-length buffer overflow
13123| [15554] Apache mod_include priviledge escalation
13124| [14771] Apache <= 1.3.33 htpasswd local overflow
13125| [14177] Apache mod_access rule bypass
13126| [13644] Apache mod_rootme Backdoor
13127| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13128| [12280] Apache Connection Blocking Denial of Service
13129| [12239] Apache Error Log Escape Sequence Injection
13130| [12123] Apache Tomcat source.jsp malformed request information disclosure
13131| [12085] Apache Tomcat servlet/JSP container default files
13132| [11438] Apache Tomcat Directory Listing and File disclosure
13133| [11204] Apache Tomcat Default Accounts
13134| [11092] Apache 2.0.39 Win32 directory traversal
13135| [11046] Apache Tomcat TroubleShooter Servlet Installed
13136| [11042] Apache Tomcat DOS Device Name XSS
13137| [11041] Apache Tomcat /servlet Cross Site Scripting
13138| [10938] Apache Remote Command Execution via .bat files
13139| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13140| [10773] MacOS X Finder reveals contents of Apache Web files
13141| [10766] Apache UserDir Sensitive Information Disclosure
13142| [10756] MacOS X Finder reveals contents of Apache Web directories
13143| [10752] Apache Auth Module SQL Insertion Attack
13144| [10704] Apache Directory Listing
13145| [10678] Apache /server-info accessible
13146| [10677] Apache /server-status accessible
13147| [10440] Check for Apache Multiple / vulnerability
13148|
13149| SecurityTracker - https://www.securitytracker.com:
13150| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13151| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13152| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13153| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13154| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13155| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13156| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13157| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13158| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13159| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13160| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13161| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13162| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13163| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13164| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13165| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13166| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13167| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13168| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13169| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13170| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13171| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13172| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13173| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13174| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13175| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13176| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13177| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13178| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13179| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13180| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13181| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13182| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13183| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13184| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13185| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13186| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13187| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13188| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13189| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13190| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13191| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13192| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13193| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13194| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13195| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13196| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13197| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13198| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13199| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13200| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13201| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13202| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13203| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13204| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13205| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13206| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13207| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13208| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13209| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13210| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13211| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13212| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13213| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13214| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13215| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13216| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13217| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13218| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13219| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13220| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13221| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13222| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13223| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13224| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13225| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13226| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13227| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13228| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13229| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13230| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13231| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13232| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13233| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13234| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13235| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13236| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13237| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13238| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13239| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13240| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13241| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13242| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13243| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13244| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13245| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13246| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13247| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13248| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13249| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13250| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13251| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13252| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13253| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13254| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13255| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13256| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13257| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13258| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13259| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13260| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13261| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13262| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13263| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13264| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13265| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13266| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13267| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13268| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13269| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13270| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13271| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13272| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13273| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13274| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13275| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13276| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13277| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13278| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13279| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13280| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13281| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13282| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13283| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13284| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13285| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13286| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13287| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13288| [1008920] Apache mod_digest May Validate Replayed Client Responses
13289| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13290| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13291| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13292| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13293| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13294| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13295| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13296| [1008029] Apache mod_alias Contains a Buffer Overflow
13297| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13298| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13299| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13300| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13301| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13302| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13303| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13304| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13305| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13306| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13307| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13308| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13309| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13310| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13311| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13312| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13313| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13314| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13315| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13316| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13317| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13318| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13319| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13320| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13321| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13322| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13323| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13324| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13325| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13326| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13327| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13328| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13329| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13330| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13331| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13332| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13333| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13334| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13335| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13336| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13337| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13338| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13339| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13340| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13341| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13342| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13343| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13344| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13345| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13346| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13347| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13348| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13349| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13350| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13351| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13352| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13353|
13354| OSVDB - http://www.osvdb.org:
13355| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13356| [96077] Apache CloudStack Global Settings Multiple Field XSS
13357| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13358| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13359| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13360| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13361| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13362| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13363| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13364| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13365| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13366| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13367| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13368| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13369| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13370| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13371| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13372| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13373| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13374| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13375| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13376| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13377| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13378| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13379| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13380| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13381| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13382| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13383| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13384| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13385| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13386| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13387| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13388| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13389| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13390| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13391| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13392| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13393| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13394| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13395| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13396| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13397| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13398| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13399| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13400| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13401| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13402| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13403| [94279] Apache Qpid CA Certificate Validation Bypass
13404| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13405| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13406| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13407| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13408| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13409| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13410| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13411| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13412| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13413| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13414| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13415| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13416| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13417| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13418| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13419| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13420| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13421| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13422| [93541] Apache Solr json.wrf Callback XSS
13423| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13424| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13425| [93520] Apache CloudStack Default SSL Key Weakness
13426| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13427| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13428| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13429| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13430| [93515] Apache HBase table.jsp name Parameter XSS
13431| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13432| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13433| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13434| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13435| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13436| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13437| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13438| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13439| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13440| [93252] Apache Tomcat FORM Authenticator Session Fixation
13441| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13442| [93171] Apache Sling HtmlResponse Error Message XSS
13443| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13444| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13445| [93168] Apache Click ErrorReport.java id Parameter XSS
13446| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13447| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13448| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13449| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13450| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13451| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13452| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13453| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13454| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13455| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13456| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13457| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13458| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13459| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13460| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13461| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13462| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13463| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13464| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13465| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13466| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13467| [93144] Apache Solr Admin Command Execution CSRF
13468| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13469| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13470| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13471| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13472| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13473| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13474| [92748] Apache CloudStack VM Console Access Restriction Bypass
13475| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13476| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13477| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13478| [92706] Apache ActiveMQ Debug Log Rendering XSS
13479| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13480| [92270] Apache Tomcat Unspecified CSRF
13481| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13482| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13483| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13484| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13485| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13486| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13487| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13488| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13489| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13490| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13491| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13492| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13493| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13494| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13495| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13496| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13497| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13498| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13499| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13500| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13501| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13502| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13503| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13504| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13505| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13506| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13507| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13508| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13509| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13510| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13511| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13512| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13513| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13514| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13515| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13516| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13517| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13518| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13519| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13520| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13521| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13522| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13523| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13524| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13525| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13526| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13527| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13528| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13529| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13530| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13531| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13532| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13533| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13534| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13535| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13536| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13537| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13538| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13539| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
13540| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
13541| [86901] Apache Tomcat Error Message Path Disclosure
13542| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
13543| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
13544| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
13545| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
13546| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
13547| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
13548| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
13549| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
13550| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
13551| [85430] Apache mod_pagespeed Module Unspecified XSS
13552| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
13553| [85249] Apache Wicket Unspecified XSS
13554| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
13555| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
13556| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
13557| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
13558| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
13559| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
13560| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
13561| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
13562| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
13563| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
13564| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
13565| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
13566| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
13567| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
13568| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
13569| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
13570| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
13571| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
13572| [83339] Apache Roller Blogger Roll Unspecified XSS
13573| [83270] Apache Roller Unspecified Admin Action CSRF
13574| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
13575| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
13576| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
13577| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
13578| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
13579| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
13580| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
13581| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
13582| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
13583| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
13584| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
13585| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
13586| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
13587| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
13588| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
13589| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
13590| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
13591| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
13592| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
13593| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
13594| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
13595| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
13596| [80300] Apache Wicket wicket:pageMapName Parameter XSS
13597| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
13598| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
13599| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
13600| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
13601| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
13602| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
13603| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
13604| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
13605| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
13606| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
13607| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
13608| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
13609| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
13610| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13611| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13612| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13613| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13614| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13615| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13616| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13617| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13618| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13619| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13620| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13621| [77593] Apache Struts Conversion Error OGNL Expression Injection
13622| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13623| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13624| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13625| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13626| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13627| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13628| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13629| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13630| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13631| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13632| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13633| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13634| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13635| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13636| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13637| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13638| [74725] Apache Wicket Multi Window Support Unspecified XSS
13639| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13640| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13641| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13642| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13643| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13644| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13645| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13646| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13647| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13648| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13649| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13650| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13651| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13652| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13653| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13654| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13655| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13656| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13657| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13658| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13659| [73154] Apache Archiva Multiple Unspecified CSRF
13660| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13661| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13662| [72238] Apache Struts Action / Method Names <
13663| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13664| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13665| [71557] Apache Tomcat HTML Manager Multiple XSS
13666| [71075] Apache Archiva User Management Page XSS
13667| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13668| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13669| [70924] Apache Continuum Multiple Admin Function CSRF
13670| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13671| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13672| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13673| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13674| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13675| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13676| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13677| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13678| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13679| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13680| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13681| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13682| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13683| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13684| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13685| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13686| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13687| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13688| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13689| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13690| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13691| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13692| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13693| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13694| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13695| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13696| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13697| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13698| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13699| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13700| [65054] Apache ActiveMQ Jetty Error Handler XSS
13701| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13702| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13703| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13704| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13705| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13706| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13707| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13708| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13709| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13710| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13711| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13712| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13713| [63895] Apache HTTP Server mod_headers Unspecified Issue
13714| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13715| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13716| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13717| [63140] Apache Thrift Service Malformed Data Remote DoS
13718| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13719| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13720| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13721| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13722| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13723| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13724| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13725| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13726| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13727| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13728| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13729| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13730| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13731| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13732| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13733| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13734| [60678] Apache Roller Comment Email Notification Manipulation DoS
13735| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13736| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13737| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13738| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13739| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13740| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13741| [60232] PHP on Apache php.exe Direct Request Remote DoS
13742| [60176] Apache Tomcat Windows Installer Admin Default Password
13743| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13744| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13745| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13746| [59944] Apache Hadoop jobhistory.jsp XSS
13747| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13748| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13749| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13750| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13751| [59019] Apache mod_python Cookie Salting Weakness
13752| [59018] Apache Harmony Error Message Handling Overflow
13753| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13754| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13755| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13756| [59010] Apache Solr get-file.jsp XSS
13757| [59009] Apache Solr action.jsp XSS
13758| [59008] Apache Solr analysis.jsp XSS
13759| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13760| [59006] Apache Beehive select / checkbox Tag XSS
13761| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13762| [59004] Apache Beehive Error Message XSS
13763| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13764| [59002] Apache Jetspeed default-page.psml URI XSS
13765| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13766| [59000] Apache CXF Unsigned Message Policy Bypass
13767| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13768| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13769| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13770| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13771| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13772| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13773| [58993] Apache Hadoop browseBlock.jsp XSS
13774| [58991] Apache Hadoop browseDirectory.jsp XSS
13775| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13776| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13777| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13778| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13779| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13780| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13781| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13782| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13783| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13784| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13785| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13786| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13787| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13788| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13789| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13790| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13791| [58974] Apache Sling /apps Script User Session Management Access Weakness
13792| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13793| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13794| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13795| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13796| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13797| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13798| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13799| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13800| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13801| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13802| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13803| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13804| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13805| [58805] Apache Derby Unauthenticated Database / Admin Access
13806| [58804] Apache Wicket Header Contribution Unspecified Issue
13807| [58803] Apache Wicket Session Fixation
13808| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13809| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13810| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13811| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13812| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13813| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13814| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13815| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13816| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13817| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13818| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13819| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13820| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13821| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13822| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13823| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13824| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13825| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13826| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13827| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13828| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13829| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13830| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13831| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13832| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13833| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13834| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13835| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13836| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13837| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13838| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13839| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13840| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13841| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13842| [58755] Apache Harmony DRLVM Non-public Class Member Access
13843| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13844| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13845| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13846| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13847| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13848| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13849| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13850| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13851| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13852| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13853| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13854| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13855| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13856| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13857| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13858| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13859| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13860| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13861| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13862| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13863| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13864| [58724] Apache Roller Logout Functionality Failure Session Persistence
13865| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13866| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13867| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13868| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13869| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13870| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13871| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13872| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13873| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13874| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13875| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13876| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13877| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13878| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13879| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13880| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13881| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13882| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13883| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13884| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13885| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13886| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13887| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13888| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13889| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13890| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13891| [58687] Apache Axis Invalid wsdl Request XSS
13892| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13893| [58685] Apache Velocity Template Designer Privileged Code Execution
13894| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13895| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13896| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13897| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13898| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13899| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13900| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13901| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13902| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13903| [58667] Apache Roller Database Cleartext Passwords Disclosure
13904| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13905| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13906| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13907| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13908| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13909| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13910| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13911| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13912| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13913| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13914| [56984] Apache Xerces2 Java Malformed XML Input DoS
13915| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13916| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13917| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13918| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13919| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13920| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13921| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13922| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13923| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13924| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13925| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13926| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13927| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13928| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13929| [55056] Apache Tomcat Cross-application TLD File Manipulation
13930| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13931| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13932| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13933| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13934| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13935| [54589] Apache Jserv Nonexistent JSP Request XSS
13936| [54122] Apache Struts s:a / s:url Tag href Element XSS
13937| [54093] Apache ActiveMQ Web Console JMS Message XSS
13938| [53932] Apache Geronimo Multiple Admin Function CSRF
13939| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13940| [53930] Apache Geronimo /console/portal/ URI XSS
13941| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13942| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13943| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13944| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13945| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13946| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13947| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13948| [53380] Apache Struts Unspecified XSS
13949| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13950| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13951| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13952| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13953| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13954| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13955| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13956| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13957| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13958| [51151] Apache Roller Search Function q Parameter XSS
13959| [50482] PHP with Apache php_value Order Unspecified Issue
13960| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13961| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13962| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13963| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13964| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13965| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13966| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13967| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13968| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13969| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13970| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13971| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13972| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13973| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13974| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13975| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13976| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13977| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13978| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13979| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13980| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13981| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13982| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13983| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13984| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13985| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13986| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13987| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13988| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13989| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13990| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13991| [43452] Apache Tomcat HTTP Request Smuggling
13992| [43309] Apache Geronimo LoginModule Login Method Bypass
13993| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13994| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13995| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13996| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13997| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13998| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13999| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
14000| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
14001| [42091] Apache Maven Site Plugin Installation Permission Weakness
14002| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
14003| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
14004| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
14005| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
14006| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
14007| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
14008| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
14009| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
14010| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
14011| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
14012| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
14013| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
14014| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
14015| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
14016| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
14017| [40262] Apache HTTP Server mod_status refresh XSS
14018| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
14019| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
14020| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
14021| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
14022| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
14023| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
14024| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
14025| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
14026| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
14027| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
14028| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
14029| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
14030| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
14031| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
14032| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
14033| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
14034| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
14035| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
14036| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
14037| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
14038| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
14039| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
14040| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
14041| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
14042| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
14043| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
14044| [36080] Apache Tomcat JSP Examples Crafted URI XSS
14045| [36079] Apache Tomcat Manager Uploaded Filename XSS
14046| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
14047| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
14048| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
14049| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
14050| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
14051| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
14052| [34881] Apache Tomcat Malformed Accept-Language Header XSS
14053| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
14054| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
14055| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14056| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
14057| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
14058| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
14059| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
14060| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
14061| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
14062| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
14063| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
14064| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
14065| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
14066| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14067| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14068| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14069| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14070| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14071| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14072| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14073| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14074| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14075| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14076| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14077| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14078| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14079| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14080| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14081| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14082| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14083| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14084| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14085| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14086| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14087| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14088| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14089| [24365] Apache Struts Multiple Function Error Message XSS
14090| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14091| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14092| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14093| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14094| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14095| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14096| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14097| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14098| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14099| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14100| [22459] Apache Geronimo Error Page XSS
14101| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14102| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14103| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14104| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14105| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14106| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14107| [21021] Apache Struts Error Message XSS
14108| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14109| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14110| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14111| [20439] Apache Tomcat Directory Listing Saturation DoS
14112| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14113| [20285] Apache HTTP Server Log File Control Character Injection
14114| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14115| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14116| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14117| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14118| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14119| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14120| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14121| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14122| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14123| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14124| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14125| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14126| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14127| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14128| [18233] Apache HTTP Server htdigest user Variable Overfow
14129| [17738] Apache HTTP Server HTTP Request Smuggling
14130| [16586] Apache HTTP Server Win32 GET Overflow DoS
14131| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14132| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14133| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14134| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14135| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14136| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14137| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14138| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14139| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14140| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14141| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14142| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14143| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14144| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14145| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14146| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14147| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14148| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14149| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14150| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14151| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14152| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14153| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14154| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14155| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14156| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14157| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14158| [13304] Apache Tomcat realPath.jsp Path Disclosure
14159| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14160| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14161| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14162| [12848] Apache HTTP Server htdigest realm Variable Overflow
14163| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14164| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14165| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14166| [12557] Apache HTTP Server prefork MPM accept Error DoS
14167| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14168| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14169| [12231] Apache Tomcat web.xml Arbitrary File Access
14170| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14171| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14172| [12178] Apache Jakarta Lucene results.jsp XSS
14173| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14174| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14175| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14176| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14177| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14178| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14179| [10471] Apache Xerces-C++ XML Parser DoS
14180| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14181| [10068] Apache HTTP Server htpasswd Local Overflow
14182| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14183| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14184| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14185| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14186| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14187| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14188| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14189| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14190| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14191| [9714] Apache Authentication Module Threaded MPM DoS
14192| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14193| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14194| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14195| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14196| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14197| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14198| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14199| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14200| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14201| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14202| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14203| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14204| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14205| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14206| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14207| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14208| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14209| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14210| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14211| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14212| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14213| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14214| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14215| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14216| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14217| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14218| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14219| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14220| [9208] Apache Tomcat .jsp Encoded Newline XSS
14221| [9204] Apache Tomcat ROOT Application XSS
14222| [9203] Apache Tomcat examples Application XSS
14223| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14224| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14225| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14226| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14227| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14228| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14229| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14230| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14231| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14232| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14233| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14234| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14235| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14236| [7611] Apache HTTP Server mod_alias Local Overflow
14237| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14238| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14239| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14240| [6882] Apache mod_python Malformed Query String Variant DoS
14241| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14242| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14243| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14244| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14245| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14246| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14247| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14248| [5278] Apache Tomcat web.xml Restriction Bypass
14249| [5051] Apache Tomcat Null Character DoS
14250| [4973] Apache Tomcat servlet Mapping XSS
14251| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14252| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14253| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14254| [4568] mod_survey For Apache ENV Tags SQL Injection
14255| [4553] Apache HTTP Server ApacheBench Overflow DoS
14256| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14257| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14258| [4383] Apache HTTP Server Socket Race Condition DoS
14259| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14260| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14261| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14262| [4231] Apache Cocoon Error Page Server Path Disclosure
14263| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14264| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14265| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14266| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14267| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14268| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14269| [3322] mod_php for Apache HTTP Server Process Hijack
14270| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14271| [2885] Apache mod_python Malformed Query String DoS
14272| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14273| [2733] Apache HTTP Server mod_rewrite Local Overflow
14274| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14275| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14276| [2149] Apache::Gallery Privilege Escalation
14277| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14278| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14279| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14280| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14281| [872] Apache Tomcat Multiple Default Accounts
14282| [862] Apache HTTP Server SSI Error Page XSS
14283| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14284| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14285| [845] Apache Tomcat MSDOS Device XSS
14286| [844] Apache Tomcat Java Servlet Error Page XSS
14287| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14288| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14289| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14290| [775] Apache mod_python Module Importing Privilege Function Execution
14291| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14292| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14293| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14294| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14295| [637] Apache HTTP Server UserDir Directive Username Enumeration
14296| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14297| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14298| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14299| [561] Apache Web Servers mod_status /server-status Information Disclosure
14300| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14301| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14302| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14303| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14304| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14305| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14306| [376] Apache Tomcat contextAdmin Arbitrary File Access
14307| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14308| [222] Apache HTTP Server test-cgi Arbitrary File Access
14309| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14310| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14311|_
14312465/tcp open ssl/smtp Exim smtpd 4.92
14313| vulscan: VulDB - https://vuldb.com:
14314| [141327] Exim up to 4.92.1 Backslash privilege escalation
14315| [138827] Exim up to 4.92 Expansion Code Execution
14316| [135932] Exim up to 4.92 privilege escalation
14317| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14318|
14319| MITRE CVE - https://cve.mitre.org:
14320| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14321| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14322| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14323| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14324| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14325| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14326| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14327| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14328| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14329| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14330| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14331| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14332| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14333| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14334| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14335| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14336|
14337| SecurityFocus - https://www.securityfocus.com/bid/:
14338| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14339| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14340| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14341| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14342| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14343| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14344| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14345| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14346| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14347| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14348| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14349| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14350| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14351| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14352| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14353| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14354| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14355| [17110] sa-exim Unauthorized File Access Vulnerability
14356| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14357| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14358| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14359| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14360| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14361| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14362| [6314] Exim Internet Mailer Format String Vulnerability
14363| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14364| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14365| [2828] Exim Format String Vulnerability
14366| [1859] Exim Buffer Overflow Vulnerability
14367|
14368| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14369| [84758] Exim sender_address parameter command execution
14370| [84015] Exim command execution
14371| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14372| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14373| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14374| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14375| [67455] Exim DKIM processing code execution
14376| [67299] Exim dkim_exim_verify_finish() format string
14377| [65028] Exim open_log privilege escalation
14378| [63967] Exim config file privilege escalation
14379| [63960] Exim header buffer overflow
14380| [59043] Exim mail directory privilege escalation
14381| [59042] Exim MBX symlink
14382| [52922] ikiwiki teximg plugin information disclosure
14383| [34265] Exim spamd buffer overflow
14384| [25286] Sa-exim greylistclean.cron file deletion
14385| [22687] RHSA-2005:025 updates for exim not installed
14386| [18901] Exim dns_build_reverse buffer overflow
14387| [18764] Exim spa_base64_to_bits function buffer overflow
14388| [18763] Exim host_aton buffer overflow
14389| [16079] Exim require_verify buffer overflow
14390| [16077] Exim header_check_syntax buffer overflow
14391| [16075] Exim sender_verify buffer overflow
14392| [13067] Exim HELO or EHLO command heap overflow
14393| [10761] Exim daemon.c format string
14394| [8194] Exim configuration file -c command-line argument buffer overflow
14395| [7738] Exim allows attacker to hide commands in localhost names using pipes
14396| [6671] Exim "
14397| [1893] Exim MTA allows local users to gain root privileges
14398|
14399| Exploit-DB - https://www.exploit-db.com:
14400| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14401| [15725] Exim 4.63 Remote Root Exploit
14402| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14403| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14404| [796] Exim <= 4.42 Local Root Exploit
14405| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14406|
14407| OpenVAS (Nessus) - http://www.openvas.org:
14408| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14409|
14410| SecurityTracker - https://www.securitytracker.com:
14411| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14412| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14413| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14414| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14415| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14416| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14417| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14418| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14419| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14420| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14421| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14422| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14423|
14424| OSVDB - http://www.osvdb.org:
14425| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14426| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14427| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14428| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14429| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14430| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14431| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14432| [70696] Exim log.c open_log() Function Local Privilege Escalation
14433| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14434| [69685] Exim string_format Function Remote Overflow
14435| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14436| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14437| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14438| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14439| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14440| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14441| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14442| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14443| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14444| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14445| [10032] libXpm CreateXImage Function Integer Overflow
14446| [7160] Exim .forward :include: Option Privilege Escalation
14447| [6479] Vexim COOKIE Authentication Credential Disclosure
14448| [6478] Vexim Multiple Parameter SQL Injection
14449| [5930] Exim Parenthesis File Name Filter Bypass
14450| [5897] Exim header_syntax Function Remote Overflow
14451| [5896] Exim sender_verify Function Remote Overflow
14452| [5530] Exim Localhost Name Arbitrary Command Execution
14453| [5330] Exim Configuration File Variable Overflow
14454| [1855] Exim Batched SMTP Mail Header Format String
14455|_
14456587/tcp open smtp Exim smtpd 4.92
14457| vulscan: VulDB - https://vuldb.com:
14458| [141327] Exim up to 4.92.1 Backslash privilege escalation
14459| [138827] Exim up to 4.92 Expansion Code Execution
14460| [135932] Exim up to 4.92 privilege escalation
14461| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14462|
14463| MITRE CVE - https://cve.mitre.org:
14464| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14465| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14466| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14467| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14468| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14469| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14470| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14471| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14472| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14473| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14474| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14475| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14476| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14477| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14478| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14479| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14480|
14481| SecurityFocus - https://www.securityfocus.com/bid/:
14482| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14483| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14484| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14485| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14486| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14487| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14488| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14489| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14490| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14491| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14492| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14493| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14494| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14495| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14496| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14497| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14498| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14499| [17110] sa-exim Unauthorized File Access Vulnerability
14500| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14501| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14502| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14503| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14504| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14505| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14506| [6314] Exim Internet Mailer Format String Vulnerability
14507| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14508| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14509| [2828] Exim Format String Vulnerability
14510| [1859] Exim Buffer Overflow Vulnerability
14511|
14512| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14513| [84758] Exim sender_address parameter command execution
14514| [84015] Exim command execution
14515| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14516| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14517| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14518| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14519| [67455] Exim DKIM processing code execution
14520| [67299] Exim dkim_exim_verify_finish() format string
14521| [65028] Exim open_log privilege escalation
14522| [63967] Exim config file privilege escalation
14523| [63960] Exim header buffer overflow
14524| [59043] Exim mail directory privilege escalation
14525| [59042] Exim MBX symlink
14526| [52922] ikiwiki teximg plugin information disclosure
14527| [34265] Exim spamd buffer overflow
14528| [25286] Sa-exim greylistclean.cron file deletion
14529| [22687] RHSA-2005:025 updates for exim not installed
14530| [18901] Exim dns_build_reverse buffer overflow
14531| [18764] Exim spa_base64_to_bits function buffer overflow
14532| [18763] Exim host_aton buffer overflow
14533| [16079] Exim require_verify buffer overflow
14534| [16077] Exim header_check_syntax buffer overflow
14535| [16075] Exim sender_verify buffer overflow
14536| [13067] Exim HELO or EHLO command heap overflow
14537| [10761] Exim daemon.c format string
14538| [8194] Exim configuration file -c command-line argument buffer overflow
14539| [7738] Exim allows attacker to hide commands in localhost names using pipes
14540| [6671] Exim "
14541| [1893] Exim MTA allows local users to gain root privileges
14542|
14543| Exploit-DB - https://www.exploit-db.com:
14544| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14545| [15725] Exim 4.63 Remote Root Exploit
14546| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14547| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14548| [796] Exim <= 4.42 Local Root Exploit
14549| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14550|
14551| OpenVAS (Nessus) - http://www.openvas.org:
14552| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14553|
14554| SecurityTracker - https://www.securitytracker.com:
14555| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14556| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14557| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14558| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14559| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14560| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14561| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14562| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14563| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14564| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14565| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14566| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14567|
14568| OSVDB - http://www.osvdb.org:
14569| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14570| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14571| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14572| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14573| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14574| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14575| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14576| [70696] Exim log.c open_log() Function Local Privilege Escalation
14577| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14578| [69685] Exim string_format Function Remote Overflow
14579| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14580| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14581| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14582| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14583| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14584| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14585| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14586| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14587| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14588| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14589| [10032] libXpm CreateXImage Function Integer Overflow
14590| [7160] Exim .forward :include: Option Privilege Escalation
14591| [6479] Vexim COOKIE Authentication Credential Disclosure
14592| [6478] Vexim Multiple Parameter SQL Injection
14593| [5930] Exim Parenthesis File Name Filter Bypass
14594| [5897] Exim header_syntax Function Remote Overflow
14595| [5896] Exim sender_verify Function Remote Overflow
14596| [5530] Exim Localhost Name Arbitrary Command Execution
14597| [5330] Exim Configuration File Variable Overflow
14598| [1855] Exim Batched SMTP Mail Header Format String
14599|_
14600993/tcp open ssl/imap Dovecot imapd
14601| vulscan: VulDB - https://vuldb.com:
14602| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
14603| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
14604| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
14605| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
14606| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
14607| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
14608| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
14609| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
14610| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
14611| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
14612| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
14613| [69835] Dovecot 2.2.0/2.2.1 denial of service
14614| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
14615| [65684] Dovecot up to 2.2.6 unknown vulnerability
14616| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
14617| [63692] Dovecot up to 2.0.15 spoofing
14618| [7062] Dovecot 2.1.10 mail-search.c denial of service
14619| [59792] Cyrus IMAPd 2.4.11 weak authentication
14620| [57517] Dovecot up to 2.0.12 Login directory traversal
14621| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
14622| [57515] Dovecot up to 2.0.12 Crash denial of service
14623| [54944] Dovecot up to 1.2.14 denial of service
14624| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
14625| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
14626| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
14627| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
14628| [53277] Dovecot up to 1.2.10 denial of service
14629| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
14630| [45256] Dovecot up to 1.1.5 directory traversal
14631| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
14632| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
14633| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
14634| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
14635| [40356] Dovecot 1.0.9 Cache unknown vulnerability
14636| [38222] Dovecot 1.0.2 directory traversal
14637| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
14638| [36376] Dovecot up to 1.0.x directory traversal
14639| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
14640| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
14641|
14642| MITRE CVE - https://cve.mitre.org:
14643| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
14644| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
14645| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
14646| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
14647| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
14648| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
14649| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
14650| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
14651| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
14652| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
14653| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
14654| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
14655| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
14656| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
14657| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
14658| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
14659| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
14660| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
14661| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
14662| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
14663| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
14664| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
14665| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
14666| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
14667| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
14668| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
14669| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
14670| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
14671| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
14672| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
14673| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
14674| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
14675| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
14676| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
14677| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
14678| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
14679| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
14680| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
14681| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
14682| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
14683| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
14684| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
14685| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
14686| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
14687| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
14688| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
14689| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
14690| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
14691| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
14692| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
14693| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
14694| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
14695| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
14696| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
14697| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
14698| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
14699| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
14700| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
14701| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
14702|
14703| SecurityFocus - https://www.securityfocus.com/bid/:
14704| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
14705| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
14706| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
14707| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
14708| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
14709| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
14710| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
14711| [67306] Dovecot Denial of Service Vulnerability
14712| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
14713| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
14714| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
14715| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14716| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
14717| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
14718| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
14719| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
14720| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
14721| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
14722| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
14723| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
14724| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
14725| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
14726| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
14727| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
14728| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
14729| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
14730| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
14731| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
14732| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
14733| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
14734| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
14735| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
14736| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
14737| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
14738| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
14739| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
14740| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
14741| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
14742| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
14743| [17961] Dovecot Remote Information Disclosure Vulnerability
14744| [16672] Dovecot Double Free Denial of Service Vulnerability
14745| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
14746| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
14747| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
14748| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
14749| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
14750| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
14751| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
14752| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
14753| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
14754| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
14755| [130] imapd Buffer Overflow Vulnerability
14756|
14757| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14758| [86382] Dovecot POP3 Service denial of service
14759| [84396] Dovecot IMAP APPEND denial of service
14760| [80453] Dovecot mail-search.c denial of service
14761| [71354] Dovecot SSL Common Name (CN) weak security
14762| [70325] Cyrus IMAPd NNTP security bypass
14763| [67675] Dovecot script-login security bypass
14764| [67674] Dovecot script-login directory traversal
14765| [67589] Dovecot header name denial of service
14766| [63267] Apple Mac OS X Dovecot information disclosure
14767| [62340] Dovecot mailbox security bypass
14768| [62339] Dovecot IMAP or POP3 denial of service
14769| [62256] Dovecot mailbox security bypass
14770| [62255] Dovecot ACL entry security bypass
14771| [60639] Dovecot ACL plugin weak security
14772| [57267] Apple Mac OS X Dovecot Kerberos security bypass
14773| [56763] Dovecot header denial of service
14774| [54363] Dovecot base_dir privilege escalation
14775| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
14776| [47526] UW-imapd rfc822_output_char() denial of service
14777| [46323] Dovecot dovecot.conf information disclosure
14778| [46227] Dovecot message parsing denial of service
14779| [45669] Dovecot ACL mailbox security bypass
14780| [45667] Dovecot ACL plugin rights security bypass
14781| [41085] Dovecot TAB characters authentication bypass
14782| [41009] Dovecot mail_extra_groups option unauthorized access
14783| [39342] Dovecot LDAP auth cache configuration security bypass
14784| [35767] Dovecot ACL plugin security bypass
14785| [34082] Dovecot mbox-storage.c directory traversal
14786| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
14787| [26536] Dovecot IMAP LIST information disclosure
14788| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
14789| [24709] Dovecot APPEND command denial of service
14790| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
14791| [19460] Cyrus IMAP imapd buffer overflow
14792| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
14793| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
14794| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
14795| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
14796| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
14797| [7345] Slackware Linux imapd and ipop3d core dump
14798| [573] Imapd denial of service
14799|
14800| Exploit-DB - https://www.exploit-db.com:
14801| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
14802| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
14803| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
14804| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
14805| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
14806| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
14807| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
14808| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
14809| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
14810| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
14811| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
14812| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
14813| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
14814| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
14815| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
14816| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
14817| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
14818| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
14819| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
14820| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
14821| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
14822| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
14823| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
14824| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
14825| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
14826| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
14827| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
14828| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
14829| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
14830| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
14831| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
14832| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
14833| [340] Linux imapd Remote Overflow File Retrieve Exploit
14834|
14835| OpenVAS (Nessus) - http://www.openvas.org:
14836| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
14837| [901025] Dovecot Version Detection
14838| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
14839| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
14840| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
14841| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
14842| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
14843| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
14844| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
14845| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
14846| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
14847| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
14848| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
14849| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
14850| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
14851| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
14852| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
14853| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
14854| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
14855| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
14856| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
14857| [870607] RedHat Update for dovecot RHSA-2011:0600-01
14858| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
14859| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
14860| [870471] RedHat Update for dovecot RHSA-2011:1187-01
14861| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
14862| [870153] RedHat Update for dovecot RHSA-2008:0297-02
14863| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
14864| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
14865| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
14866| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
14867| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
14868| [863272] Fedora Update for dovecot FEDORA-2011-7612
14869| [863115] Fedora Update for dovecot FEDORA-2011-7258
14870| [861525] Fedora Update for dovecot FEDORA-2007-664
14871| [861394] Fedora Update for dovecot FEDORA-2007-493
14872| [861333] Fedora Update for dovecot FEDORA-2007-1485
14873| [860845] Fedora Update for dovecot FEDORA-2008-9202
14874| [860663] Fedora Update for dovecot FEDORA-2008-2475
14875| [860169] Fedora Update for dovecot FEDORA-2008-2464
14876| [860089] Fedora Update for dovecot FEDORA-2008-9232
14877| [840950] Ubuntu Update for dovecot USN-1295-1
14878| [840668] Ubuntu Update for dovecot USN-1143-1
14879| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
14880| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
14881| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
14882| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
14883| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
14884| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
14885| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
14886| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
14887| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
14888| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
14889| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
14890| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
14891| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
14892| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
14893| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
14894| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
14895| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
14896| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
14897| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
14898| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
14899| [70259] FreeBSD Ports: dovecot
14900| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
14901| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
14902| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
14903| [66522] FreeBSD Ports: dovecot
14904| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
14905| [66233] SLES10: Security update for Cyrus IMAPD
14906| [66226] SLES11: Security update for Cyrus IMAPD
14907| [66222] SLES9: Security update for Cyrus IMAPD
14908| [65938] SLES10: Security update for Cyrus IMAPD
14909| [65723] SLES11: Security update for Cyrus IMAPD
14910| [65523] SLES9: Security update for Cyrus IMAPD
14911| [65479] SLES9: Security update for cyrus-imapd
14912| [65094] SLES9: Security update for cyrus-imapd
14913| [65010] Ubuntu USN-838-1 (dovecot)
14914| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
14915| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
14916| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
14917| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
14918| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
14919| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
14920| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
14921| [64898] FreeBSD Ports: cyrus-imapd
14922| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
14923| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
14924| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
14925| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
14926| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
14927| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
14928| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
14929| [62854] FreeBSD Ports: dovecot-managesieve
14930| [61916] FreeBSD Ports: dovecot
14931| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
14932| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
14933| [60528] FreeBSD Ports: dovecot
14934| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
14935| [60089] FreeBSD Ports: dovecot
14936| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
14937| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
14938| [55807] Slackware Advisory SSA:2005-310-06 imapd
14939| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
14940| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
14941| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
14942| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
14943| [52297] FreeBSD Ports: cyrus-imapd
14944| [52296] FreeBSD Ports: cyrus-imapd
14945| [52295] FreeBSD Ports: cyrus-imapd
14946| [52294] FreeBSD Ports: cyrus-imapd
14947| [52172] FreeBSD Ports: cyrus-imapd
14948|
14949| SecurityTracker - https://www.securitytracker.com:
14950| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
14951| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
14952| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
14953| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
14954|
14955| OSVDB - http://www.osvdb.org:
14956| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
14957| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
14958| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14959| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
14960| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
14961| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
14962| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
14963| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
14964| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
14965| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
14966| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
14967| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
14968| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
14969| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
14970| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
14971| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
14972| [66113] Dovecot Mail Root Directory Creation Permission Weakness
14973| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
14974| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
14975| [66110] Dovecot Multiple Unspecified Buffer Overflows
14976| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
14977| [64783] Dovecot E-mail Message Header Unspecified DoS
14978| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
14979| [62796] Dovecot mbox Format Email Header Handling DoS
14980| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
14981| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
14982| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
14983| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
14984| [52906] UW-imapd c-client Initial Request Remote Format String
14985| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
14986| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
14987| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
14988| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
14989| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
14990| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
14991| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
14992| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
14993| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
14994| [43137] Dovecot mail_extra_groups Symlink File Manipulation
14995| [42979] Dovecot passdbs Argument Injection Authentication Bypass
14996| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
14997| [39876] Dovecot LDAP Auth Cache Security Bypass
14998| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
14999| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
15000| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
15001| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
15002| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
15003| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
15004| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
15005| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
15006| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
15007| [23281] Dovecot imap/pop3-login dovecot-auth DoS
15008| [23280] Dovecot Malformed APPEND Command DoS
15009| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
15010| [13242] UW-imapd CRAM-MD5 Authentication Bypass
15011| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
15012| [12042] UoW imapd Multiple Unspecified Overflows
15013| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
15014| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
15015| [911] UoW imapd AUTHENTICATE Command Remote Overflow
15016| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
15017| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
15018|_
15019995/tcp open ssl/pop3 Dovecot pop3d
15020| vulscan: VulDB - https://vuldb.com:
15021| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
15022| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
15023| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
15024| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
15025| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
15026| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
15027| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
15028| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
15029| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
15030| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
15031| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
15032| [69835] Dovecot 2.2.0/2.2.1 denial of service
15033| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
15034| [65684] Dovecot up to 2.2.6 unknown vulnerability
15035| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
15036| [63692] Dovecot up to 2.0.15 spoofing
15037| [7062] Dovecot 2.1.10 mail-search.c denial of service
15038| [57517] Dovecot up to 2.0.12 Login directory traversal
15039| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
15040| [57515] Dovecot up to 2.0.12 Crash denial of service
15041| [54944] Dovecot up to 1.2.14 denial of service
15042| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
15043| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
15044| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
15045| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
15046| [53277] Dovecot up to 1.2.10 denial of service
15047| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
15048| [45256] Dovecot up to 1.1.5 directory traversal
15049| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
15050| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
15051| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
15052| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
15053| [40356] Dovecot 1.0.9 Cache unknown vulnerability
15054| [38222] Dovecot 1.0.2 directory traversal
15055| [36376] Dovecot up to 1.0.x directory traversal
15056| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
15057|
15058| MITRE CVE - https://cve.mitre.org:
15059| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
15060| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
15061| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
15062| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
15063| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
15064| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
15065| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
15066| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
15067| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
15068| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
15069| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
15070| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
15071| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
15072| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
15073| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
15074| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
15075| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
15076| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
15077| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
15078| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
15079| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
15080| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
15081| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
15082| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
15083| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
15084| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
15085| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
15086| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
15087| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
15088| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
15089| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
15090| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
15091| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
15092| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
15093| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
15094| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
15095| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
15096|
15097| SecurityFocus - https://www.securityfocus.com/bid/:
15098| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
15099| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
15100| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
15101| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
15102| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
15103| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
15104| [67306] Dovecot Denial of Service Vulnerability
15105| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
15106| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
15107| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
15108| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
15109| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
15110| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
15111| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
15112| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
15113| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
15114| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
15115| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
15116| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
15117| [39838] tpop3d Remote Denial of Service Vulnerability
15118| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
15119| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
15120| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
15121| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
15122| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
15123| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
15124| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
15125| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
15126| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
15127| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
15128| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
15129| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
15130| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
15131| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
15132| [17961] Dovecot Remote Information Disclosure Vulnerability
15133| [16672] Dovecot Double Free Denial of Service Vulnerability
15134| [8495] akpop3d User Name SQL Injection Vulnerability
15135| [8473] Vpop3d Remote Denial Of Service Vulnerability
15136| [3990] ZPop3D Bad Login Logging Failure Vulnerability
15137| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
15138|
15139| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15140| [86382] Dovecot POP3 Service denial of service
15141| [84396] Dovecot IMAP APPEND denial of service
15142| [80453] Dovecot mail-search.c denial of service
15143| [71354] Dovecot SSL Common Name (CN) weak security
15144| [67675] Dovecot script-login security bypass
15145| [67674] Dovecot script-login directory traversal
15146| [67589] Dovecot header name denial of service
15147| [63267] Apple Mac OS X Dovecot information disclosure
15148| [62340] Dovecot mailbox security bypass
15149| [62339] Dovecot IMAP or POP3 denial of service
15150| [62256] Dovecot mailbox security bypass
15151| [62255] Dovecot ACL entry security bypass
15152| [60639] Dovecot ACL plugin weak security
15153| [57267] Apple Mac OS X Dovecot Kerberos security bypass
15154| [56763] Dovecot header denial of service
15155| [54363] Dovecot base_dir privilege escalation
15156| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
15157| [46323] Dovecot dovecot.conf information disclosure
15158| [46227] Dovecot message parsing denial of service
15159| [45669] Dovecot ACL mailbox security bypass
15160| [45667] Dovecot ACL plugin rights security bypass
15161| [41085] Dovecot TAB characters authentication bypass
15162| [41009] Dovecot mail_extra_groups option unauthorized access
15163| [39342] Dovecot LDAP auth cache configuration security bypass
15164| [35767] Dovecot ACL plugin security bypass
15165| [34082] Dovecot mbox-storage.c directory traversal
15166| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
15167| [26578] Cyrus IMAP pop3d buffer overflow
15168| [26536] Dovecot IMAP LIST information disclosure
15169| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
15170| [24709] Dovecot APPEND command denial of service
15171| [13018] akpop3d authentication code SQL injection
15172| [7345] Slackware Linux imapd and ipop3d core dump
15173| [6269] imap, ipop2d and ipop3d buffer overflows
15174| [5923] Linuxconf vpop3d symbolic link
15175| [4918] IPOP3D, Buffer overflow attack
15176| [1560] IPOP3D, user login successful
15177| [1559] IPOP3D user login to remote host successful
15178| [1525] IPOP3D, user logout
15179| [1524] IPOP3D, user auto-logout
15180| [1523] IPOP3D, user login failure
15181| [1522] IPOP3D, brute force attack
15182| [1521] IPOP3D, user kiss of death logout
15183| [418] pop3d mktemp creates insecure temporary files
15184|
15185| Exploit-DB - https://www.exploit-db.com:
15186| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
15187| [23053] Vpop3d Remote Denial of Service Vulnerability
15188| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
15189| [11893] tPop3d 1.5.3 DoS
15190| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
15191| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
15192| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
15193| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
15194|
15195| OpenVAS (Nessus) - http://www.openvas.org:
15196| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
15197| [901025] Dovecot Version Detection
15198| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
15199| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
15200| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
15201| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
15202| [870607] RedHat Update for dovecot RHSA-2011:0600-01
15203| [870471] RedHat Update for dovecot RHSA-2011:1187-01
15204| [870153] RedHat Update for dovecot RHSA-2008:0297-02
15205| [863272] Fedora Update for dovecot FEDORA-2011-7612
15206| [863115] Fedora Update for dovecot FEDORA-2011-7258
15207| [861525] Fedora Update for dovecot FEDORA-2007-664
15208| [861394] Fedora Update for dovecot FEDORA-2007-493
15209| [861333] Fedora Update for dovecot FEDORA-2007-1485
15210| [860845] Fedora Update for dovecot FEDORA-2008-9202
15211| [860663] Fedora Update for dovecot FEDORA-2008-2475
15212| [860169] Fedora Update for dovecot FEDORA-2008-2464
15213| [860089] Fedora Update for dovecot FEDORA-2008-9232
15214| [840950] Ubuntu Update for dovecot USN-1295-1
15215| [840668] Ubuntu Update for dovecot USN-1143-1
15216| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
15217| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
15218| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
15219| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
15220| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
15221| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
15222| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
15223| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
15224| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
15225| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
15226| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
15227| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
15228| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
15229| [70259] FreeBSD Ports: dovecot
15230| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
15231| [66522] FreeBSD Ports: dovecot
15232| [65010] Ubuntu USN-838-1 (dovecot)
15233| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
15234| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
15235| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
15236| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
15237| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
15238| [62854] FreeBSD Ports: dovecot-managesieve
15239| [61916] FreeBSD Ports: dovecot
15240| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
15241| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
15242| [60528] FreeBSD Ports: dovecot
15243| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
15244| [60089] FreeBSD Ports: dovecot
15245| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
15246| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
15247|
15248| SecurityTracker - https://www.securitytracker.com:
15249| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
15250| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
15251| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
15252|
15253| OSVDB - http://www.osvdb.org:
15254| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
15255| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
15256| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
15257| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
15258| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
15259| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
15260| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
15261| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
15262| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
15263| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
15264| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
15265| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
15266| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
15267| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
15268| [66113] Dovecot Mail Root Directory Creation Permission Weakness
15269| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
15270| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
15271| [66110] Dovecot Multiple Unspecified Buffer Overflows
15272| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
15273| [64783] Dovecot E-mail Message Header Unspecified DoS
15274| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
15275| [62796] Dovecot mbox Format Email Header Handling DoS
15276| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
15277| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
15278| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
15279| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
15280| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
15281| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
15282| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
15283| [43137] Dovecot mail_extra_groups Symlink File Manipulation
15284| [42979] Dovecot passdbs Argument Injection Authentication Bypass
15285| [39876] Dovecot LDAP Auth Cache Security Bypass
15286| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
15287| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
15288| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
15289| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
15290| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
15291| [23281] Dovecot imap/pop3-login dovecot-auth DoS
15292| [23280] Dovecot Malformed APPEND Command DoS
15293| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
15294| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
15295| [5857] Linux pop3d Arbitrary Mail File Access
15296| [2471] akpop3d username SQL Injection
15297|_
152982222/tcp open ssh OpenSSH 5.3 (protocol 2.0)
15299| vulscan: VulDB - https://vuldb.com:
15300| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
15301| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
15302| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
15303| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
15304|
15305| MITRE CVE - https://cve.mitre.org:
15306| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
15307| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
15308| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
15309| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
15310| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
15311| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
15312| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
15313| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
15314| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
15315|
15316| SecurityFocus - https://www.securityfocus.com/bid/:
15317| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
15318| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
15319| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
15320| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
15321| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
15322| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
15323| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
15324| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
15325| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
15326| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
15327| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
15328| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
15329| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
15330| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
15331| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
15332| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
15333| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
15334| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
15335| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
15336| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
15337| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
15338| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
15339| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
15340| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
15341| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
15342| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
15343| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
15344| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
15345| [75990] OpenSSH Login Handling Security Bypass Weakness
15346| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
15347| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
15348| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
15349| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
15350| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
15351| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
15352| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
15353| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
15354| [61286] OpenSSH Remote Denial of Service Vulnerability
15355| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
15356| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
15357| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
15358| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
15359| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
15360| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
15361| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
15362| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
15363| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
15364| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
15365| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
15366| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
15367| [30794] Red Hat OpenSSH Backdoor Vulnerability
15368| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
15369| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
15370| [28531] OpenSSH ForceCommand Command Execution Weakness
15371| [28444] OpenSSH X Connections Session Hijacking Vulnerability
15372| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
15373| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
15374| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
15375| [20956] OpenSSH Privilege Separation Key Signature Weakness
15376| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
15377| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
15378| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
15379| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
15380| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
15381| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
15382| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
15383| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
15384| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
15385| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
15386| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
15387| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
15388| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
15389| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
15390| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
15391| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
15392| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
15393| [6168] OpenSSH Visible Password Vulnerability
15394| [5374] OpenSSH Trojan Horse Vulnerability
15395| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
15396| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
15397| [4241] OpenSSH Channel Code Off-By-One Vulnerability
15398| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
15399| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
15400| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
15401| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
15402| [2917] OpenSSH PAM Session Evasion Vulnerability
15403| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
15404| [2356] OpenSSH Private Key Authentication Check Vulnerability
15405| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
15406| [1334] OpenSSH UseLogin Vulnerability
15407|
15408| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15409| [83258] GSI-OpenSSH auth-pam.c security bypass
15410| [82781] OpenSSH time limit denial of service
15411| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
15412| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
15413| [72756] Debian openssh-server commands information disclosure
15414| [68339] OpenSSH pam_thread buffer overflow
15415| [67264] OpenSSH ssh-keysign unauthorized access
15416| [65910] OpenSSH remote_glob function denial of service
15417| [65163] OpenSSH certificate information disclosure
15418| [64387] OpenSSH J-PAKE security bypass
15419| [63337] Cisco Unified Videoconferencing OpenSSH weak security
15420| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
15421| [45202] OpenSSH signal handler denial of service
15422| [44747] RHEL OpenSSH backdoor
15423| [44280] OpenSSH PermitRootLogin information disclosure
15424| [44279] OpenSSH sshd weak security
15425| [44037] OpenSSH sshd SELinux role unauthorized access
15426| [43940] OpenSSH X11 forwarding information disclosure
15427| [41549] OpenSSH ForceCommand directive security bypass
15428| [41438] OpenSSH sshd session hijacking
15429| [40897] OpenSSH known_hosts weak security
15430| [40587] OpenSSH username weak security
15431| [37371] OpenSSH username data manipulation
15432| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
15433| [37112] RHSA update for OpenSSH signal handler race condition not installed
15434| [37107] RHSA update for OpenSSH identical block denial of service not installed
15435| [36637] OpenSSH X11 cookie privilege escalation
15436| [35167] OpenSSH packet.c newkeys[mode] denial of service
15437| [34490] OpenSSH OPIE information disclosure
15438| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
15439| [32975] Apple Mac OS X OpenSSH denial of service
15440| [32387] RHSA-2006:0738 updates for openssh not installed
15441| [32359] RHSA-2006:0697 updates for openssh not installed
15442| [32230] RHSA-2006:0298 updates for openssh not installed
15443| [32132] RHSA-2006:0044 updates for openssh not installed
15444| [30120] OpenSSH privilege separation monitor authentication verification weakness
15445| [29255] OpenSSH GSSAPI user enumeration
15446| [29254] OpenSSH signal handler race condition
15447| [29158] OpenSSH identical block denial of service
15448| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
15449| [25116] OpenSSH OpenPAM denial of service
15450| [24305] OpenSSH SCP shell expansion command execution
15451| [22665] RHSA-2005:106 updates for openssh not installed
15452| [22117] OpenSSH GSSAPI allows elevated privileges
15453| [22115] OpenSSH GatewayPorts security bypass
15454| [20930] OpenSSH sshd.c LoginGraceTime denial of service
15455| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
15456| [17213] OpenSSH allows port bouncing attacks
15457| [16323] OpenSSH scp file overwrite
15458| [13797] OpenSSH PAM information leak
15459| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
15460| [13264] OpenSSH PAM code could allow an attacker to gain access
15461| [13215] OpenSSH buffer management errors could allow an attacker to execute code
15462| [13214] OpenSSH memory vulnerabilities
15463| [13191] OpenSSH large packet buffer overflow
15464| [12196] OpenSSH could allow an attacker to bypass login restrictions
15465| [11970] OpenSSH could allow an attacker to obtain valid administrative account
15466| [11902] OpenSSH PAM support enabled information leak
15467| [9803] OpenSSH "
15468| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
15469| [9307] OpenSSH is running on the system
15470| [9169] OpenSSH "
15471| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
15472| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
15473| [8383] OpenSSH off-by-one error in channel code
15474| [7647] OpenSSH UseLogin option arbitrary code execution
15475| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
15476| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
15477| [7179] OpenSSH source IP access control bypass
15478| [6757] OpenSSH "
15479| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
15480| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
15481| [5517] OpenSSH allows unauthorized access to resources
15482| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
15483|
15484| Exploit-DB - https://www.exploit-db.com:
15485| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
15486| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
15487| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
15488| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
15489| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
15490| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
15491| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
15492| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
15493| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
15494| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
15495| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
15496| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
15497| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
15498| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
15499|
15500| OpenVAS (Nessus) - http://www.openvas.org:
15501| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
15502| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
15503| [881183] CentOS Update for openssh CESA-2012:0884 centos6
15504| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
15505| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
15506| [870763] RedHat Update for openssh RHSA-2012:0884-04
15507| [870129] RedHat Update for openssh RHSA-2008:0855-01
15508| [861813] Fedora Update for openssh FEDORA-2010-5429
15509| [861319] Fedora Update for openssh FEDORA-2007-395
15510| [861170] Fedora Update for openssh FEDORA-2007-394
15511| [861012] Fedora Update for openssh FEDORA-2007-715
15512| [840345] Ubuntu Update for openssh vulnerability USN-597-1
15513| [840300] Ubuntu Update for openssh update USN-612-5
15514| [840271] Ubuntu Update for openssh vulnerability USN-612-2
15515| [840268] Ubuntu Update for openssh update USN-612-7
15516| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
15517| [840214] Ubuntu Update for openssh vulnerability USN-566-1
15518| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
15519| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
15520| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
15521| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
15522| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
15523| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
15524| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
15525| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
15526| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
15527| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
15528| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
15529| [100584] OpenSSH X Connections Session Hijacking Vulnerability
15530| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
15531| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
15532| [65987] SLES10: Security update for OpenSSH
15533| [65819] SLES10: Security update for OpenSSH
15534| [65514] SLES9: Security update for OpenSSH
15535| [65513] SLES9: Security update for OpenSSH
15536| [65334] SLES9: Security update for OpenSSH
15537| [65248] SLES9: Security update for OpenSSH
15538| [65218] SLES9: Security update for OpenSSH
15539| [65169] SLES9: Security update for openssh,openssh-askpass
15540| [65126] SLES9: Security update for OpenSSH
15541| [65019] SLES9: Security update for OpenSSH
15542| [65015] SLES9: Security update for OpenSSH
15543| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
15544| [61639] Debian Security Advisory DSA 1638-1 (openssh)
15545| [61030] Debian Security Advisory DSA 1576-2 (openssh)
15546| [61029] Debian Security Advisory DSA 1576-1 (openssh)
15547| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
15548| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
15549| [60667] Slackware Advisory SSA:2008-095-01 openssh
15550| [59014] Slackware Advisory SSA:2007-255-01 openssh
15551| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
15552| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
15553| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
15554| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
15555| [57492] Slackware Advisory SSA:2006-272-02 openssh
15556| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
15557| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
15558| [57470] FreeBSD Ports: openssh
15559| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
15560| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
15561| [56294] Slackware Advisory SSA:2006-045-06 openssh
15562| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
15563| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
15564| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
15565| [53788] Debian Security Advisory DSA 025-1 (openssh)
15566| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
15567| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
15568| [11343] OpenSSH Client Unauthorized Remote Forwarding
15569| [10954] OpenSSH AFS/Kerberos ticket/token passing
15570| [10883] OpenSSH Channel Code Off by 1
15571| [10823] OpenSSH UseLogin Environment Variables
15572|
15573| SecurityTracker - https://www.securitytracker.com:
15574| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
15575| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
15576| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
15577| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
15578| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
15579| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
15580| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
15581| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
15582| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
15583| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
15584| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
15585| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
15586| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
15587| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
15588| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
15589| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
15590| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
15591| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
15592| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
15593| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
15594| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
15595| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
15596| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
15597| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
15598| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
15599| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
15600| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
15601| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
15602| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
15603| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
15604| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
15605| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
15606| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
15607| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
15608| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
15609| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
15610| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
15611| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
15612|
15613| OSVDB - http://www.osvdb.org:
15614| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
15615| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
15616| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
15617| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
15618| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
15619| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
15620| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
15621| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
15622| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
15623| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
15624| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
15625| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
15626| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
15627| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
15628| [56921] OpenSSH Unspecified Remote Compromise
15629| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
15630| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
15631| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
15632| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
15633| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
15634| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
15635| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
15636| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
15637| [43745] OpenSSH X11 Forwarding Local Session Hijacking
15638| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
15639| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
15640| [37315] pam_usb OpenSSH Authentication Unspecified Issue
15641| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
15642| [34601] OPIE w/ OpenSSH Account Enumeration
15643| [34600] OpenSSH S/KEY Authentication Account Enumeration
15644| [32721] OpenSSH Username Password Complexity Account Enumeration
15645| [30232] OpenSSH Privilege Separation Monitor Weakness
15646| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
15647| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
15648| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
15649| [29152] OpenSSH Identical Block Packet DoS
15650| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
15651| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
15652| [22692] OpenSSH scp Command Line Filename Processing Command Injection
15653| [20216] OpenSSH with KerberosV Remote Authentication Bypass
15654| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
15655| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
15656| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
15657| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
15658| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
15659| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
15660| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
15661| [6601] OpenSSH *realloc() Unspecified Memory Errors
15662| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
15663| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
15664| [6072] OpenSSH PAM Conversation Function Stack Modification
15665| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
15666| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
15667| [5408] OpenSSH echo simulation Information Disclosure
15668| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
15669| [4536] OpenSSH Portable AIX linker Privilege Escalation
15670| [3938] OpenSSL and OpenSSH /dev/random Check Failure
15671| [3456] OpenSSH buffer_append_space() Heap Corruption
15672| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
15673| [2140] OpenSSH w/ PAM Username Validity Timing Attack
15674| [2112] OpenSSH Reverse DNS Lookup Bypass
15675| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
15676| [1853] OpenSSH Symbolic Link 'cookies' File Removal
15677| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
15678| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
15679| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
15680| [688] OpenSSH UseLogin Environment Variable Local Command Execution
15681| [642] OpenSSH Multiple Key Type ACL Bypass
15682| [504] OpenSSH SSHv2 Public Key Authentication Bypass
15683| [341] OpenSSH UseLogin Local Privilege Escalation
15684|_
156853306/tcp open mysql MySQL 5.6.41-84.1
15686| vulscan: VulDB - https://vuldb.com:
15687| [125562] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 RBR denial of service
15688| [125559] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Memcached denial of service
15689| [125548] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Merge denial of service
15690| [125539] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
15691| [125538] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
15692| [125537] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
15693| [138100] Oracle MySQL Server up to 5.6.44/5.7.18 Privileges unknown vulnerability
15694| [138099] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Compiling information disclosure
15695| [138079] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Pluggable Auth denial of service
15696| [138070] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Audit unknown vulnerability
15697| [138067] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 XML denial of service
15698| [138066] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Parser denial of service
15699| [129645] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication denial of service
15700| [129642] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
15701| [129641] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
15702| [129639] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 DDL denial of service
15703| [129630] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Connection Handling denial of service
15704| [129629] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Parser denial of service
15705| [129627] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 PS denial of service
15706| [129626] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
15707| [129624] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication unknown vulnerability
15708| [121784] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Memcached denial of service
15709| [121780] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Installing denial of service
15710| [121774] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 InnoDB denial of service
15711|
15712| MITRE CVE - https://cve.mitre.org:
15713| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
15714| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
15715| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
15716| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
15717| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
15718| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
15719| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
15720| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
15721| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
15722| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
15723| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
15724| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
15725| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
15726| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
15727| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
15728| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
15729| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
15730| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
15731| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
15732| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
15733| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
15734| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
15735| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
15736| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
15737| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
15738| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
15739| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
15740| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
15741| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
15742| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
15743| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
15744| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
15745| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
15746| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
15747| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
15748|
15749| SecurityFocus - https://www.securityfocus.com/bid/:
15750| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
15751| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
15752| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
15753| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
15754| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
15755| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
15756| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
15757| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
15758| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
15759| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
15760| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
15761|
15762| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15763| [85724] Oracle MySQL Server XA Transactions denial of service
15764| [85723] Oracle MySQL Server Server Replication denial of service
15765| [85722] Oracle MySQL Server InnoDB denial of service
15766| [85721] Oracle MySQL Server Server Privileges unspecified
15767| [85720] Oracle MySQL Server Server Partition denial of service
15768| [85719] Oracle MySQL Server Server Parser denial of service
15769| [85718] Oracle MySQL Server Server Options denial of service
15770| [85717] Oracle MySQL Server Server Options denial of service
15771| [85716] Oracle MySQL Server Server Optimizer denial of service
15772| [85715] Oracle MySQL Server Server Optimizer denial of service
15773| [85714] Oracle MySQL Server Prepared Statements denial of service
15774| [85713] Oracle MySQL Server InnoDB denial of service
15775| [85712] Oracle MySQL Server Full Text Search denial of service
15776| [85711] Oracle MySQL Server Data Manipulation Language denial of service
15777| [85710] Oracle MySQL Server Data Manipulation Language denial of service
15778| [85709] Oracle MySQL Server Audit Log unspecified
15779| [85708] Oracle MySQL Server MemCached unspecified
15780| [84846] Debian mysql-server package information disclosure
15781| [84375] Wireshark MySQL dissector denial of service
15782| [83554] Oracle MySQL Server Server Partition denial of service
15783| [83553] Oracle MySQL Server Server Locking denial of service
15784| [83552] Oracle MySQL Server Server Install unspecified
15785| [83551] Oracle MySQL Server Server Types denial of service
15786| [83550] Oracle MySQL Server Server Privileges unspecified
15787| [83549] Oracle MySQL Server InnoDB denial of service
15788| [83548] Oracle MySQL Server InnoDB denial of service
15789| [83547] Oracle MySQL Server Data Manipulation Language denial of service
15790| [83546] Oracle MySQL Server Stored Procedure denial of service
15791| [83545] Oracle MySQL Server Server Replication denial of service
15792| [83544] Oracle MySQL Server Server Partition denial of service
15793| [83543] Oracle MySQL Server Server Optimizer denial of service
15794| [83542] Oracle MySQL Server InnoDB denial of service
15795| [83541] Oracle MySQL Server Information Schema denial of service
15796| [83540] Oracle MySQL Server Data Manipulation Language denial of service
15797| [83539] Oracle MySQL Server Data Manipulation Language denial of service
15798| [83538] Oracle MySQL Server Server Optimizer unspecified
15799| [83537] Oracle MySQL Server MemCached denial of service
15800| [83536] Oracle MySQL Server Server Privileges unspecified
15801| [83535] Oracle MySQL Server Server Privileges unspecified
15802| [83534] Oracle MySQL Server Server unspecified
15803| [83533] Oracle MySQL Server Information Schema unspecified
15804| [83532] Oracle MySQL Server Server Locking unspecified
15805| [83531] Oracle MySQL Server Data Manipulation Language denial of service
15806| [83388] MySQL administrative login attempt detected
15807| [82963] Mambo MySQL database information disclosure
15808| [82946] Oracle MySQL buffer overflow
15809| [82945] Oracle MySQL buffer overflow
15810| [82895] Oracle MySQL and MariaDB geometry queries denial of service
15811| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
15812| [81325] Oracle MySQL Server Server Privileges denial of service
15813| [81324] Oracle MySQL Server Server Partition denial of service
15814| [81323] Oracle MySQL Server Server Optimizer denial of service
15815| [81322] Oracle MySQL Server Server Optimizer denial of service
15816| [81321] Oracle MySQL Server Server denial of service
15817| [81320] Oracle MySQL Server MyISAM denial of service
15818| [81319] Oracle MySQL Server InnoDB denial of service
15819| [81318] Oracle MySQL Server InnoDB denial of service
15820| [81317] Oracle MySQL Server Server Locking denial of service
15821| [81316] Oracle MySQL Server Server denial of service
15822| [81315] Oracle MySQL Server Server Replication unspecified
15823| [81314] Oracle MySQL Server Server Replication unspecified
15824| [81313] Oracle MySQL Server Stored Procedure denial of service
15825| [81312] Oracle MySQL Server Server Optimizer denial of service
15826| [81311] Oracle MySQL Server Information Schema denial of service
15827| [81310] Oracle MySQL Server GIS Extension denial of service
15828| [80790] Oracle MySQL yaSSL buffer overflow
15829| [80553] Oracle MySQL and MariaDB salt security bypass
15830| [80443] Oracle MySQL Server unspecified code execution
15831| [80442] Oracle MySQL Server acl_get() buffer overflow
15832| [80440] Oracle MySQL Server table buffer overflow
15833| [80435] Oracle MySQL Server database privilege escalation
15834| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
15835| [80433] Oracle MySQL Server Stuxnet privilege escalation
15836| [80432] Oracle MySQL Server authentication information disclosure
15837| [79394] Oracle MySQL Server Server Installation information disclosure
15838| [79393] Oracle MySQL Server Server Replication denial of service
15839| [79392] Oracle MySQL Server Server Full Text Search denial of service
15840| [79391] Oracle MySQL Server Server denial of service
15841| [79390] Oracle MySQL Server Client information disclosure
15842| [79389] Oracle MySQL Server Server Optimizer denial of service
15843| [79388] Oracle MySQL Server Server Optimizer denial of service
15844| [79387] Oracle MySQL Server Server denial of service
15845| [79386] Oracle MySQL Server InnoDB Plugin denial of service
15846| [79385] Oracle MySQL Server InnoDB denial of service
15847| [79384] Oracle MySQL Server Client unspecified
15848| [79383] Oracle MySQL Server Server denial of service
15849| [79382] Oracle MySQL Server Protocol unspecified
15850| [79381] Oracle MySQL Server Information Schema unspecified
15851| [78954] SilverStripe MySQLDatabase.php information disclosure
15852| [78948] MySQL MyISAM table symlink
15853| [77865] MySQL unknown vuln
15854| [77864] MySQL sort order denial of service
15855| [77768] MySQLDumper refresh_dblist.php information disclosure
15856| [77177] MySQL Squid Access Report unspecified cross-site scripting
15857| [77065] Oracle MySQL Server Optimizer denial of service
15858| [77064] Oracle MySQL Server Optimizer denial of service
15859| [77063] Oracle MySQL Server denial of service
15860| [77062] Oracle MySQL InnoDB denial of service
15861| [77061] Oracle MySQL GIS Extension denial of service
15862| [77060] Oracle MySQL Server Optimizer denial of service
15863| [76189] MySQL unspecified error
15864| [76188] MySQL attempts security bypass
15865| [75287] MySQLDumper restore.php information disclosure
15866| [75286] MySQLDumper filemanagement.php directory traversal
15867| [75285] MySQLDumper main.php cross-site request forgery
15868| [75284] MySQLDumper install.php cross-site scripting
15869| [75283] MySQLDumper install.php file include
15870| [75282] MySQLDumper menu.php code execution
15871| [75022] Oracle MySQL Server Server Optimizer denial of service
15872| [75021] Oracle MySQL Server Server Optimizer denial of service
15873| [75020] Oracle MySQL Server Server DML denial of service
15874| [75019] Oracle MySQL Server Partition denial of service
15875| [75018] Oracle MySQL Server MyISAM denial of service
15876| [75017] Oracle MySQL Server Server Optimizer denial of service
15877| [74672] Oracle MySQL Server multiple unspecified
15878| [73092] MySQL unspecified code execution
15879| [72540] Oracle MySQL Server denial of service
15880| [72539] Oracle MySQL Server unspecified
15881| [72538] Oracle MySQL Server denial of service
15882| [72537] Oracle MySQL Server denial of service
15883| [72536] Oracle MySQL Server unspecified
15884| [72535] Oracle MySQL Server denial of service
15885| [72534] Oracle MySQL Server denial of service
15886| [72533] Oracle MySQL Server denial of service
15887| [72532] Oracle MySQL Server denial of service
15888| [72531] Oracle MySQL Server denial of service
15889| [72530] Oracle MySQL Server denial of service
15890| [72529] Oracle MySQL Server denial of service
15891| [72528] Oracle MySQL Server denial of service
15892| [72527] Oracle MySQL Server denial of service
15893| [72526] Oracle MySQL Server denial of service
15894| [72525] Oracle MySQL Server information disclosure
15895| [72524] Oracle MySQL Server denial of service
15896| [72523] Oracle MySQL Server denial of service
15897| [72522] Oracle MySQL Server denial of service
15898| [72521] Oracle MySQL Server denial of service
15899| [72520] Oracle MySQL Server denial of service
15900| [72519] Oracle MySQL Server denial of service
15901| [72518] Oracle MySQL Server unspecified
15902| [72517] Oracle MySQL Server unspecified
15903| [72516] Oracle MySQL Server unspecified
15904| [72515] Oracle MySQL Server denial of service
15905| [72514] Oracle MySQL Server unspecified
15906| [71965] MySQL port denial of service
15907| [70680] DBD::mysqlPP unspecified SQL injection
15908| [70370] TaskFreak! multi-mysql unspecified path disclosure
15909| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15910| [68294] MySQLDriverCS statement.cs sql injection
15911| [68175] Prosody MySQL denial of service
15912| [67539] Zend Framework MySQL PDO security bypass
15913| [67254] DirectAdmin MySQL information disclosure
15914| [66567] Xoops mysql.sql information disclosure
15915| [65871] PyWebDAV MySQLAuthHandler class SQL injection
15916| [65543] MySQL Select Arbitrary data into a File
15917| [65529] MySQL Eventum full_name field cross-site scripting
15918| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
15919| [65379] Oracle MySQL Eventum list.php cross-site scripting
15920| [65266] Accellion File Transfer Appliance MySQL default password
15921| [64878] MySQL Geometry denial of service
15922| [64877] MySQL EXPLAIN EXTENDED denial of service
15923| [64876] MySQL prepared statement denial of service
15924| [64845] MySQL extreme-value denial of service
15925| [64844] MySQL Gis_line_string::init_from_wkb denial of service
15926| [64843] MySQL user-variable denial of service
15927| [64842] MySQL view preparation denial of service
15928| [64841] MySQL prepared statement denial of service
15929| [64840] MySQL LONGBLOB denial of service
15930| [64839] MySQL invocations denial of service
15931| [64838] MySQL Gis_line_string::init_from_wkb denial of service
15932| [64689] MySQL dict0crea.c denial of service
15933| [64688] MySQL SET column denial of service
15934| [64687] MySQL BINLOG command denial of service
15935| [64686] MySQL InnoDB denial of service
15936| [64685] MySQL HANDLER interface denial of service
15937| [64684] MySQL Item_singlerow_subselect::store denial of service
15938| [64683] MySQL OK packet denial of service
15939| [63518] MySQL Query Browser GUI Tools information disclosure
15940| [63517] MySQL Administrator GUI Tools information disclosure
15941| [62272] MySQL PolyFromWKB() denial of service
15942| [62269] MySQL LIKE predicates denial of service
15943| [62268] MySQL joins denial of service
15944| [62267] MySQL GREATEST() or LEAST() denial of service
15945| [62266] MySQL GROUP_CONCAT() denial of service
15946| [62265] MySQL expression values denial of service
15947| [62264] MySQL temporary table denial of service
15948| [62263] MySQL LEAST() or GREATEST() denial of service
15949| [62262] MySQL replication privilege escalation
15950| [61739] MySQL WITH ROLLUP denial of service
15951| [61343] MySQL LOAD DATA INFILE denial of service
15952| [61342] MySQL EXPLAIN denial of service
15953| [61341] MySQL HANDLER denial of service
15954| [61340] MySQL BINLOG denial of service
15955| [61339] MySQL IN() or CASE denial of service
15956| [61338] MySQL SET denial of service
15957| [61337] MySQL DDL denial of service
15958| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
15959| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
15960| [61316] PHP php_mysqlnd_auth_write buffer overflow
15961| [61274] MySQL TEMPORARY InnoDB denial of service
15962| [59905] MySQL ALTER DATABASE denial of service
15963| [59841] CMySQLite updateUser.php cross-site request forgery
15964| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
15965| [59075] PHP php_mysqlnd_auth_write() buffer overflow
15966| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
15967| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
15968| [59072] PHP php_mysqlnd_ok_read() information disclosure
15969| [58842] MySQL DROP TABLE file deletion
15970| [58676] Template Shares MySQL information disclosure
15971| [58531] MySQL COM_FIELD_LIST buffer overflow
15972| [58530] MySQL packet denial of service
15973| [58529] MySQL COM_FIELD_LIST security bypass
15974| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
15975| [57925] MySQL UNINSTALL PLUGIN security bypass
15976| [57006] Quicksilver Forums mysqldump information disclosure
15977| [56800] Employee Timeclock Software mysqldump information disclosure
15978| [56200] Flex MySQL Connector ActionScript SQL injection
15979| [55877] MySQL yaSSL buffer overflow
15980| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
15981| [55416] MySQL unspecified buffer overflow
15982| [55382] Ublog UblogMySQL.sql information disclosure
15983| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
15984| [54597] MySQL sql_table.cc security bypass
15985| [54596] MySQL mysqld denial of service
15986| [54365] MySQL OpenSSL security bypass
15987| [54364] MySQL MyISAM table symlink
15988| [53950] The mysql-ocaml mysql_real_escape_string weak security
15989| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
15990| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
15991| [52660] iScouter PHP Web Portal MySQL Password Retrieval
15992| [52220] aa33code mysql.inc information disclosure
15993| [52122] MySQL Connector/J unicode SQL injection
15994| [51614] MySQL dispatch_command() denial of service
15995| [51406] MySQL Connector/NET SSL spoofing
15996| [49202] MySQL UDF command execution
15997| [49050] MySQL XPath denial of service
15998| [48919] Cisco Application Networking Manager MySQL default account password
15999| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
16000| [47544] MySQL Calendar index.php SQL injection
16001| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
16002| [45649] MySQL MyISAM symlink security bypass
16003| [45648] MySQL MyISAM symlinks security bypass
16004| [45607] MySQL Quick Admin actions.php file include
16005| [45606] MySQL Quick Admin index.php file include
16006| [45590] MySQL command-line client cross-site scripting
16007| [45436] PromoteWeb MySQL go.php SQL injection
16008| [45042] MySQL empty bit-string literal denial of service
16009| [44662] mysql-lists unspecified cross-site scripting
16010| [42267] MySQL MyISAM security bypass
16011| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
16012| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
16013| [40920] MySQL sql_select.cc denial of service
16014| [40734] MySQL Server BINLOG privilege escalation
16015| [40350] MySQL password information disclosure
16016| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
16017| [39402] PHP LOCAL INFILE and MySQL extension security bypass
16018| [38999] aurora framework db_mysql.lib SQL injection
16019| [38990] MySQL federated engine denial of service
16020| [38989] MySQL DEFINER value privilege escalation
16021| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
16022| [38964] MySQL RENAME TABLE symlink
16023| [38733] ManageEngine EventLog Analyzer MySQL default password
16024| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
16025| [38189] MySQL default root password
16026| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
16027| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
16028| [36555] PHP MySQL extension multiple functions security bypass
16029| [35960] MySQL view privilege escalation
16030| [35959] MySQL CREATE TABLE LIKE information disclosure
16031| [35958] MySQL connection protocol denial of service
16032| [35291] MySQLDumper main.php security bypass
16033| [34811] MySQL udf_init and mysql_create_function command execution
16034| [34809] MySQL mysql_update privilege escalation
16035| [34349] MySQL ALTER information disclosure
16036| [34348] MySQL mysql_change_db privilege escalation
16037| [34347] MySQL RENAME TABLE weak security
16038| [34232] MySQL IF clause denial of service
16039| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
16040| [33285] Eve-Nuke mysql.php file include
16041| [32957] MySQL Commander dbopen.php file include
16042| [32933] cPanel load_language.php and mysqlconfig.php file include
16043| [32911] MySQL filesort function denial of service
16044| [32462] cPanel passwdmysql cross-site scripting
16045| [32288] RHSA-2006:0544 updates for mysql not installed
16046| [32266] MySQLNewsEngine affichearticles.php3 file include
16047| [31244] The Address Book MySQL export.php password information disclosure
16048| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
16049| [30760] BTSaveMySql URL file disclosure
16050| [30191] StoryStream mysql.php and mysqli.php file include
16051| [30085] MySQL MS-DOS device name denial of service
16052| [30031] Agora MysqlfinderAdmin.php file include
16053| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
16054| [29179] paBugs class.mysql.php file include
16055| [29120] ZoomStats MySQL file include
16056| [28448] MySQL case sensitive database name privilege escalation
16057| [28442] MySQL GRANT EXECUTE privilege escalation
16058| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
16059| [28202] MySQL multiupdate subselect query denial of service
16060| [28180] MySQL MERGE table security bypass
16061| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
16062| [27995] Opsware Network Automation System MySQL plaintext password
16063| [27904] MySQL date_format() format string
16064| [27635] MySQL Instance Manager denial of service
16065| [27212] MySQL SELECT str_to_date denial of service
16066| [26875] MySQL ASCII escaping SQL injection
16067| [26420] Apple Mac OS X MySQL Manager blank password
16068| [26236] MySQL login packet information disclosure
16069| [26232] MySQL COM_TABLE_DUMP buffer overflow
16070| [26228] MySQL sql_parce.cc information disclosure
16071| [26042] MySQL running
16072| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
16073| [24966] MySQL mysql_real_query logging bypass
16074| [24653] PAM-MySQL logging function denial of service
16075| [24652] PAM-MySQL authentication double free code execution
16076| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
16077| [24095] PHP ext/mysqli exception handling format string
16078| [23990] PHP mysql_connect() buffer overflow
16079| [23596] MySQL Auction search module could allow cross-site scripting
16080| [22642] RHSA-2005:334 updates for mysql not installed
16081| [21757] MySQL UDF library functions command execution
16082| [21756] MySQL LoadLibraryEx function denial of service
16083| [21738] MySQL UDF mysql_create_function function directory traversal
16084| [21737] MySQL user defined function buffer overflow
16085| [21640] MySQL Eventum multiple class SQL injection
16086| [21638] MySQL Eventum multiple scripts cross-site scripting
16087| [20984] xmysqladmin temporary file symlink
16088| [20656] MySQL mysql_install_db script symlink
16089| [20333] Plans MySQL password information disclosure
16090| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
16091| [19658] MySQL udf_init function gain access
16092| [19576] auraCMS mysql_fetch_row function path disclosure
16093| [18922] MySQL mysqlaccess script symlink attack
16094| [18824] MySQL UDF root privileges
16095| [18464] mysql_auth unspecified vulnerability
16096| [18449] Sugar Sales plaintext MySQL password
16097| [17783] MySQL underscore allows elevated privileges
16098| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
16099| [17667] MySQL UNION change denial of service
16100| [17666] MySQL ALTER TABLE RENAME bypass restriction
16101| [17493] MySQL libmysqlclient bulk inserts buffer overflow
16102| [17462] MySQLGuest AWSguest.php script cross-site scripting
16103| [17047] MySQL mysql_real_connect buffer overflow
16104| [17030] MySQL mysqlhotcopy insecure temporary file
16105| [16612] MySQL my_rnd buffer overflow
16106| [16604] MySQL check_scramble_323 function allows unauthorized access
16107| [15883] MySQL mysqld_multi script symlink attack
16108| [15617] MySQL mysqlbug script symlink attack
16109| [15417] Confixx db_mysql_loeschen2.php SQL injection
16110| [15280] Proofpoint Protection Server MySQL allows unauthorized access
16111| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
16112| [13153] MySQL long password buffer overflow
16113| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
16114| [12540] Teapop PostSQL and MySQL modules SQL injection
16115| [12337] MySQL mysql_real_connect function buffer overflow
16116| [11510] MySQL datadir/my.cnf modification could allow root privileges
16117| [11493] mysqlcc configuration and connection files are world writable
16118| [11340] SuckBot mod_mysql_logger denial of service
16119| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
16120| [10850] MySQL libmysql client read_one_row buffer overflow
16121| [10849] MySQL libmysql client read_rows buffer overflow
16122| [10848] MySQL COM_CHANGE_USER password buffer overflow
16123| [10847] MySQL COM_CHANGE_USER command password authentication bypass
16124| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
16125| [10483] Bugzilla stores passwords in plain text in the MySQL database
16126| [10455] gBook MySQL could allow administrative access
16127| [10243] MySQL my.ini "
16128| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
16129| [9909] MySQL logging disabled by default on Windows
16130| [9908] MySQL binding to the loopback adapter is disabled
16131| [9902] MySQL default root password could allow unauthorized access
16132| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
16133| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
16134| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
16135| [7206] WinMySQLadmin stores MySQL password in plain text
16136| [6617] MySQL "
16137| [6419] MySQL drop database command buffer overflow
16138| [6418] MySQL libmysqlclient.so buffer overflow
16139| [5969] MySQL select buffer overflow
16140| [5447] pam_mysql authentication input
16141| [5409] MySQL authentication algorithm obtain password hash
16142| [5057] PCCS MySQL Database Admin Tool could reveal username and password
16143| [4228] MySQL unauthenticated remote access
16144| [3849] MySQL default test account could allow any user to connect to the database
16145| [1568] MySQL creates readable log files
16146|
16147| Exploit-DB - https://www.exploit-db.com:
16148| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
16149| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
16150| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
16151| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
16152| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
16153| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
16154| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
16155| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
16156| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
16157| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
16158| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
16159| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
16160| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
16161|
16162| OpenVAS (Nessus) - http://www.openvas.org:
16163| [53251] Debian Security Advisory DSA 562-1 (mysql)
16164| [53230] Debian Security Advisory DSA 540-1 (mysql)
16165|
16166| SecurityTracker - https://www.securitytracker.com:
16167| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
16168| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
16169| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
16170| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
16171| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
16172| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
16173| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
16174| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
16175| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
16176| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
16177| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
16178| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16179| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
16180| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16181| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
16182| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
16183| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
16184| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
16185| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
16186| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16187| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
16188| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16189| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
16190| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
16191| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
16192| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
16193| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
16194| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
16195| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
16196| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
16197| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
16198| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
16199| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
16200| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
16201| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
16202| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
16203| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
16204| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
16205| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
16206| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
16207| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
16208| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
16209| [1016790] MySQL Replication Error Lets Local Users Deny Service
16210| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
16211| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
16212| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
16213| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
16214| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
16215| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
16216| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
16217| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
16218| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
16219| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
16220| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
16221| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
16222| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
16223| [1014172] xMySQLadmin Lets Local Users Delete Files
16224| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
16225| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
16226| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
16227| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
16228| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
16229| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
16230| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
16231| [1012500] mysql_auth Memory Leak Has Unspecified Impact
16232| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
16233| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
16234| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
16235| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
16236| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
16237| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
16238| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
16239| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
16240| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
16241| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
16242| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
16243| [1007518] DWebPro Discloses MySQL Database Password to Local Users
16244| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
16245| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
16246| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
16247| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
16248| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
16249| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
16250| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
16251| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
16252| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
16253| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
16254| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
16255| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
16256| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
16257|
16258| OSVDB - http://www.osvdb.org:
16259| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
16260| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
16261| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
16262| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
16263| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
16264| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
16265| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
16266| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
16267| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
16268| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
16269| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
16270| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
16271| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
16272| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
16273| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
16274| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
16275| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
16276| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
16277| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
16278| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
16279| [93174] MySQL Crafted Derived Table Handling DoS
16280| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
16281| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
16282| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
16283| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
16284| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
16285| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
16286| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
16287| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
16288| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
16289| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
16290| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
16291| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
16292| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
16293| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
16294| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
16295| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
16296| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
16297| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
16298| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
16299| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
16300| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
16301| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
16302| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
16303| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
16304| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
16305| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
16306| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
16307| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
16308| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
16309| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
16310| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
16311| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
16312| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
16313| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
16314| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
16315| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
16316| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
16317| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
16318| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
16319| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
16320| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
16321| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
16322| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
16323| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
16324| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
16325| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
16326| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
16327| [89042] ViciBox Server MySQL cron Service Default Credentials
16328| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
16329| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
16330| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
16331| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
16332| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
16333| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
16334| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
16335| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
16336| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
16337| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
16338| [87480] MySQL Malformed XML Comment Handling DoS
16339| [87466] MySQL SSL Certificate Revocation Weakness
16340| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
16341| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
16342| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
16343| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
16344| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
16345| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
16346| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
16347| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
16348| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
16349| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
16350| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
16351| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
16352| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
16353| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
16354| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
16355| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
16356| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
16357| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
16358| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
16359| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
16360| [84719] MySQLDumper index.php page Parameter XSS
16361| [84680] MySQL Squid Access Report access.log File Path XSS
16362| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
16363| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
16364| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
16365| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
16366| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
16367| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
16368| [83661] Oracle MySQL Unspecified Issue (59533)
16369| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
16370| [82803] Oracle MySQL Unspecified Issue (59387)
16371| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
16372| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
16373| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
16374| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
16375| [81614] MySQLDumper File Upload PHP Code Execution
16376| [81613] MySQLDumper main.php Multiple Function CSRF
16377| [81612] MySQLDumper restore.php filename Parameter XSS
16378| [81611] MySQLDumper sql.php Multiple Parameter XSS
16379| [81610] MySQLDumper install.php Multiple Parameter XSS
16380| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
16381| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
16382| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
16383| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
16384| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
16385| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
16386| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
16387| [81059] Oracle MySQL Server Multiple Unspecified Issues
16388| [79038] Webmin Process Listing MySQL Password Local Disclosure
16389| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
16390| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
16391| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
16392| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
16393| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
16394| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
16395| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
16396| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
16397| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
16398| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
16399| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
16400| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
16401| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
16402| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
16403| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
16404| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
16405| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
16406| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
16407| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
16408| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
16409| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
16410| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
16411| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
16412| [78375] Oracle MySQL Server Unspecified Local DoS
16413| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
16414| [78373] Oracle MySQL Server Unspecified Local Issue
16415| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
16416| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
16417| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
16418| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
16419| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
16420| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
16421| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
16422| [77040] DBD::mysqlPP Unspecified SQL Injection
16423| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
16424| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16425| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
16426| [73387] Zend Framework PDO_MySql Character Set Security Bypass
16427| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
16428| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
16429| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
16430| [71368] Accellion File Transfer Appliance Weak MySQL root Password
16431| [70967] MySQL Eventum Admin User Creation CSRF
16432| [70966] MySQL Eventum preferences.php full_name Parameter XSS
16433| [70961] MySQL Eventum list.php Multiple Parameter XSS
16434| [70960] MySQL Eventum forgot_password.php URI XSS
16435| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
16436| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
16437| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
16438| [69395] MySQL Derived Table Grouping DoS
16439| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
16440| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
16441| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
16442| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
16443| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
16444| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
16445| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
16446| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
16447| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
16448| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
16449| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
16450| [68996] MySQL EXPLAIN EXTENDED Statement DoS
16451| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
16452| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
16453| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
16454| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
16455| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
16456| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
16457| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
16458| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
16459| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
16460| [67381] MySQL InnoDB Temporary Table Handling DoS
16461| [67380] MySQL BINLOG Statement Unspecified Argument DoS
16462| [67379] MySQL Multiple Operation NULL Argument Handling DoS
16463| [67378] MySQL Unique SET Column Join Statement Remote DoS
16464| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
16465| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
16466| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
16467| [66731] PHP Bundled MySQL Library Unspecified Issue
16468| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
16469| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
16470| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
16471| [65085] MySQL Enterprise Monitor Unspecified CSRF
16472| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
16473| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
16474| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
16475| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
16476| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
16477| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
16478| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
16479| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
16480| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
16481| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
16482| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
16483| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
16484| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
16485| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
16486| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
16487| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
16488| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
16489| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
16490| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
16491| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
16492| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
16493| [59907] MySQL on Windows bind-address Remote Connection Weakness
16494| [59906] MySQL on Windows Default Configuration Logging Weakness
16495| [59616] MySQL Hashed Password Weakness
16496| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
16497| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
16498| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
16499| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
16500| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
16501| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
16502| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
16503| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
16504| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
16505| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
16506| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
16507| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
16508| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
16509| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
16510| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
16511| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
16512| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
16513| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
16514| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
16515| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
16516| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
16517| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
16518| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
16519| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
16520| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
16521| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
16522| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
16523| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
16524| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
16525| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
16526| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
16527| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
16528| [52464] MySQL charset Column Truncation Weakness
16529| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
16530| [52378] Cisco ANM MySQL root Account Default Password
16531| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
16532| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
16533| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
16534| [50892] MySQL Calendar index.php username Parameter SQL Injection
16535| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
16536| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
16537| [48710] MySQL Command Line Client HTML Output XSS
16538| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
16539| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
16540| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
16541| [47789] mysql-lists Unspecified XSS
16542| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
16543| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
16544| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
16545| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
16546| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
16547| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
16548| [43179] MySQL Server BINLOG Statement Rights Checking Failure
16549| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
16550| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
16551| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
16552| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
16553| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
16554| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
16555| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
16556| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
16557| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
16558| [39279] PHP mysql_error() Function XSS
16559| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
16560| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
16561| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
16562| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
16563| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
16564| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
16565| [37782] MySQL Community Server External Table View Privilege Escalation
16566| [37781] MySQL ALTER TABLE Information Disclosure
16567| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
16568| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
16569| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
16570| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
16571| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
16572| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
16573| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
16574| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
16575| [36251] Associated Press (AP) Newspower Default MySQL root Password
16576| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
16577| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
16578| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
16579| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
16580| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
16581| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
16582| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
16583| [33974] MySQL information_schema Table Subselect Single-Row DoS
16584| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
16585| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
16586| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
16587| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
16588| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
16589| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
16590| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
16591| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
16592| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
16593| [32056] BTSaveMySql Direct Request Config File Disclosure
16594| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
16595| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
16596| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
16597| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
16598| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
16599| [29696] MySQLDumper sql.php db Parameter XSS
16600| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
16601| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
16602| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
16603| [28288] MySQL Instance_options::complete_initialization Function Overflow
16604| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
16605| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
16606| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
16607| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
16608| [28012] MySQL Case Sensitivity Unauthorized Database Creation
16609| [27919] MySQL VIEW Access information_schema.views Information Disclosure
16610| [27703] MySQL MERGE Table Privilege Persistence
16611| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
16612| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
16613| [27416] MySQL Server time.cc date_format Function Format String
16614| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
16615| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
16616| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
16617| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
16618| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
16619| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
16620| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
16621| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
16622| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
16623| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
16624| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
16625| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
16626| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
16627| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
16628| [25595] Apple Mac OS X MySQL Manager Blank root Password
16629| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
16630| [25227] MySQL COM_TABLE_DUMP Packet Overflow
16631| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
16632| [24245] Cholod Mysql Based Message Board Unspecified XSS
16633| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
16634| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
16635| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
16636| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
16637| [23526] MySQL Query NULL Charcter Logging Bypass
16638| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
16639| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
16640| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
16641| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
16642| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
16643| [22479] PHP mysqli Extension Error Message Format String
16644| [22232] PHP Pipe Variable mysql_connect() Function Overflow
16645| [21685] MySQL Auction Search Module keyword XSS
16646| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
16647| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
16648| [19457] aMember Pro mysql.inc.php Remote File Inclusion
16649| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
16650| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
16651| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
16652| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
16653| [18896] MySQL User-Defined Function init_syms() Function Overflow
16654| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
16655| [18894] MySQL drop database Request Remote Overflow
16656| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
16657| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
16658| [18406] MySQL Eventum releases.php SQL Injection
16659| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
16660| [18404] MySQL Eventum custom_fields.php SQL Injection
16661| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
16662| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
16663| [18401] MySQL Eventum list.php release Parameter XSS
16664| [18400] MySQL Eventum view.php id Parameter XSS
16665| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
16666| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
16667| [17223] xMySQLadmin Symlink Arbitrary File Deletion
16668| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
16669| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
16670| [16056] Plans Unspecified mySQL Remote Password Disclosure
16671| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
16672| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
16673| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
16674| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
16675| [14748] MySQL MS-DOS Device Names Request DoS
16676| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
16677| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
16678| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
16679| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
16680| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
16681| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
16682| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
16683| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
16684| [12919] MySQL MaxDB WebAgent websql Remote Overflow
16685| [12779] MySQL User Defined Function Privilege Escalation
16686| [12609] MySQL Eventum projects.php Multiple Parameter XSS
16687| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
16688| [12607] MySQL Eventum forgot_password.php email Parameter XSS
16689| [12606] MySQL Eventum index.php email Parameter XSS
16690| [12605] MySQL Eventum Default Vendor Account
16691| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
16692| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
16693| [11689] Roxen Web Server MySQL Socket Permission Weakness
16694| [10985] MySQL MATCH..AGAINST Query DoS
16695| [10959] MySQL GRANT ALL ON Privilege Escalation
16696| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
16697| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
16698| [10658] MySQL mysql_real_connect() Function Remote Overflow
16699| [10532] MySQL MaxDB webdbm Server Field DoS
16700| [10491] AWS MySQLguest AWSguest.php Script Insertion
16701| [10244] MySQL libmysqlclient Prepared Statements API Overflow
16702| [10226] MySQLGuest AWSguest.php Multiple Field XSS
16703| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
16704| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
16705| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
16706| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
16707| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
16708| [9907] MySQL SELECT Statement String Handling Overflow
16709| [9906] MySQL GRANT Privilege Arbitrary Password Modification
16710| [9509] teapop MySQL Authentication Module SQL Injection
16711| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
16712| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
16713| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
16714| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
16715| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
16716| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
16717| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
16718| [8886] MySQL libmysqlclient Library read_one_row Overflow
16719| [8885] MySQL libmysqlclient Library read_rows Overflow
16720| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
16721| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
16722| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
16723| [7128] MySQL show database Database Name Exposure
16724| [6716] MySQL Database Engine Weak Authentication Information Disclosure
16725| [6605] MySQL mysqld Readable Log File Information Disclosure
16726| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
16727| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
16728| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
16729| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
16730| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
16731| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
16732| [520] MySQL Database Name Traversal Arbitrary File Modification
16733| [380] MySQL Server on Windows Default Null Root Password
16734| [261] MySQL Short Check String Authentication Bypass
16735#######################################################################################################################################
16736[INFO] ------TARGET info------
16737[*] TARGET: https://freeflorida.org/
16738[*] TARGET IP: 192.185.138.18
16739[INFO] NO load balancer detected for freeflorida.org...
16740[*] DNS servers: ns903.websitewelcome.com.
16741[*] TARGET server: Apache
16742[*] CC: US
16743[*] Country: United States
16744[*] RegionCode: TX
16745[*] RegionName: Texas
16746[*] City: Houston
16747[*] ASN: AS46606
16748[*] BGP_PREFIX: 192.185.128.0/18
16749[*] ISP: UNIFIEDLAYER-AS-1 - Unified Layer, US
16750[INFO] SSL/HTTPS certificate detected
16751[*] Issuer: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
16752[*] Subject: subject=CN = freeflorida.org
16753[ALERT] Let's Encrypt is commonly used for Phishing
16754[INFO] DNS enumeration:
16755[*] ftp.freeflorida.org freeflorida.org. 192.185.138.18
16756[*] mail.freeflorida.org freeflorida.org. 192.185.138.18
16757[*] new.freeflorida.org 192.185.138.18
16758[*] webmail.freeflorida.org 192.185.138.18
16759[INFO] Possible abuse mails are:
16760[*] abuse@freeflorida.org
16761[*] abuse@websitewelcome.com
16762[*] eig-abuse@endurance.com
16763[INFO] NO PAC (Proxy Auto Configuration) file FOUND
16764[ALERT] robots.txt file FOUND in http://freeflorida.org/robots.txt
16765[INFO] Checking for HTTP status codes recursively from http://freeflorida.org/robots.txt
16766[INFO] Status code Folders
16767[INFO] Starting FUZZing in http://freeflorida.org/FUzZzZzZzZz...
16768[INFO] Status code Folders
16769[ALERT] Look in the source code. It may contain passwords
16770[INFO] Links found from https://freeflorida.org/ http://192.185.138.18/:
16771[*] http://192.185.138.18/404.html
16772[*] http://coolchange.net/discussions/index.html
16773[*] http://freeflorida.org/
16774[*] http://freeflorida.org/contact.html
16775[*] http://freeflorida.org/corebeliefs.html
16776[*] http://freeflorida.org/ffi.html
16777[*] http://freeflorida.org/florida_republic.html
16778[*] http://freeflorida.org/great_divide.html
16779[*] http://freeflorida.org/islamic_invasion.html
16780[*] http://freeflorida.org/kithandkin.html
16781[*] http://freeflorida.org/league_theocracy.html
16782[*] http://freeflorida.org/Media-1.html
16783[*] http://freeflorida.org/noliberty.html
16784[*] http://freeflorida.org/reform.html
16785[*] http://freeflorida.org/repeal/
16786[*] http://freeflorida.org/secession/
16787[*] http://freeflorida.org/southern_nation.html
16788[*] http://freeflorida.org/states_rights1.html
16789[*] http://freeflorida.org/strategy.html
16790[*] http://freeflorida.org/thefederalflag.html
16791[*] http://freeflorida.org/thepledge.html
16792[*] http://freeflorida.org/whatistheleague.html
16793[*] http://leagueofthesouth.com/
16794[*] https://confederatetn.org/comments/feed/
16795[*] https://confederatetn.org/feed/
16796[*] https://confederatetn.org/osd.xml
16797[*] https://connect.freeflorida.org/
16798[*] https://connect.freeflorida.org/product-category/merchandise/
16799[*] https://connect.freeflorida.org/product-category/merchandise//
16800[*] https://freeflorida.org/
16801[*] https://freeflorida.org/archives/florida-politicians-disrespect-will-of-voters-on-amendment-4.html
16802[*] https://freeflorida.org/archives/florida-politicians-play-sneaky-with-immigration.html
16803[*] https://freeflorida.org/chipin/join.html
16804[*] https://freeflorida.org/chipin/support.html
16805[*] https://freeflorida.org/#content
16806[*] https://s1.wp.com/opensearch.xml
16807[*] https://www.facebook.com/plugins/like.php?href=http://freeflorida.org&width=300&layout=standard&action=like&size=large&show_faces=true&share=true&height=80&appId
16808[*] https://www.goodsearch.org/?charityid=826416
16809[*] http://thesnc.org/
16810[*] http://www.buysouthern.info/
16811[*] http://www.coffeecamp.org/
16812[*] http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/RestoringFloridasSovereignty&width=350&colorscheme=light&show_faces=false&border_color&stream=false&header=false&height=80
16813cut: intervalle de champ incorrecte
16814Saisissez « cut --help » pour plus d'informations.
16815[INFO] Shodan detected the following opened ports on 192.185.138.18:
16816[*] 1
16817[*] 143
16818[*] 2
16819[*] 2082
16820[*] 2083
16821[*] 2086
16822[*] 2087
16823[*] 2222
16824[*] 25
16825[*] 3306
16826[*] 4
16827[*] 443
16828[*] 53
16829[*] 587
16830[*] 6
16831[*] 80
16832[*] 995
16833[INFO] ------VirusTotal SECTION------
16834[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
16835[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
16836[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
16837[INFO] ------Alexa Rank SECTION------
16838[INFO] Percent of Visitors Rank in Country:
16839[INFO] Percent of Search Traffic:
16840[INFO] Percent of Unique Visits:
16841[INFO] Total Sites Linking In:
16842[*] Total Sites
16843[INFO] Useful links related to freeflorida.org - 192.185.138.18:
16844[*] https://www.virustotal.com/pt/ip-address/192.185.138.18/information/
16845[*] https://www.hybrid-analysis.com/search?host=192.185.138.18
16846[*] https://www.shodan.io/host/192.185.138.18
16847[*] https://www.senderbase.org/lookup/?search_string=192.185.138.18
16848[*] https://www.alienvault.com/open-threat-exchange/ip/192.185.138.18
16849[*] http://pastebin.com/search?q=192.185.138.18
16850[*] http://urlquery.net/search.php?q=192.185.138.18
16851[*] http://www.alexa.com/siteinfo/freeflorida.org
16852[*] http://www.google.com/safebrowsing/diagnostic?site=freeflorida.org
16853[*] https://censys.io/ipv4/192.185.138.18
16854[*] https://www.abuseipdb.com/check/192.185.138.18
16855[*] https://urlscan.io/search/#192.185.138.18
16856[*] https://github.com/search?q=192.185.138.18&type=Code
16857[INFO] Useful links related to AS46606 - 192.185.128.0/18:
16858[*] http://www.google.com/safebrowsing/diagnostic?site=AS:46606
16859[*] https://www.senderbase.org/lookup/?search_string=192.185.128.0/18
16860[*] http://bgp.he.net/AS46606
16861[*] https://stat.ripe.net/AS46606
16862[INFO] Date: 25/11/19 | Time: 13:18:47
16863[INFO] Total time: 1 minute(s) and 51 second(s)
16864#######################################################################################################################################
16865 Anonymous JTSEC #OpDomesticTerrorism Full Recon #6